Re: WordPress pingback mitigation

2017-05-21 Thread lists
t know of any free exploit testers. Maybe the list can suggest a few.   Original Message   From: mex Sent: Sunday, May 21, 2017 2:25 AM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: WordPress pingback mitigation pbooth Wrote: --

Re: WordPress pingback mitigation

2017-05-21 Thread mex
pbooth Wrote: --- > Wow- I really like the sound of naxsi. In the past I've used F5's ASM, > the WAF built on their big-ip platform. It was powerful though prone > to false positives. I don't believe there are any real shortcuts that > allow you t

Re: WordPress pingback mitigation

2017-05-21 Thread li...@lazygranch.com
e in point, I had a referral from the > > > al Aqsa Martyrs Brigade. ‎ Terrorists! And numerous porn sites, > > > all irrelevant. So Naxsi alone isn't sufficient. > > > > > > Original Message > > > From: c0nw0nk > > > Sent: Saturday, May 20, 2017 3:3

Re: WordPress pingback mitigation

2017-05-20 Thread Peter Booth
, all irrelevant. So Naxsi alone isn't > sufficient. > > Original Message > From: c0nw0nk > Sent: Saturday, May 20, 2017 3:36 AM > To: nginx@nginx.org > Reply To: nginx@nginx.org > Subject: Re: WordPress pingback mitigation > > I take it you don't use a WAF

Re: WordPress pingback mitigation

2017-05-20 Thread Alex Samad
l Aqsa > > Martyrs Brigade. ‎ Terrorists! And numerous porn sites, all > > irrelevant. So Naxsi alone isn't sufficient. > > > > Original Message > > From: c0nw0nk > > Sent: Saturday, May 20, 2017 3:36 AM > > To: nginx@nginx.org > > Reply To: nginx@

Re: WordPress pingback mitigation

2017-05-20 Thread c0nw0nk
no > apparent reason. Case in point, I had a referral from the al Aqsa > Martyrs Brigade. ‎ Terrorists! And numerous porn sites, all > irrelevant. So Naxsi alone isn't sufficient.  > >   Original Message   > From: c0nw0nk > Sent: Saturday, May 20, 2017 3:36 AM > To: nginx

Re: WordPress pingback mitigation

2017-05-20 Thread lists
t sufficient.    Original Message   From: c0nw0nk Sent: Saturday, May 20, 2017 3:36 AM To: nginx@nginx.org Reply To: nginx@nginx.org Subject: Re: WordPress pingback mitigation I take it you don't use a WAF of any kind i also think you should add it to a MAP at least instead of using IF. T

Re: WordPress pingback mitigation

2017-05-20 Thread c0nw0nk
I take it you don't use a WAF of any kind i also think you should add it to a MAP at least instead of using IF. The WAF I use for these same rules is found here. https://github.com/nbs-system/naxsi The rules for wordpress and other content management systems are found here. http://spike.nginx-g

WordPress pingback mitigation

2017-05-20 Thread lists
Reading a blog from the person that set up the website for Emmanuel Macron, I came across this nginx tip. I would return 444 and add it to my user agent map. But in the simplest form: - # Block WordPress Pingback DDoS attacks         if ($http_user_agent ~* "WordPress") {             ret