Tag: security

Gaming your payment gateway

So recently a client had their ecommerce platform coopted to launder CC for valids. Their payment processor was none too happy, however luckily I happened to see the client’s URGENT email and react quickly. I added CC attempt rate limit banning, and pre-emptively banning by suspicious attributes of the visitor (no false positives yet). The…
Read more

2021-08-21 0

Locking down “brochure” style websites between upgrades

What remaining sites I have parked on my servers generally fit this description. Or, sites that the owners really should have taken yet, but I’m still hosting 😛 Given these sites don’t change much, between updates I just lock them down with sudo chmod -R u-w /var/www. They are all normally 550, but I briefly…
Read more

2021-04-15 0