It seems that some people have discovered our actual login URL. Very well done! But seriously, did you actually think “deface” is a valid username?
Since we survived 2017 without any interruption or intrusion of any kind, New Year’s was only a couple of days ago, please accept our belated Christmas gift:
Neither “admin” nor “deface” are valid usernames
Shocker, huh?
Continue reading
The Bitcoin is roaring, and you don’t want it?
Here’s a graph we borrowed from CoinDesk
We’re confused. You say hacking WordPress is easy. There is more than 1 BTC in here, for the first person who breaks us.
If all of the above is true, then this site is literally easy money.
Continue reading
Continue reading
The best protection is free
Judging from the server logs, at least you are trying.
Your lack of imagination is curious, though. Automated SQL injection attempts in 2017 – really? If that’s the best vector you can think of, then well… best of luck.
A few short words about security measures taken at our side: Only a couple of free plugins.
Continue reading
Continue reading
Gwendal Le Coguic
Read every single post this guy has ever written! Meticulously. He knows his stuff, that’s for sure. We have learned a great deal from this fellow, and it is quite clear that you should too. Enough said, here is his site:
Gwendal Le Coguic
Do.
Continue reading
Continue reading
You need to protect your IP address
Even if you are pentesting a web service that has given you explicit consent to do so, such as this site (read the footer), you still need to hide your real IP address. Because you don’t want your real IP listed in the victim’s server log files, and you don’t want it suddenly banned and locked out in the cold.
Continue reading
Continue reading
Attacking WordPress
We just published a list of general attack vectors and a couple of tools you can use to try and penetrate WordPress.
Today’s tip: Think bigger!
WordPress is hosted on a web server. If the WordPress you’re trying to get access to is set up like a goddamn fortress, maybe the underlying web server is not?
Continue reading
Continue reading
Not even close, and definitely no cigar
Judging from real-time analytics and log files over the past few hours only, many of you have tried. But no one is even close. Why is staring into stuff like this so insanely satisfactory?
Kids, you gotta step up your game!
Continue reading
Continue reading
You need to work on your security headers
Most people don’t know what security headers are. That’s a shame because implementing no or very lax content security policies puts you and your online content at tremendeous and unnecessary risk.
Tightening your web server security takes very little effort if you know what you’re doing.
Continue reading
Continue reading
Why WordPress?
WordPress is by far the most common CMS used today. At the time of writing, more than 27 % of all webpages on the internet (sic!) run on WordPress. Yet, is it considered weak or even dangerous, from a security perspective, by numerous experts.
Continue reading
Continue reading
Happy Halloween!
This site – DEFACE.IO – has one purpose. Showing off our skills in setting up web environments and WordPress pages, a platform notorious for its many security holes, in such a way that you cannot hack it. We urge you to do your best!
Continue reading
Continue reading