Security Archives - klop.solutions

It’s all about trust

On: March 14, 2025

Modern cryptography is key to modern on line communications. This area of IT looks very complex and daunting to many, so it’s always a good start to get the basics right. I not gonna use much words for explaining, others have done that much better. Communicate secretly requires encryption so others cannot read it. Encryption uses some secret or key. Both sides need to have this key. So far, nothing new here. Has been done like that for thousands of years. But wait, what is missing here… Right, knowing who is who or trust. Without trust, I might send a secret message to the wrongRead More →

The real iCloud.com phishing trick

On: February 3, 2024

In: Security

With: 0 Comments

A lot has been written about this. Classic phishing, email from support@icloud.com to urge you to do something (stupid). Rule one with such emails, check the sender, for example on MacOS: That’s an official Apple address, WTF? The funny thing is that most blogs ignore this fact and apparently accept it as possible. Really? Apple should be in full control of this email domain. Someone suggested that it’s just a user email address, like somebody has an AppleID called “support”. Of course not. The truth is much simpler and anybody can find it. Just display the real, i.e. raw, email content with a font likeRead More →

Wireguard VPN server on MacOS Catalina

On: December 9, 2023

In: Computer, Security

With: 0 Comments

After I decided to have my mac mini (running Catalina) to play the role of home server (with 9 Watts idle) a VPN solution to make the LAN reachable from the “outside” had to be added. The mac mini replaced a Rasp-Pi with home assistent and Wireguard in docker (5 Watts idle). Installing the Wireguard App on Catalina is tricky since the latest version (1.0.16) does not support Catalina anymore. Luckily I installed the 1.0.15 version of the App from the Appstore some time ago and I could download it again (the cloud symbol) on Catalina (the Appstore informs you that you will download aRead More →

Protect WordPress admin login with fail2ban

On: May 26, 2021

In: Computer, Security

With: 0 Comments

So your site has a login page? Ever wondered how many “people” are knocking on your door? When I looked at the login attempts on my SSH front door, just shortly after new server deployment, I decided to change doors (ports..). SSH login attempts are in the logs and are fun to look at. But how about failed WordPress logins? First of all, they are not in the logs. But this can be fixed easily like this: —> create directory mu-plugins mkdir /var/www/<your site root>/wp-content/mu-plugins —> create file wp-fail2ban.php in this directory <?php function admin_login_failed_403() { status_header( 403 ); } add_action( ‘wp_login_failed’, ‘admin_login_failed_403’Read More →