security - Read For Learn

Moving wp-config.php outside root folder where we have multiple wordpress websites for enhanced security [duplicate]

Move wp-config.php to its new location somewhere above “public_html” and add a new “skeleton” wp-config.ph in the WordPress directory e.g. <?php include(‘/dir_above_public_html/priv-applecom/wp-config.php’); ?> The wp-config.php script is included by other WordPress files. So to include this from a non default location we can simply 1. move our “real” wp-config from the WordPress directory to where … Read more

SSH keypair generation: RSA or DSA?

RSA is generally preferred (now that the patent issue is over with) because it can go up to 4096 bits, where DSA has to be exactly 1024 bits (in the opinion of ssh-keygen). 2048 bits is ssh-keygen‘s default length for RSA keys, and I don’t see any particular reason to use shorter ones. (The minimum … Read more

Why should I firewall servers?

Advantages of firewall: You can filter outbound traffic. Layer 7 firewalls (IPS) can protect against known application vulnerabilities. You can block a certain IP address range and/or port centrally rather than trying to ensure that there is no service listening on that port on each individual machine or denying access using TCP Wrappers. Firewalls can … Read more

How can I implement ansible with per-host passwords, securely?

You’ve certainly done your research… From all of my experience with ansible what you’re looking to accomplish, isn’t supported. As you mentioned, ansible states that it does not require passwordless sudo, and you are correct, it does not. But I have yet to see any method of using multiple sudo passwords within ansible, without of … Read more

Who updates the wp-admin/core file?

There is no ‘core’ file in WP core files. So if there is such file, you don’t have access to it and it gets modified, then you should be really concerned. My guess would be that it’s some malware/backdoor script. And since it’s created by server script, then there is a chance you can’t access … Read more

How to distinguish between a hack and an encoding error?

If you have checked your database entry of the page/article, you will see that it is a issue on Database side, or by any means there was restoring going on because of the crash, that could be an issue or a restoring plugin/script with a bug why a simple character as ‘ gets messed up. … Read more

Restrict Access without Creating Users

I believe you are on track; add a parameter to the URL that you can test on page-load. You could create a GUID and add a table to the database where you store the email address and the GUID; this will make guessing parameters almost impossible. You could also add a timestamp to the table … Read more

I am under DDoS. What can I do?

You are experiencing a denial of service attack. If you see traffic coming from multiple networks (different IPs on different subnets) you’ve got a distributed denial of service (DDoS); if it’s all coming from the same place you have a plain old DoS. It can be helpful to check, if you are able; use netstat … Read more

Possible to change email address in keypair?

I’ve created an RSA keypair that I used for SSH, and it includes my email address. (At the end of the public key.) That part of an ssh key is just a comment. You can change it to anything you want at any time. It doesn’t even need to be the same on different servers. … Read more

Heartbleed: What is it and what are options to mitigate it?

First, before freaking out, be sure that you understand whether or not this vulnerability actually applies to you. If you have a server, but have never actually had any applications using TLS, then this is not a high-priority thing for you to fix. If, on the other hand, you have ever had TLS-enabled applications, well … Read more

+ More