Increase in SQL injection attacks
Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity - on various web sites and databases - has the following characteristics:
MySQL sleep() attacks
MySQL sleep()
command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting "AND sleep(3)
" in the address bar... Here is how to put a MySQL server to sleep, happy SQL injection!
Send authenticated SMTP email over TLS from WordPress
How to configure TLS for SMTP email in WordPress. I was suprised WordPress is not able to send email using an SMTP server out-of-the-box. Not to mention using authenticated SMTP or TLS transport for security. A quick Google search showed me multiple plugins to handle this, but I wanted to create something myself. Here is how to override the wp-mail()
function and send email using authenticated SMTP and StartTLS from WordPress.