Blocking WordPress Pingback Verification DDoS

Recently one of the websites I host has come under a few reasonably sized DDoS attacks. The attacker has been (mis)using a WordPress feature, pingback verfications. The attacker sends requests to WordPress sites that have this feature enabled, the WordPress sites then send a HTTP request to the target site to verify the pingback. If […]

Nginx + Google Pagespeed Debian Package

The normal Debian mirrors do not carry the nginx package with the Google Pagespeed Module. These instructions will allow you to create your own package that includes Pagespeed. The nginx package is from wheezy-backports which has a newer copy of nginx than the normal wheezy repo, remove -backports from any commands you run if you […]

WordPress Basic Uploader

In the past two weeks or so I have seen a large amount of basic PHP uploaders that are being found on WordPress sites. The common theme in each of the hacks I have seen is that the admin password has either been reset or stolen. The admin password is used to access the theme […]

Fake WordPress Plugins

Over the last two days I have seen an increasing number of fake Wordress plugins which are actually not plugins but PHP scripts that attempt to join a botnet that is currently being used for DDoS attacks. So far the only common link I can see on all sites is that they are old vulnerable […]

StartSSL certificates with Apache mod_ssl

I have been using StartSSL for free SSL certificates for a while. They are great for personal projects – they are trusted by every device I have tried so far and they are issued almost immediately. You can test if the certificate is trusted by accessing this post as https – click here. Note that […]