[Bglug] Meeting notes and links
Andrew Howlett
andrew at howlett.net
Wed Jul 5 06:24:41 EDT 2017
Hi everyone,
Yesterday I mentioned the TV show Black Mirror. It's a UK produced show with a very pessimistic near-future outlook on current tech trends. The specific episode that I was taiking about is season 3 episode 1 "Nosedive" which is obviously about facebook. Mandatory wikipedia link below
https://en.wikipedia.org/wiki/Black_Mirror
Thanks to (Jim?) for the lead on the Pine64. Very cool. Also check out the PineBook laptop. I will definitely order the Pine64 and maybe the PineBook - it's only $99.
https://www.pine64.org/
The wordpress problem i was talking about is the xmlrpc brute force attack. For those too busy to read the entire article linked below, the basic problem is this: "attackers are leveraging the /system.multicall/ method to attempt to guess *hundreds of passwords within just one HTTP request*." Yep. And submitting more than one HTTP request per second. End result on my production linode is the database server process (in my case mariadb) runs out of memory and crashes, taking down the website. But a little more research this morning has suggested better mitigation techniques than whitelisting, blacklisting or removing xmlrpc altogether. Here are the links:
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html
https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
ttyl,
andrew h.
More information about the Group
mailing list