Search

Recent Posts

Tags

« Previous Entries Next Entries »

WordPress-Php hacking via plugin: relocate-upload.php

Monday, September 19th, 2011

Do you check your Apache/Web-Server logs for errors?  Today I noted: ~700  potentially malicious web requests in ~ 4 hours (and all requests failing for various reasons.) the same/similar request came from 5 countries. potential malicious/compromised hosts: 7. This appears to be a scan for a WordPress (non-core) plugin written in ~2009 – which some Continue reading →

Securing WordPress 3.x Multi-Site

Sunday, February 6th, 2011

WordPress 3.x is a dual-use Internet Publishing solution – use it for a single domain, host multiple sub-domains (or sub-folders) or host multiple, unique domains. Start with the foundation before getting into WordPress specific solutions – are each of your server base components up-to-date and secure as needed/possible?: Apache security: base configuration using a best Continue reading →

NFL Jersey Web Link-SPAM via Romania for China?

Tuesday, February 1st, 2011

The Internet is great at creating anonymous opportunities to connect – you don’t really know ‘who you are talking to’ unless you dig for information. Using GeoIP data (geographical pin-pointing based in IP address) as a basis for network filtering has some ‘holes’ – it is possible for network activity to present ‘false’ (or at Continue reading →

Recent WordPress Plugin ‘scans’

Monday, January 31st, 2011

I am sure that most folks managing WordPress sites pay attention to their web server ERROR logs.  I came across this set of very specific scans for WordPress plugins – I suspect that either some entity was simply ‘researching’ the use of these OR that these plugins may have some security concerns (this is un-confirmed) Continue reading →

Apache mod_security testing examples

Monday, November 8th, 2010

Testing mod_security rules can be tricky, i.e. things work well in ‘testing’ but you encounter a ‘whoops’ in production.  Hmm.  Figuring out what is different can be a bear.  Note that this discussion presumes that you already have mod_security installed and working… Scenario one – including a special test configuration </Location /some_web_folder/> ## used for Continue reading →

« Previous Entries Next Entries »

________________________________________________
YOUR GeoIP Data | Ip: 73.21.121.1
Continent: NA | Country Code: US | Country Name: United States
Region: | State/Region Name: | City:
(US only) Area Code: 0 | Postal code/Zip:
Latitude: 38.000000 | Longitude: -97.000000
Note - if using a mobile device your physical location may NOT be accurate...
________________________________________________

Georgia-USA.Com - Web Hosting for Business
____________________________________