Sorry.. meant hextet.. not octet.. that's how angry I was.. hahaha..
IPv4 (4 octet)
IPv6 (8 hextets)
Side note, carry on...
DNS matters ... here is a song to help bring that point home.. seems like an appropriate time to share this..
Yesterday WoodCommerce patched a SQL vulnerability.. today we share what we can see https://noc.org/2021/07/15/serious-sqli-in-woocommerce/ #wordpress #security #webapplicationsecurity
Put some thoughts to virtual parchment on how I approach security with web applications..
It's less about the tools, and more about what a bad actors needs to be successful..
Great article by @danielcid showing live examples of how bad actors enumerate WordPress users then use XMLRPC to brute force WordPress sites. #security #wordpress good to see that some things have not changed... https://noc.org/2021/06/22/how-the-json-api-and-xmlrpc-are-used-for-brute-force-attacks-against-wordpress/
I realize it's always the WAF's fault, but what if it's not?
Ok, it is in this example.. but again, what if it's not?
Just some tips if you're ever having issues and trying to figure out where it's coming from before blaming the provider.
New feature at NOC allows you to optimize the relationship between the CDN and your cluster of origin servers..
How cool is that? Specifically designed for admins running GCE / AWS clusters for their origins and also using a CDN..
Got a couple things wrong in the original post, made some updates to account for those.
Automattics JetPack plugin overrides user defined controls to stop auto-updates...
Am I the only one that things there is so much wrong with this? https://noc.org/2021/06/03/automattics-jetpack-plugin-for-wordpress-abuses-user-defined-settings-calls-into-question-auto-updates/ #security #wordpress
Just exploring the Domain Name System (DNS) and ways it can be used to control what you see and how your domain performs... https://noc.org/2021/06/01/the-domain-name-system-dns/
Put together a new script to automate how I install my #ossec agents on my web servers... what else should I add? #linux #hids #security https://github.com/perezbox/script-public/blob/main/OSSEC/install-ossecagent.sh
New article by @dcid sharing some of what we're seeing at NOC as the platform comes alive .. old vulnerabilities are the fan favorite it seems... https://noc.org/2021/05/28/automated-attacks-against-wordpress-target-old-vulnerabilities/
Ok, if anyone is curious if this was resolved.. see here for how we got it to work: https://defragged.org/2021/05/25/error-1064-42000-at-line-1-passing-mysql-create-user-arguments-via-ssh/
That failed, so tried escaping the double quotes too:
ssh root@[ip address] 'mysql --user="root" --password="[pass]" --execute="CREATE USER 'foo2'@'localhost' IDENTIFIED BY 'mariadb';"'
This actually gets past the error, but doesn't create the user on the remote server..
Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.