Examining the site’s access logs, I noticed many requests for /?author=123, where the numbers ranged from 1 to several hundred. The goal of this type of malicious scan is to obtain information about registered usernames, which can then be used to brute-force attack the site’s login form. This tutorial explains how “user-ID phishing” works, and […]

This tutorial explains two ways to disable Apache’s mod_rewrite in a specific directory.

Recently the question was asked, “what does it mean, Options All?” Here is the quick answer..

Here are some of my favorite .htaccess rules that I add to most of my personal sites and client projects. These techniques have been collected and refined over the years, and can help improve the usability, performance, and security of any Apache-powered website.

This tutorial provides a technique for disguising all file extensions and serving them as .php files.