Cloudflare Firewall Rules

I found a website (k6.io) which allows you to load test websites and API’s using AWS. With a free account you can test from one location with 50 virtual units for up to 12 mins. Spinning up a load test of get requests, Cloudflare served up all the traffic no problem, leaving my minimal VPS web-server alone. Then I tried again with post requests and BAM… 100% CPU load, response time over 6 seconds.

What was happening? Shouldn’t Cloudflare stop things like this?

Continue reading “Cloudflare Firewall Rules”

Have You Been Pwned: NTLM Hashes

Troy Hunt continues to be amazing for cyber security with the Have I Been Pwned project. All the Version 3 passwords have been released as NTLM hashes, the password hash used by Windows. This should be really useful for any sysadmins managing a Windows Enterprise deployment wanting to make sure that users aren’t using bad passwords. Hopefully as this is adopted it will also reduce the number of poor password rules that many companies still enforce.

Things like: Continue reading “Have You Been Pwned: NTLM Hashes”

Domain Move

If you are reading this, then you must be using the new URL for my website.
I moved from procrastinatingengineer.co.uk to procrastinatingengineer.uk

Mostly because it’s shorter and I think it looks nicer, but also I wanted to play around with self hosted WordPress and CND setups. More on this coming soon!