Issue How exactly does an attacker steal a user’s “session”? Stealing a username/password combo and using them to sign into someone else’s account is an intuitive process. But if the end user has MFA enabled on their account, signing into that account on a new device requires a code from an OTP app, alternate email, or text to their mobile phone. Assuming the attacker hasn’t ALSO breached their alternate email or executed a SIM Swap to get direct access to the victim’s MFA method, how are they able to bypass that additional layer of security?
Setup The first real, working development pipeline for this blog used the GitHub to FTP approach. Before that, I tried a somewhat convoluted version of the “Pull” approach the guide in the official cPanel docs, which outlines two basic options: Push Method Edit your website on your computer, push the changes to a single Git repo in cPanel, and it will automatically update Use cPanel’s Git Version Control tool to make an empty repository Clone that to your computer Use a .
Issue When you access another device via SSH, there is always the possibility of falling victim to an On-Path (Man-in-the-Middle) attack. For example, you could accidentally connect to an attacker’s server, and they’d capture your credentials when you tried to authenticate. We use PKI in the form of host keys to counter that vulnerability. When you SSH into a web server for the first time, you should see a message similar to this:
Setup Not actually a full-fledged CI/CD Pipeline at this point. And it goes without saying, but Git for a non-collaborative, personal, static website is overkill. But as long as I am creating a tech blog, it might as well include automatic deployments with version control for a bit of DevOps practice. Pushing website updates from GitHub to cPanel’s via FTP wasn’t my first approach. I’ll document the less successful process of connecting the GitHub repo to a redundant cPanel Git repo via SSH in a future post.