ddos - Sysadmins of the North

Protect WordPress from brute-force XML-RPC attacks

The WordPress XML-RPC API has been under attack for many years. Back in August 2014, WordPress released version 3.9.2, fixing a possible denial of service issue in PHP’s XML processing. There are brute-force amplification attacks, reported by Sucuri, and so on. So, how do you protect WordPress from these xmlrpc.php attacks, optionally still being able to use (some of) its functionality like Jetpack? This post gives you some insights.

Published on Friday, 2 June 2017

Joomla websites abused as open proxy for Denial-of-Service attacks

Joomla websites using the Googlemaps plugin for Joomla are actively abused as open proxy for launching Denial-of-Service (DoS) attacks. Even though the Googlemaps plugin vulnerability plugin_googlemap2_proxy.php was released over one and a half (1,5) years ago, I still see these DoS-attacks happening on a regular basis...

Published on Sunday, 16 November 2014

Increase in SQL injection attacks

Since a week or so, I notice a huge increase in SQL injection attacks on various websites. Anyone else seeing the same SQL injection attacks lately? This increased SQL injection activity - on various web sites and databases - has the following characteristics:

Published on Thursday, 7 August 2014

MySQL sleep() attacks

MySQL sleep() command injection attacks: how not validating your PHP user input can lead to Denial of Service (DoS) attacks against websites and back-end database servers. Simply by putting "AND sleep(3)" in the address bar... Here is how to put a MySQL server to sleep, happy SQL injection!

Published on Tuesday, 5 August 2014

Mod_evasive on IIS

Website DDoS protection with mod_evasive. Mod_evasive is a module for Apache and Windows Server IIS (using Helicon Ape). It provides protection and evasive action in the event of an HTTP DoS-, DDoS or brute force attack. Detection is performed by creating an internal dynamic hash table of IP Addresses and URIs, and denies an IP address access to a website if it's requesting the same page more than 10 times a second. This is configurable.

Published on Thursday, 24 July 2014

Huge increase in WordPress xmlrpc.php POST requests

WordPress xmlprc.php DDoS and brute-force attacks. How to identify, block, mitigate and leverage these xmlrpc.php scans, brute-force, and user enumeration attacks on WordPress sites... Secure WordPress xmlprc.php interface and reduce service disruption.

Published on Monday, 7 July 2014

windows-server (96) iis (80) powershell (76) php (54) wordpress (45) mysql (36) windows (34) performance (28) linux (23) web.config (23) Website (22) htaccess (20) aspnet (19) url-rewrite-module (19) sql-server (18) bash (18) optimization (18) ssl (17) plugin (13) windows-10 (12) devops (11) monitoring (11) security (10) gnu-linux (10) appcmd (10) wsl (9) smtp (9) wincache (9) wmi (8) zabbix (8) windows-update (8) opcache (8) openssh (7) database (7) dism (7) iis-60 (7) sysops (6) wsus (6) apache (6) hyper-v (6) virtualization (6) spam (6) functions-php (6) classic-asp (6) ddos (6) password (5) email (5) active-directory (5) joomla (5) command-line (5) application-pool (5) blacklist (5) t-sql (4) wql (4) https (4) group-policy (4) backup (4) connector-net (4) debug (4) logparser (4) network-adapter (4) dns (4) query_cache (4) ghost (4) iisnode (4) node-js (4) vbscript (3) umbraco (3) windows-firewall (3) brute-force (3) ftp (3) postfix (3) forensics (3) benchmark (3) xss (3) disk-cleanup (3) disk-space (3) sql-injection (3) openssl (2) net-core (2) visual-studio (2) windows-defender (2) rdp (2) connector-odbc (2) c (2) mysqldump (2) xml-rpc (2) smb (2) cross-site-scripting (2) innodb (2) httpbl (2) centos (2) magento (2) denial-of-service (2) deployment (2) windows-deployment-services (2) mysqli (2) open-xchange (2) waf (2) web-application-firewall (2) windows-11 (1) ipv6 (1) networking (1) sqlce (1) tinymce (1) Prianha-CMS (1) kvm (1) http-3 (1) quic (1) wmsvc (1) database-mirroring (1) service-principal-names (1) spn (1) jetpack (1) api (1) kms (1) elasticsearch (1) red-hat (1) varnish-cache (1) dhcp (1) jquery (1)