Wafris

Whether you have a CS degree or not, we can all agree that LinkedIn making you hide the link to our online workshop in the replies instead of just adding it to the post where people could easily find it is stupid (but seriously, check the replies, our very cool online workshop with the fine folks at Honeybadger is tomorrow).

It's a crossover episode: Wafris and Honeybadger are teaming up for a one hour online workshop: "Errors 'N Incidents" happening one week from now, check it out at: https://lnkd.in/eqm7vct3

SEO bots from services like Ahrefs, Majestic, and SemRush aren't "attacking" your site, but often they're not helping either. For moderate or low-traffic sites they'll often make up the majority of web requests hitting the server. This adds to the "log fog" confusion of trying to figure out what's actually happening on your web server. In the screenshot below _all_ the IPs and requests listed (the top 25) are from SEO Bots.

How to spot fakes? ?? ?? One of the easiest ways is to check the "age" of the browser version, given that most are now constantly updated, and older versions stick out. Then there's this Chinese botnet (see screenshot)

There's been considerable discussion about DDoS attacks today. Although they pose a genuine threat, their prevalence is decreasing due to a combination of technological advancements, the diminishing effectiveness of asymmetric attack strategies, and shifts in attackers' motivations. Compared to ransomware, crypto mining, blackhat SEO, data scraping, and social spam, DDoS attacks are less lucrative.

Do you know that letting GoogleBot index your non-marketing sites is a security risk? Through "google dorking" (searching in Google; attack reconnaissance so easy even a "dork" could do it) - stack information and vulnerabilities are uncovered and then exploited. Web admin dashboards of any kind are routinely exploited.

Finding and blocking curl requests against your site can have a substantial positive impact ?? Often used for manual reconnaissance, probes, and vulnerability testing, snuffing out curl requests can push you off the list of potential sites an attacker will later release a bunch of bots on.

The response to our Redis to SQLite post has been amazing - tons of writeups and shares, like in TLDR: https://lnkd.in/eHM7tzwG

We're on the front page of HN for our Redis to SQLite migration article if anybody wants to head over there and tell me how we're doing things wrong.

???Is this risky? Most devs are great at knowing what parts of their apps are easier or harder to implement but don’t have a great sense of which are more or less of a security risk. ???Embedded document editing is surprisingly risky. A good example is the UEditor JS, which was shipped with multiple Java and .NET CMS projects, had over 6k stars on GitHub, and had a vulnerability that allowed for unrestricted file uploads to the server. ???Web Application Firewalls are great at helping with issues like this via “virtual patching.” - There’s no actual underlying code fix for this - There’s a clear exploit pattern - You add a firewall rule like “Block Path: /Ueditor” - You’re “virtually patched”