So if you’ve recently tried browsing to my site in the last 30 days or so you may have been presented with a not so helpful error message showing that my bandwidth had been exceeded.
Turns out my site was the victim of a dDoS attack/bruteforce at the end of May/Beginning of June and initially while my hosting provider noticed it and informed me of the attack, the “fix” I implemented which was to eliminate xml-rpc.php from my wordpress site initially showed a huge drop in CPU cycles from the hosting PoV, what I didn’t appreciate is that error pages come out of your monthly bandwidth entitlement.
So… 12 hours later a grand total of 5GB of “404 – page not found” texts were downloaded and pow, site was down.
Hosting provider has been a great help throughout the attack and while there were some false starts and confusing conversations going on I finally got through to their support ninja’s had my “fix” confirmed as working and my site is now up and running, at least until someone takes it upon themselves to burn it down or have another go at logging in.
The fix…not using .htaccess to deny (that results in burning your data allowance, but does reduce CPU load) but rather use .htaccess to perform a 302 to http://0.0.0.0 for any matching request.
MWR HackFu 2015
I was invited along to HackFu this year and spent a hugely enjoyable 3 days. MWR Infosecurity definitely know how to run a major cybersecurity event and while a majority of us were penetration testers or security researchers teams were mixed with software developers, mathematicians, etc… even those who did not have a technical skillset could learn new skills such as lockpicking or use their powers of deduction to discover clues and work out who were the moles and the mastermind behind it all.
Incredibly well structured and the challenges I took part in were so well thought out they’ve given me a few good ideas to put together one of my own. From interfacing with game AI to produce “real world” effects from associated hacks to emulating ICS systems having to hack a water pump to retrieve a usb key.
Honestly, if ever you get the opportunity to participate in it, leap for it and go expecting the unexpected Genuinely a fantastic time.
Press Article: SC-Magazine Write Up