Freelock
freelock@drupal.community
1 day ago
Freelock
freelock@drupal.community

"With that, it's launched!"

Dries just announced the launch of #DrupalCMS

4 days ago
Freelock
freelock@drupal.community

@pcambra was a little alarmed to get a login message from drupal.community with someone else's IP address!

Filed an issue: https://github.com/Drupal-Mastodon/mastodon/issues/15

5 days ago
Freelock
freelock@drupal.community

New blog post: 🕵️‍♂️ Privacy for website owners, and introducing 💧 Drupal CMS https://www.freelock.com/newsletter/privacy-website-owners-and-introducing-drupal-cms #DrupalCMS #Privacy

5 days ago
Freelock
freelock@drupal.community
January 14, 2025
Freelock
freelock@drupal.community
January 13, 2025
Freelock
freelock@drupal.community
January 10, 2025
Freelock
freelock@drupal.community

@neurer Thanks!

January 09, 2025
Freelock
freelock@drupal.community

So we have a client site that's seeing repeated, spiky DDOS attacks. They're not flooding the bandwidth -- they are hitting slow, uncacheable (search) pages from thousands of IP addresses. In a 20 minute span:

- > 8000 unique IP addresses
- > 1300 unique URLs
- > 400 unique user agent strings
- up to 127 requests per second handled

Anyone else seeing this? Several times per week in the past 3 weeks, lasting ~20 minutes. #DDOS #Security

January 09, 2025
Freelock
freelock@drupal.community

@neurer Ha looks like it posted from the wrong server, thanks for the poke

January 09, 2025
Freelock
freelock@drupal.community
January 09, 2025
Freelock
freelock@drupal.community

So I've gotten a few security issue reports from a researcher. The issues are minor, nothing that even triggers a PCI compliance issue. Now he's asking if there's a reward for his findings.

What are other site owners/agencies doing with these types of requests?

The findings were legitimate, and he obviously spent some time detailing the issues, shared before asking for comp. #security #bounty

January 07, 2025