wordpress tagged posts

I have previously demonstrated how to protect wp-admin and wp-login files in word-press website.
I wanted to do more. Something like: Attacking those attackers.

What Crashes Browsers?
What crashes applications is what hackers call: Buffer Overflow Exploit. Hackers use them to take control of applications/browsers to gain full system access later on. More about buffer-overflows here.
We are not interested to take control of the attacker’s system; Although that will be very ‘cool’ – maybe the next stage? 😉
We are more interested to stop them i.e: Crash their browsers, fuzzing and brute-force tools.

Results.
Amazingly I was able to reduce attacks from 4000~ to around 70 only!

What is happening behind the scenes?

WordPress Permalinks create RESTful link style like: blog/category/sub-cat/post-title. These are not actual directories in your Apache DirectoryRoot hence you cannot just set a subdomain to point to a WP Permalinks via DocumentRoot /var/www/category/blog/bla/bla/bla.

In my case I was trying to set security.addaxsoft.com to point to addaxsoft.com/blog/security. Many methods failed and the only trick that worked resides in RewriteRules and WordPress URL Parameters.

1. Set new DNS A record. eg: security.addaxsoft.com some-IP-address
2. Set new VirtualHost in your apache config file as follow:
   <VirtualHost *:80>
ServerName security.addaxsoft.com
DocumentRoot /var/www/
RewriteEngine On
RewriteRule . /var/www/index.php?category_name=[YOUR CATEGORY NAME]
</VirtualHost>
3. Restart Apache and you’re good...