A digital ocean of bots

Last week I noticed yet another ongoing brute-force attack against our managed WordPress hosting. The botnet is very low key and each bot connects on average only once per day. Up until now, I’ve collected in the ballpark of 3100 unique bots.

Continue reading

How to enable TLS 1.3 on Gentoo Linux

I figured it was about time for this Gentoo powered blog to enjoy the security and performance enhancements provided by TLSv1.3. However, that meant leaving “Gentoo stable” behind and travel on a journey of discovery into the land of the unmasked and dangerous.

Continue reading

An insignificant WordPress brute-force attack

Earlier this week I noticed a minor brute-force attack against our managed WordPress hosting. The attack lasted for 72 hours and deployed around 2000 unique bots. The botnet attempted on average 100 logins per hour while rotating bots to avoid triggering our automatic defense systems.

Continue reading

How to remove Facebook’s fbclid parameter using mod_rewrite on Apache 2.4

I was unaware that Facebook recently had started to add a unique click identifier to all outbound links on facebook.com. Coincidentally, one of the security measures of this server is to disallow query strings as part of the URL. Thus, any visitors coming over from Facebook were suddenly blocked and banned on sight.

Continue reading

How to subscribe to a Slackware Linux mailing list

A while back I lost access to the email address with which I had subscribed to the slackware-security mailing list. This does not please Bob, so today I logged into my webmail account and sent along a new request to join slackware-security and slackware-announce. The response I got in return gave me a good laugh and a swift feel of nostalgia.

Continue reading

Migrating from LastPass to KeePassXC

I’ve never really felt all that good about storing my passwords on the public cloud, but after we started using LastPass at work I somehow got lulled into adopting it for personal use as well.

Continue reading

Gentoo – Tor 0.3.4.9 stable on amd64

So why is this release noteworthy? Well, I experienced an issue with the previous release (Tor 0.3.4.7) where I was unable to get sandboxing to work due to the following error:

(Sandbox) Caught a bad syscall attempt (syscall openat)
...

Continue reading

Another year of hosting an onion site

The highly anticipated continuation of last year’s riveting tale of fear and loathing on the dark web. I hereby offer a full disclosure of attack patterns observed against my onion and my WordPress installation, respectively.

Continue reading

Gentoo – ModSecurity 2.9.1 lands in stable on amd64

Gentoo developers recently marked mod_security-2.9.1 and modsecurity-crs 3.0.2 as stable on amd64, thus allowing me to move on from the dormant ModSecurity 2.7.7 release. Good thing I got this update on a Sunday though as it turned out to be more than a simple drop in replacement.

Continue reading

This website is IPv6 ready

As of today, this modest Gentoo VPS is finally available over IPv6. I’ve been putting off this move for a while as I needed to make sure that my services were correctly configured for IPv6.

Continue reading