Category: Security

LetsEncrypt wildcard certificates and Bind9 auto update with DNS challenge

SSL is the standard in web content serving nowadays and LetsEncrypt does a wonderful job offering FREE SSL certificates that would otherwise cost you a decent amount of money on a yearly basis. The only downside to the FREE service is that these certificates have a very short 90 days life and, as such, they…

January 25, 2024
Securing PHP login with Fail2Ban

Brute force attacks are a common issue for webapps. Combining Fail2Ban in Centos(Linux) and PHP logging can provide a powerful tool for temporarily or even permanently banning users from even reaching your server. This is an extreme measure but it is clean, simple and very effective. The article below requires the following perquisites: In this…

June 10, 2022
Prevent CSRF attacks with CodeIgniter 4

CSRF attacks are relatively common. They rely mainly on the user’s elevated permissions for a certain webapp and the hacker would thus attempt to get the user to perform a certain action on it’s behalf. To cut it short, it’s BAD! How the whole attack works is for sure not the scope of this article.…

June 4, 2022
Redirecting to login in Codeigniter 4

Codeigniter 4 has introduced a much easier way to redirect un-authenticated traffic on a website to a login page. It relies basically on a request filter mechanism which can perform an action “before” the initially intended action takes place. In simple terms, what this article aims to explain, is the process in which a visitor…

June 2, 2022