Enabling HSTS

HTTP Strict Transport Security is a very simple to deploy addition to HTTPS, it doesn’t enforce SSL itself but it uses pre-populated lists such as Google’s here.  Allowing clients browsers to check against, simply that the site only delivers …

DDoS on WordPress using the search feature

This fairly low tech DDoS can easily take down an under resourced WordPress website, what you will see in your logs is something like:

/?s=SwCGbtyTPFbgIy 19:02:40
/?s=rNiwiuFckGegR 19:02:49
/?s=SwCGbtyTPFbgIy 19:02:53
/?s=SwCGbtyTPFbgIy 19:02:56
/?s=SwCGbtyTPFbgIy 19:03:01
/?s=mYwyTaXVqvlW 19:03:12
/?s=SwCGbtyTPFbgIy 19:03:18
/?s=mYwyTaXVqvlW 19:03:22

CISSP CISM PMP