willem.com

Cyber Security on Willem's Blog

Dig for dummies

Explaining an highly useful network tool

May 24, 2019
Learn how to use the dig command to query domain name servers to find the source of network problems, IP-addresses, hostnames, mail servers and related info.

When you're building websites, apps or email services you may run into domain names and their configurations. When everything is working as it should, most of this is invisible. But when troubleshooting a domain name configuration, it may be necessary to dig a little deeper... read along to learn how!

Search like a pro: Google search operators

Comprehensive list of advanced search operators

Apr. 25, 2019
Read along for a comprehensive list of advanced Google search operators that allow you to filter your search results.

You probably use the world's most famous search engine to find things everyday, but you might not know about some of its advanced search operators. You can use these special search phrases to find things that are otherwise burried in the search results. Read along for a comprehensive list of advanced Google search operators.

WordPress: 10 tips to secure your website

Keep hackers out of the world's most popular content management system

Mar. 31, 2019
A lot of people use WordPress to manage their website. Prevent your site from being hacked using this blog post.

A lot of people use WordPress to manage their website, therefore it's no surprise people ask me to have a look at their site's security. As ethical hacker, I encounter WordPress in different shapes, sizes and states. Some of them are really badly protected against hacks. Prevent your site from being hacked using these 10 practical tips.

Understanding the security concerns in shared hosting

Considering open ports and unused network facing services

Feb. 28, 2019
People pay me to hack them, provided I'll explain how I did it. Read along to learn how hackers use security holes to hack your app, webshop or website!

People pay me to hack them, provided I'll explain how it was done, so future hacks can be prevented. As security consultant, I scan for weaknesses in my clients' apps, webshops and websites. Very often a hack starts by exploiting a security hole that is visible remotely. Read along to learn how hackers find security holes and what you can do to secure them.

Cyber security: 5 easy tips to protect your server against hackers

Server hardening best practices for Windows and Linux

Mar. 10, 2018
These 5 practical cyber security measures will improve the safety of server, website and data.

This week one of my clients was hacked and asked me for emergency assistance to help secure their server infrastructure. It was a web server that ran WordPress websites on Apache (with PHP/MySQL), including a few webshops with customer data. This hack could easily have been prevented with the following best practices, is your server secure?

All blog posts
The data centre is where your server lives. Even though it may be physically secure, you should check upon its software too!
The data centre is where your server lives. Even though it may be physically secure, you should check upon its software too!
It's pretty hard hacking into my WP-Admin page because you cannot find it (hint: it's not at /wp-admin)
It's pretty hard hacking into my WP-Admin page because you cannot find it (hint: it's not at /wp-admin)
Update WordPress from the wp-admin dashboard
Update WordPress from the wp-admin dashboard
Sniff WordPress password using WireShark packet capturing (via blog.wpscans.com)
Sniff WordPress password using WireShark packet capturing (via blog.wpscans.com)
A map of the ARPANET in 1973... imaging mapping the internet today!  (Public domain)
A map of the ARPANET in 1973... imaging mapping the internet today! (Public domain)
Do you trust the free wifi you're using? (Image via buffered.com)
Do you trust the free wifi you're using? (Image via buffered.com)
Keep in mind that help is available - I know my way around servers and cyber security
Keep in mind that help is available - I know my way around servers and cyber security
Using nmap to scan a hosting server, identifying network facing services and open ports
Using nmap to scan a hosting server, identifying network facing services and open ports
Limit access by IP basis to XML-RPC using a .htaccess file
Limit access by IP basis to XML-RPC using a .htaccess file
The Domain Name System (DNS) links domain names to IP-addresses, which in turn are routed through cables. You're reading this - seriously! - through the cable connected to the server shown on this photo!
The Domain Name System (DNS) links domain names to IP-addresses, which in turn are routed through cables. You're reading this - seriously! - through the cable connected to the server shown on this photo!
Different kinds of hosting: Shared hosting, VPS hosting and dedicated hosting visualised (a circle representing a physical server)
Different kinds of hosting: Shared hosting, VPS hosting and dedicated hosting visualised (a circle representing a physical server)
Contagious effect of an hacked website (red indicating trouble)
Contagious effect of an hacked website (red indicating trouble)
Somewhere in a datacenter there is a machine like this hosting your website
Somewhere in a datacenter there is a machine like this hosting your website
Check the reputation of a WordPress plugin by looking at the number of downloads and its rating
Check the reputation of a WordPress plugin by looking at the number of downloads and its rating
Check upon your server regulary - or find somebody that does this for you.
Check upon your server regulary - or find somebody that does this for you.
Using dig to get information about the SPF-records for a domain name, google.com
Using dig to get information about the SPF-records for a domain name, google.com
Use WP Security Audit Log to keep an eye on what's happening with your WordPress website (wpsecurityauditlog.com)
Use WP Security Audit Log to keep an eye on what's happening with your WordPress website (wpsecurityauditlog.com)
Password dictionary attacks use lists of known (leaked) passwords, you can find them on shady parts of the internet
Password dictionary attacks use lists of known (leaked) passwords, you can find them on shady parts of the internet

More Cyber Security on Willem's Blog

All blog posts