Archive for the ‘Housekeeping’ Category.

« Previous Entries

WordPress Default Database Prefix

January 16, 2012, 10:08 pm

One of the recommended security measures for WordPress is to change the default database prefix.   When you use the default setting, hackers can more easily perform SQL injection attacks.   The easy way to avoid this is to change the prefix before installing WordPress for the first time.   If you forget to do this, you can either do this manually with vi, sftp, and phpmyadmin or you can use a plugin to make the changes.   I went the manual way.   I followed instructions from digwp but I also doublechecked those instructions with several other sites.

This post largely exists as a test post to verify posting, at least, still works.   If you see anything else broken, please let me know.

I use Incapsula to protect the site.   SQL Injection protection is included in their free protections.   Nevertheless, I finally decided the risk was worth the limited reward.

Tags:
Category: Housekeeping  |  2 Comments

Incapsula

August 1, 2011, 12:21 am

I decided to give Incapsula a try to improve webserver performance and security.  Incapsula is a cloud based service similar to Cloudfare that acts as a caching and security proxy for your website.   In doing so it acts as a quasi-CDN (Content Delivery Network).   I had looked at one of the popular WordPress Cache plugins, and realized that if this works, it would be much easier to implement.  

As part of this change, I had move my authoritative DNS servers from Dreamhost to dyndns.    Unfortunately Dreamhost provided DNS servers don’t allow me to change any records they create.   In order to change the A record for infosecblog.org and www.infosecblog.org, I would have to discontinue hosting my site with them.   There should be an option to say, “I Know what I’m doing” and override that.    Or better yet provide checkbock integration with these types of services.    If it delivers as advertised, it will only remove burden from their servers.

I expect to be posting a follow-up in a few weeks.   This is more or less a housekeeping post to let you know there have been some changes.   So let me know if you spot anything broken.

Tags:
Category: Housekeeping  |  2 Comments

WordPress 3.2 released

July 5, 2011, 11:41 pm

I upgraded to WordPress 3.2 tonight.   That is bad news for the site visitors still running IE6.   This is a security site, so I have to assume that the visitors with a IE6 user agent are bots or crawlers.   I’ll have to watch for odd search results for the blog showing the “browse happy” hijack rather than the real site.

Thinking of changing the theme.   I would rather have a theme that works natively with most post formats.    On the other hand, WordPress’s default Twenty Eleven theme results in the content on my front page being “below the fold”.

Let me know if you see anything broken.

Category: General, Housekeeping  |  Comment

WordPress 3.0.2 released

December 2, 2010, 2:12 am

WordPress has released version 3.0.2 to address a privilege escalation user  for users having author access.   Upgrading is recommended by the vender even if you don’t have untrusted authors.

The upgrade went smoothly on this blog.  But on another blog, the update didn’t complete and the blog was stuck in maintenance mode.   After taking care of that (delete .maintenance), I had to reinstall the update.   I found not every file was updated successfully on the first attempt.

As always with WordPress updates, take a backup, and disable all plugins before the update.

After the update, you’ll want to review any security steps you’ve previously done.   The update added a readme.html back to the root directory.   Most recommend deleting that as it contains the WP version.  In my case there are many other areas where the version is leaked so I don’t think that is such a big deal.   Just always update when a new version is out.

Tags: ,
Category: Housekeeping  |  4 Comments

Tynt

July 11, 2010, 1:32 am

I installed Tynt Insight on here tonight.   Tynt is JavaScript on the webpage that tracks when cut and paste is used on the page.  More importantly it adds attribution.   Generally when I’m copying a couple of sentences to quote in a blog post I have to grab the URL separately.   This makes it a one step process, so attribution is more likely.  

So if I have written:

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi.

When that is copied and pasted it will look like

Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi.

Read more:  http://www.infosecblog.org/apage.html#ixzz0JSUnUmvQ 

 I saw it in use on Wired and really wanted it, so I tracked down what they were using and then did some more searching.   I see some people think it’s really obnoxious.   I think it just helps people attribute properly, and isn’t in your face otherwise.

There are WordPress plugins to add Tynt so I don’t even have to edit the theme.  So far easy as pie.  

 If you think Tynt is creepy there is a opt out available at their site.

Tags: ,
Category: Housekeeping  |  Comment

Pardon Our Dust

June 5, 2010, 9:51 pm

I decided to move over to WordPress. 

Currently I’m working on keeping things up and running with a minimum of 404s.  Once all of that is cleared away I’ll be looking for something besides the default theme.

Commenting is set to moderate first time posters.   I don’t know if WordPress is smart enough to recognise old posters.   Once I see that the spam filtering is still ok, I’ll probably loosen that up.

Category: Housekeeping  |  4 Comments

Happy Blogaversary

May 6, 2010, 5:50 am

6 years ago I started blogging.
I keep hearing people disparaging blogging. The kids today think blogging is too lengthy, just tweet it. The CEO thinks he doesn’t have time to read a blog, so put it in a podcast. The tech guy says who uses RSS anymore. The Facebook “Like” button is taking over the web as the new way to share a link. I’m still having fun with it. I still have people stopping by to make me part of their day. Thank you readers.
Here’s to another year of making our computers safer and protecting our data.

Category: Housekeeping  |  Comment

A Little Respect Regarding Reblogging

December 2, 2009, 12:43 am

I noticed this week that a site out there is using wp-o-matic to present my work as his own information security blog.
Some people incorrectly think that a RSS feed is a permanent license to do whatever you want with content. Its not. While it doesn’t look like it, I do spend a lot of time on posts trying to make them semi-literate. Reposting withing credit or link-back steals my Google juice. Without attribution they are clearly plagiarizing my work. Not cool.
I think that presenting my work as his own is a violation of the CISSP ethics.
I may need to put a footer on each post in the RSS feed. “This post and more like it are available at Roger’s Infosec Blog www.infosecblog.org”
If you’re interested in learning more about your rights as a blogger regarding plagiarism check out CopyScape
This post is not about the people who have asked and the people who do link back. I appreciate that you like my work and provide some traffic back my way.

Tags: ,
Category: Housekeeping  |  2 Comments

Follow me on Twitter

June 14, 2009, 9:09 pm

I’ve used Twitter as a follower for a while now. I’ve decided to create a Twitter account for Infosec related stuff. Mark Cuban says more people find his blog via twitter or Facebook than Google. That is generally going to be people sharing links. Lets face it, his controversial posts are designed to create a link-storm. My posts, not so much. However it is true that Twitter is used as a search engine for people looking for up to the minute information. Also while its kind of a no-no in my opinion to ask for link sharing on a website, follows in twitter of routinely done.
It seems a bit foolish to open another account to update when my updates to the blog have been less frequent. Fortunately the twitter lifestyle doesn’t require a spell-check. Please shoot me if I ever spell “you” as “u” however.
Follow me on Twitter @InfosecTweet

Tags:
Category: Housekeeping  |  Comment

Moving

January 27, 2009, 10:36 pm

A little housekeeping blog post.
I’m moving webhosts this week. My old host is progressively more annoying. A few years ago the owners sold out to a company that operates many web hosting brands. After quite a bit of migration headache, things seem to have stabalized. Nevertheless, my contract is finally up, and I’ve decided to move on. I have a real problem with the attitudes displayed by the moderators on the hosting companys forum. It was once a place of help. Now all they do is quote “we are not $company employees, contact $company support.” So much for peer to peer help. The last straw for me was when many customers were hacked and the company didn’t communicate beyond forcing a mass password change.
The new host has SSH access which should make routine maintenance a bit easier. They also offer 50 GB of space off for non-website related things like backups.
During the transition, I decided to refresh my style a bit. (although I am worried that this one is used by too many people already). The new style caused my AJAX comments to not work. So we’re back to the default comment submission method. That means more spam in the moderation queue.
So pardon the dust as I find widgets to add/remove.

Tags: , ,
Category: Housekeeping  |  Comment
« Previous Entries