Category Archives: howto

protection wordpress username enumeration

After my last post exploiting username enumeration i have looked deep and found a simple workaround to patch your blog for this vulnerability till wordpress has something to add to it.

I am right now using a wordpress plugin : Redirections
https://wordpress.org/extend/plugins/redirection/

Inside the plugin page which comes under : tools -> redirections

Add a new rule with following settings.

Source url : ^(.*)/?author=(.*)
target url : /
Reg Exp : Yes
Match : url only
Action : Redirect to url

and Add Redirection

all done… just try any url with ?author=no

now this url will be redirected back to your main page effectively nullifying the effect of user name enumeration.

Debian 5 Lenny : installation prelude

its been a long time since i posted on my blog..

Been hell lot busy on my work… but guess what as soon as i got some time i get this simply superb news…

Debian 5.0 lenny is out i have been eying for this distro for a long time using the unstable repos to get the taste of lenny and now finally lenny is here..

Continue reading