This category covers specific actions to be taken in order to protect your server, website or application from wrong-doers, bots or any unwanted access.
Recent posts in this category
- LetsEncrypt wildcard certificates and Bind9 auto update with DNS challengeSSL is the standard in web content serving nowadays and LetsEncrypt does a wonderful job offering FREE SSL certificates that would otherwise cost you a decent amount of money on a yearly basis. The only downside to the FREE service is that these certificates have a very short 90 days life and, as such, they… Read more: LetsEncrypt wildcard certificates and Bind9 auto update with DNS challenge
- Securing PHP login with Fail2Ban
Brute force attacks are a common issue for webapps. Combining Fail2Ban in Centos(Linux) and PHP logging can provide a powerful tool for temporarily or even permanently banning users from even reaching your server. This is an extreme measure but it is clean, simple and very effective. The article below requires the following perquisites: In this… Read more: Securing PHP login with Fail2Ban - Prevent CSRF attacks with CodeIgniter 4
CSRF attacks are relatively common. They rely mainly on the user’s elevated permissions for a certain webapp and the hacker would thus attempt to get the user to perform a certain action on it’s behalf. To cut it short, it’s BAD! How the whole attack works is for sure not the scope of this article.… Read more: Prevent CSRF attacks with CodeIgniter 4 - Redirecting to login in Codeigniter 4
Codeigniter 4 has introduced a much easier way to redirect un-authenticated traffic on a website to a login page. It relies basically on a request filter mechanism which can perform an action “before” the initially intended action takes place. In simple terms, what this article aims to explain, is the process in which a visitor… Read more: Redirecting to login in Codeigniter 4