Now that I’ve been running this blog on Gentoo Linux for a while, I’ve discovered a few new potential gotchas when failing to pay attention while interacting with Portage. The latest addition to my list was nearly removing my running PHP installation with emerge --depclean.
On the 18th of December Wordfence posted the following entry describing an ongoing distributed brute force-attack campaign targeting WordPress installations. It was accompanied by a dramatic chart highlighting the number of attacks per hour. According to Wordfence, it was the most aggressive campaign they’ve seen so far. However, as a WordPress hosting provider I’ve found no data to support these claims.
I’ve not experienced any increase in dictionary attacks or other malicious traffic against WordPress installations on our web hosting platform. Curiously enough, this would mark the first time that we have completely dodged such a large scale attack.
Having a strict content Content Security Policy (CSP) can be a useful addition for your website security. However, when running a content management system (CMS) like WordPress, you’re often forced to make a few a undesired compromises.
I’ve received a few hundred requests originating from bots setting site.ru as their referrer. These attacks are scanning for compromised WordPress installations and PHP based shells and backdoors. The attacking IP’s belong to compromised hosts and websites from service providers around the world.
I wanted to register a new domain name and decided to go with the privacy-aware domain registration service from Njalla. Unlike other domain registration services, Njalla actually purchases the domain for themselves and acquires full legal ownership and responsibility for the domain name. Njalla however grants you full control over the domain as long as you abide by their terms and conditions.
About one and a half months ago I experienced a lot of botnet traffic originating from major cloud providers including Microsoft Azure. Against my better judgment I decided to see if reporting a few bad IP’s to the MS CERT team would make a difference.
So you’ve patiently been waiting for the next Slackware release but eventually you’re considering making the move to Slackware-current. So what exactly is Slackware-current and what would be the pros and cons of switching from stable to -current.
My Raspberry Pi based hosting came to an abrupt end earlier this week as the RPi3 suddenly became unresponsive. Powering off and on the device resulted in an infinitive loop of I/O error messages. I’ve tried to recover the filesystem, but unfortunately my attempts proved to be unsuccessful.
I got the following ominous sounding message as I was about to fire up my Opera browser at the office today:
A short story detailing my experiences with hackers, SIGINT and the inherent depravity of humankind. In truth though, this story may lack all the aforementioned ingredients.
A year ago I decided to offer my visitors “absolute” privacy in the shape of a Tor hidden service. Believing others were as fed up as myself with the constant mining of our personal data, I was eager to see what kind of traffic my hidden service would receive.
During the last few days I’ve been noticing a major surge in botnet traffic probing for the infamous Apache Struts 2 exploit, popular database setup and configuration scripts and even some old school cgi-bin vulnerabilities. The traffic originates from compromised hosts with major cloud vendors like Microsoft Azure, DigitalOcean, Vultr, Linode and OVH.
Accessing internal services on paranoidpenguin.net using self-signed certificates does no longer work in my preferred browser due to HSTS preloading. Instead of actually fixing the issue (or wait for Let’s Encrypt to roll out wildcard certificates), I decided to be clever and work around the restriction by installing a more “forgiving” web browser.
I recently re-learned that moving code from one Linux distribution to another doesn’t always pan out as expected. Especially when that second distribution is Red Hat Enterprise Linux.
To start the weekend off with a bang my Apache webserver failed to revive after the log rotation service had issued a restart. I’m hosting this website on a Raspberry Pi 3 so my first concern is always memory card corruption and data loss. Thankfully those fears turned out to be unfounded, but what actually went down?
From the httpd error_log:
I decided I wanted to host my WordPress installation as a hidden service on Tor instead of backporting all my existing content to Hugo. I previously ran Hugo on my onion site and even though I still want to make that move eventually, for now, I’m sticking with what I already know. Besides, putting arguably the worst content management system ever invented on the dark web seemed like a fun venture.
Lately I’ve noticed a steady increase in the amount of referrer spam I’m getting, so I decided to see if there was a simple way to trap and ban these bots. The typical approach is usually to maintain a blacklist of domain names and deny them using mod_rewrite rules. The downside to this approach is the amount of time and effort that goes into maintaining your blacklist.
I recently bought a new Raspberry Pi 3 and installed Slackware ARM current (hard float) on it. My goal was to compare the performance of the hard float port against Slackware ARM 14.2 (soft float), which is currently powering this RPi3 hosted website.
That tag “stuff” is not working on our corporate website, please fix asap the costumer complained. Sure, will do immediately I replied confidently, believing this to be a simple matter of purging some old cache or refreshing permalinks. Sadly that was not to be the case so I ended up having to get my hands dirty. To my absolute horror, the site was running one of those godawful themeforest themes.
With the latest Red Hat release I experienced an issue with increasing the screen resolution above 1027×768. After checking out the VirtualBox forums, I found my answer and a solution to the issue.
So the annual “Slackware needs PAM and Kerberos” thread is going strong over at linuxquestions.org at the moment. This particular topic always seem to awaken a collective inferiority complex within the Slackware community, where users are aggressively refuting any claim that Slackware is not a viable choice for business use (you can do anything with some lines of bash right?…). At the opposite side you have users arguing that Slackware has become a niche hobbyist distribution due to its reluctance to implement mainstream technologies.