wordpress tagged posts

Attacking Attackers to Protect a WordPress Website

I have previously demonstrated how to protect wp-admin and wp-login files in word-press website.
I wanted to do more. Something like: Attacking those attackers.

What Crashes Browsers?
What crashes applications is what hackers call: Buffer Overflow Exploit. Hackers use them to take control of applications/browsers to gain full system access later on. More about buffer-overflows here.
We are not interested to take control of the attacker’s system; Although that will be very ‘cool’ – maybe the next stage? ūüėČ
We are more interested to stop them i.e: Crash their browsers, fuzzing and brute-force tools.

Amazingly I was able to reduce attacks from 4000~ to around 70 only!

What is happening behind the scenes?

Read More

Apache Virtualhost to WordPress Permalinks

WordPress Permalinks create RESTful link style like: blog/category/sub-cat/post-title. These are not actual directories in your Apache DirectoryRoot hence you cannot just set a subdomain to point to a WP Permalinks via DocumentRoot /var/www/category/blog/bla/bla/bla.

In my case I was trying to set security.addaxsoft.com to point to addaxsoft.com/blog/security. Many methods failed and the only trick that worked resides in RewriteRules and WordPress URL Parameters.

  1. Set new DNS A record. eg: security.addaxsoft.com some-IP-address
  2. Set new VirtualHost in your apache config file as follow:
    <VirtualHost *:80>
    ServerName security.addaxsoft.com
    DocumentRoot /var/www/
    RewriteEngine On
    RewriteRule . /var/www/index.php?category_name=[YOUR CATEGORY NAME]
  3. Restart Apache and you’re good...
Read More