-
WooCommerce: How to Stop Fake Orders and Spam Signups
If you run a WooCommerce store, spam is rarely limited to a few junk messages. More often, it appears in ways that directly affect store operations: fake orders, suspicious signups, spam reviews, and unwanted submissions through store-related forms. Left unchecked, this kind of activity creates extra admin work, weakens customer data quality, and makes it
FEEDBACK LOG
The Latest
-
Phishing on a new level: Cloudflare + Protonmail + Unvalidated Redirects – set of young Fisher
“… you come to me, and you ask something, but you don’t ask with respect …” Vito Corleone Phishing is still the most popular and most successful type of hacker attacks. It’s simple, attacked is not the software, not servers, not networks, and the most vulnerable components of information systems – users. I often meet…
-
Best practices to protect e-commerce sites
Online shopping has always attracted intruders: it is a source of credit card data (now almost irrelevant); user data; data about orders and market trends (consumer demand); a traffic source; manipulation with the discount coupons, etc. An e-commerce site may be attacked as intruders in “free hunting” (non-targeted attack) and by the request of unfair…
-
Protect SSH from brute-force on any port
Today I was interested in the survey whether it is necessary to move SSH to a nonstandard port. The survey is not as interesting as the way the author @zivot_je_cudo to protect SSH from brute-force password: after wrong connection attempts to block new attempts within 20 seconds. The delay apparently chosen empirically on the basis…
-
How to strengthen the protection of passwords of “12345” from brute-force attack
Object: Web login form. Given task: to strengthen the protection of the user’s account from the selection of a simple password to his account, using a minimum of resources. What is the minimum of resources? It does not use a table-reference to block by IP-address and User-Agent. Do not use unnecessary requests to the system;…