I witnessed this attack recently, basically it’s just some web crawler trying different file names that somebody could have given a mysql dump that they by accident left inside a public directory of a web project.
Disclaimer: What’s explained in this post could be used in dual use cases. Explaining how the attacker works will ultimately help everybody preventing attacks and raise awareness for the attacks.
Continue reading “SQL Dump Probing”
I wanted to make an API available on the same domain as a single page app built with Vue.js, which means that I had to rewrite a part of the domain to use another port on the same host, but you can also use an entirely different machine or have a load balancer in between.
This post is part of the Making Of: photographerexcuses.com series.
I picked nginx for a server for some PHP productions and this because it simply has the best configs and it tends to perform a bit better if you don’t have a lot of RAM to throw at your server.
Continue reading “Proxy / Rewrite your API Endpoint into Domain Segment with Nginx”
This post is about how to optimize your page for speed and we’re going to test the results with the Pagespeed Insights tool provided by Google.
Google started weighting results on their search engine result pages after the results for your website, so if you score high numbers, you are more likely to show up, especially for mobile users.
Continue reading “How to get a high score on Pagespeed Insights (and make your site fast)”
This is going to be a short post about how to block your webserver from serving a specific file.
WordPress comes with a file called
xmlrpc.php which enables you to use their mobile App on self-hosted blogs or enables ping- and trackbacks. However, there is a bunch of bots out there that attempt to brute-force their way in and can produce either high load or actually present a security risk.
Continue reading “NGINX / Apache: Block Requests to PHP file (xmlrpc.php)”