Month: August 2025

SSH brute-force fingerprints: how to read /var/log/auth.log without grep madness — awk one-liners that actually work

by
Multi-pane terminal session showing log output and system monitoring on a dark monitor — photo by Tima Miroshnichenko on Pexels

Open /var/log/auth.log on a public-facing server and you’ll see thousands of lines per day — failed logins, accepted logins, sudo events, cron registrations. The signal you usually care about (who’s brute-forcing me, from where, against which users?) is buried in …

Block WordPress REST API user enumeration without breaking the admin

by
Close-up of JavaScript code showing ajaxTransport, encodeURIComponent, and readyState functions — typical view of REST API client code (photo: Markus Spiske / Pexels)

By default every WordPress install since 4.7 leaks usernames over a public, unauthenticated REST endpoint. Anyone — no login, no auth header, just a browser — can hit https://yoursite.com/wp-json/wp/v2/users and get a JSON array of every user the site considers …

Pinboard / Raindrop / Shaarli for bookmarks: the case for self-hosted Shaarli with daily JSON exports

by
An open book with a decorative red and gold bookmark — photo by Feyza Ebrar on Pexels

Pinboard is the bookmark service hardcore link-collectors swore by for over a decade. The thing was: it was always one person (Maciej Cegłowski), aging gracefully but increasingly out of touch with modern web platforms. Pinboard’s iOS extensions broke after iOS …