So How Exactly Do You Learn About Security Issues on Your VPS?
If you're a sysadmin - and if you've got a VPS, you are - how do you learn about new security threats?
Read More
Tighten Up Your VPS With an SSH Audit! Let's Look at the ssh-audit Package...Does OpenBSD Score Higher Than Debian?
The SSH protocol is surprisingly complex, though the reason why it has to be makes sense once you think about everything it has to do. Using the ssh-audit package, you can audit your SSH server and tighten it up with an easy step-by-step instructions.
Read More
Hackers Love Default Windows RDP Ports: Here’s Why You Should Change Yours, and How to Do It
Should your change your Windows RDP port? In LowEndBox's opinion, yes. Let's discuss why, and how to do it.
Read More
One Third of the Web Will Stop Working in 4 Days: Massive-Scale CDN Compromise Starts Wednesday
About 34% of the web is still powered by HTTP/1.1 and that protocol will likely come under severe attack starting on Wednesday. Get a preview of what's in store for the latest security headache.
Read More
How to Add Two-Factor Authentication (2FA) to WordPress in About 2 Minutes
The world is a dangerous place. Take some of the edge off by enabling Two Factor Authentication (2FA) on your WordPress sites in about 60 seconds.
Read More
How to Keep Your VPS Safe From Hackers in Less Than 10 Minutes
You're busy. We get that. So let's see how you can improve your VPS security if you've only got 10 minutes to spend.
Read More
Five Times When Updating Your OS Would Have Saved You From Being Hacked
Every checklist you've ever seen for securing your VPS includes "update your system regularly". But is that one of those "best practices" that is more theoretical than a real-world necessity? To be honest, it's easy to not get around to running "apt update && apt upgrade". In my experience, at least with Debian, updates rarely break things but it's always a small risk. Nevertheless, it requires remembering to do it, spending the commands run, maybe rebooting, etc. Unfortunately, history has shown time and time again that skipping OS updates can leave even the best admins wide open to disaster.
Read More
Get Ready to Scan Your Passport If You Want to Buy a VM This Summer
New requirements are coming for providers to Know Your Customer (KYC). Is just verifying the email address and taking a credit card enough or do they need to get into those "what was your street address four years ago" kinds of questions? Will we have to scan passports and send copies of utility bills?
Read More
My Server Was Getting Constantly Hacked Until I Changed This One Parameter
If your server (VPS or dedicated) has been hacked, there is a simple parameter change you an make that will vastly improve its security. It takes a couple steps to login, but it will protect you against brute force attacks, keyloggers, and other attacks. And you have a couple of options.
Read More
No, 'airforce' is Not a Good Password: Check Out This Honeypot
LowEndTalk user htop setup a honeypot to trap ssh passwords. Watch skiddies in real time!
Read More
Motherboard MSI Warns of Rogue Firmware
MSI recently suffered a cyber attack and has issued a warning about dodgy imposter firmware that might be in the wild.
Read More
RackNerd and Ezeelogin: Securing and Scaling SSH
Ezeelogin is an SSH management platform that provides two factor authentication, SAML Authentication, session recording, IAM, RBAC, PAM, and lots of other important acronyms. Community provider RackNerd recently deployed it and explains the product's benefits to providers and users.
Read More
Here Come the RackSpace Lawsuits
"That Rackspace offered opaque updates for days, then admitted to a ransomware event without further customer assistance is outrageous," according to one attorney. Class-action lawsuits against Rackspace are popping up around the country.
Read More
Just Stop Using LastPass: They've Been Hacked for the 9th Time
LastPass had security incidents in 2011, 2015, 2016, 2017 (twice), 2019, 2021, and twice now in 2022. Are you still using them? Why?
Read More
WHMCS Won't Tell You About What The Vulnerability Is, But Will Say "Patch ASAP!"
There's an important security vulnerability in WHMCS 8.5.x and 8.6.x. WHMCS won't tell you what it is, but will tell you that you need to patch ASAP. No earlier versions are affected.
Read More
Getting Scans From 18.171.7.246 and 35.177.10.231? It's the UK Government
If you're seeing weird things in your logs, it's because the UK National Cyber Security Center has decided to scan all UK systems as part of their "Scanning the Internet for Fun and Profit" (their term). Click to learn how to opt-out.
Read More
Internap Loses Customer Data, Shrugs, Doesn't Apologize
"We lost your data. It's your problem. OKTHXBYE - Internap."
Read More
BRING YOUR OWN JOKE: Uber Has Many Openings in IT Security
As of this morning, Uber has the following positions open: Senior Security Engineer - Application Security Security Engineer - Penetration Testing Security Engineer II Security Incident Commander II T...
Read More
This Week's Initial Ransomware Offering (IRO) Calendar
Check out this sentence: "For the author, this business model enables them to scale their earnings from their software with less risk." I slightly modified the original, but we're not talking about a...
Read More
LastPass Releases Its Security Incident for 2022
Sometimes you see stuff in the media and wonder if it's really news. Some celebrity broke up with some other celebrity. Some tech company released version X.Y which is .0001% better. LastPass was h...
Read More
More Vulnerabilities, Poorer Patches: TrendMicro Is Bummed
Presenting at the Black Hat USA conference this week, Trend Micro had an interesting comment: Over the last few years, we’ve noticed a disturbing trend – a decrease in patch quality and a reduction in...
Read More
Those Spam Texts Are Coming From Twilio: They've Been Hacked
Twilio has suffered a data breach and the attackers "used the stolen credentials to gain access to some of our internal systems". Twilio is a messaging platform with a nice API. I used it last year t...
Read More
Why It May Be Illegal to Pay Ransomeware and Why a Ban on Payments Won't Work
If your organization's data is being held for ransom by hackers, should you pay up? The universal consensus is that you shouldn't because it encourages criminals. But an earlier question needs to be...
Read MoreYour Wordpress Has Been Scanned. Hope You Weren't Hacked.
Wordfence reports that hackers are widely attempting to exploit a vulnerability that they reported over three months ago. According to The Register: Wordfence disclosed the flaw almost three months a...
Read More
ALMOST GONE: Save 90% on Shodan.io! Only $5 Lifetime!
LowEndTalk member @Chuck alerted the community to a terrific deal: you can get a full access lifetime membership for Shodan.io for only $5 - that's 90% off the list price! However the deal expires at...
Read More
Retbleed: Your x86 Speculative Attack Du Jour
"Today Intel released two security advisories addressing 2 medium severity vulnerabilities reported by academic researchers from ETH Zurich who have labeled their side-channel attack as “Retbleed” due...
Read More
Low End Detectives: IP Address of Low End Talk Phishing Attacker Revealed In Just 5 Minutes!
The Phishing Attack On April 9, 2022, some not-so-nice ungentleman went phishing. As announced on Low End Talk, phishing emails were received by several Low End Talk members. The phishing emails false...
Read More
Latest LowEndTalk Hosting Offers
View More
Offer #1
DELL C6400 2U 4-Node BEAST! hardware sale!
Sep 16, 2025
Offer #2
LimitlessHost.net - 9th Anniversary Sale - 2nd Round - From $2/Year - Web Hosting, Reseller & VPS
Sep 16, 2025
Offer #3
GET 30% off annual AMD Ryzen 9950x VPS w/Oplink.net before sale ends / Check out our New Website!
Sep 16, 2025
Offer #4
RoboVPS® offers: New KVM settings on all VPS and new AMD Ryzen 9 based plans!
Sep 16, 2025
