The other day I got an automated alert from our managed WordPress hosting service, notifying me of an issue with resource exhaustion for a virtual site. Upon closer inspection, I discovered that the adversary was not your everyday aimless botnet, but something darker, and far more sinister.
In preparation for my move from WordPress to Hugo, I read a few blog posts on the subject to make sure I wouldn’t run into a brick wall. After all, Google had already indexed over 3000 posts covering the subject in detail so what could possibly go wrong?
Last week I noticed yet another ongoing brute-force attack against our managed WordPress hosting. The botnet is very low key and each bot connects on average only once per day. Up until now, I’ve collected in the ballpark of 3100 unique bots.
Earlier this week I noticed a minor brute-force attack against our managed WordPress hosting. The attack lasted for 72 hours and deployed around 2000 unique bots. The botnet attempted on average 100 logins per hour while rotating bots to avoid triggering our automatic defense systems.
I was unaware that Facebook recently had started to add a unique click identifier to all outbound links on facebook.com. Coincidentally, one of the security measures of this server is to disallow query strings as part of the URL. Thus, any visitors coming over from Facebook were suddenly blocked and banned on sight.
Even though I really enjoy the new Gutenberg experience from a content creator’s point of view, I’ve come to the conclusion that it’s not the right editor for me. My dear Gutenberg, it’s not you, it’s me.
I’m currently experimenting with a few rule conditions to explicitly whitelist the resources I want clients to be able to retrieve on my server. The initial target for this exercise was my onion site which has an issue with misbehaving (poorly written) Tor bots, but I thought it would be fun to extend the experiment to paranoidpenguin.net.
I decided I wanted to host my WordPress installation as a hidden service on Tor instead of backporting all my existing content to Hugo. I previously ran Hugo on my onion site and even though I still want to make that move eventually, for now, I’m sticking with what I already know. Besides, putting arguably the worst content management system ever invented on the dark web seemed like a fun venture.
That tag “stuff” is not working on our corporate website, please fix asap the costumer complained. Sure, will do immediately I replied confidently, believing this to be a simple matter of purging some old cache or refreshing permalinks. Sadly that was not to be the case so I ended up having to get my hands dirty. To my absolute horror, the site was running one of those godawful themeforest themes.
Looking through my server logs I noticed how Baidu’s web spider was causing an unexpected redirect loop while trying to index an image attachment page. Since I deliberately redirect all attachment page requests to the actual post owning the attachment, I decided to take a closer look. The following request triggered the loop: