Using GeoIP.dat and Apache on cPanel / WHM to block 75,000+ attacks on wp-login.php in one day

After yet another brute-force attack on our servers hosting WordPress sites today I finally decided it was time to take some drastic action.  There are a number of different approaches you can take, this is what I did to block literally over 75,000 attacks against wp-login.php today. Step 1: Install the GeoIP database and Apache module Step […]

WordPress 3.0.2 released (security update)

WordPress 3.0.2 has just been released. Announcement here: http://wordpress.org/news/2010/11/wordpress-3-0-2/ This is a security release, so you should definitely upgrade your installations of WordPress!

Fix for Twitter Tools open_basedir error

If you’re like me you’ve been using the excellent Twitter Tools plugin for WordPress for a while now. Recently a client noticed that there was a sporadic error being shown that was similar to this: Warning: require_once() [function.require-once]: open_basedir restriction in effect. File(twitteroauth.php) is not within the allowed path(s): (/home/fern:/usr/lib/php:/usr/local/lib/php:/tmp) in /home/fern/public_html/wp-content/plugins/twitter-tools/twitter-tools.php on line 1516 […]

How to disallow browsing of .svn directories on your server

If you deploy projects live out of Subversion repositories to public web servers, here’s a good tip for denying access to the .svn directories to keep people from snooping around your files. Edit your global Apache config file (httpd.conf) or .htaccess file to include the following directive: # Disallow any .svn directory browsing <directory ~ […]

How to check if your DNS server is vulnerable to the recently discovered DNS exploit

In case you’ve missed the recent news about the major DNS exploit problem and haven’t checked to see if your DNS server is vulnerable, this site has a checker that will test to see if your DNS server appears to be patched or not. Recently, a significant threat to DNS, the system that translates names […]

Why you should upgrade your WordPress installation to version 2.6 (just released) today

First, the good news: Matt & his brave crew of WordPress coders have just released version 2.6 of the Open Source award-winningly awesome content management system called WordPress (download it here). I’ve been using it since it was called b2, and love it. I recommend it for most of my clients, and they love the […]

Vote Republican and keep these awesomely INSANE TSA rules in place!

TSA: Republican Fear Machine I am not making this shit up. This is not a post from the The Onion. This is an actual, U.S. taxpayer funded policy, implemented by the Republicans to “protect” us from… our fresh breath? You can now bring toothpaste on board an airplane, in the United States, AS LONG AS […]

Schneier on Security: What the Terrorists Want

I’d like everyone to take a deep breath and listen for a minute. The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not […]

Welcome to your future if you don’t think and do the right(TM) thing.

THIS IS SO FUCKED UP. Peacful protesters sitting on the ground in circles getting systematically broken up by police in riot gear basically pulling them up by sticking their fingers right under the jaw. Hard. FUCKED UP. Nice American style justice. Keep the dissenters quiet. Video of Police Brutality Not sure which the more disturbing […]

US-CERT RSS Channels

Was working on getting the Securanix site back up after a server change and finally fixed the CERT RSS feed (they had changed their url). US-CERT RSS Channels US-CERT Channels US-CERT publishes a number of XML RSS 1.0 feeds containing headlines about recently published US-CERT documents. RSS, or RDF Site Summary, allows web publishers to […]