Response to incidents to a medium-scale phishing attack while the objectives are not of our company?

Our company suffered a phishing attack yesterday. While we were investigating the attacker and our potential employees who could have been phishing, we ended up with the database of phishing user attackers.

This database includes emails and passwords from users (~ 40) from multiple companies (~ 10) who appear to be sharing the same phishing attack as us. In addition, it seems that the goal is high profile.

So far, this is what we have been achieving:

  • Contact selected companies and list phishing users
  • Contact the websites where the phishing attack is occurring (it is happening on several pirated websites, making it difficult to stop it)

However, we are not sure that this is the best way to deal with the following situation, this is the reason:

  • More and more users enter their credentials and this is not our role to protect users of other companies and we would like to stop wasting time with this (most companies follow our email or call us to request more details).

  • We are concerned that some companies (target companies that are in the same industry as us) do not understand us well and we believe that we are somehow associated with that phishing attack because we are one of their competitors

  • We are making security for our competitors (so we are spending money for them)

One solution could be to publish a blog post, but it also has drawbacks, such as being seen as a toxic player because we would be pointing our finger at the safety of our competitors. Another solution would be not to contact these companies and let them commit.

What would be the best way to react to this phishing attack?

Block brute force attack in WordPress


For those who have a server running with CSF, this is the way to block the WordPress login attack.



if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(S+).*) "POST /wp-login.php.*" 200/)) {
    return ("Failed WordPress login from",$1,"wordpress","5","80,443","3600");

You can replace 3600 with 1 if you want to block the IP permanently.



CUSTOM4_LOG = "/var/log/apache2/domlogs/*/*"

The load on the server will not be high. Mining load only average load: 9.78, 10.68, 10.16.

You can verify this using tail -f /var/log/lfd.log


unreal 4 – How to set the execution time of an animation based on attack speed?

According to an answer I received on this question:

How to make an action take place only after an animation has been executed?

I am using notifications in animations to perform certain commands / actions.

See in the documentation:

Before resorting to this site, I researched somewhere else about the modification of the animation speed and the closest question I found was this:

Simply by changing the animation speed, I know how to do it, but I want to control its runtime. Something like determining how long you have to play the animation.

In the image below I show more or less the scenario I have:

enter the description of the image here

Note that the notification occurs at the end of the animation (where I apply the damage).

Then, depending on the speed I set for the animation to take place, each time the notification ends, applying the damage.

It turns out that the animation does not necessarily have the exact duration of an attack that begins when the other ends (the image below will make it easier to understand):

enter the description of the image here

There is one more scenario that I imagined.

In the latter case, assuming that the animation is (usually) of 1 second duration, and the character has the maximum attack speed (I set the maximum to 2 attacks per second). Then the animation will run 2 times faster:

enter the description of the image here

But the attack speed will not always be a "simple" number, I would like to know how to calculate / configure the time so you don't have problems when the attack speed is any number.

I want to know how to configure the execution time of the animation and a time interval between the execution of the animation.

ECDSA ECDH Man in the middle attack

We have a long-term key used to sign / verify ephemeral keys. The problem is that we first have to share the long-term public key with the other party. Is it possible to avoid a man in the middle attack without using certificates? I will use this for a TCP chat.

Why don't we attack those who disagree with the US? UU.?

Because that would put an end to humanity.

We would not survive this.
I guess rats, ants and cockroaches would probably do it, but homo sapiens would be ready.

A few dozen could enter these shelters for a few months. And that?
If someone remakes humanity, it is the Inuit. And the models don't look good even for them.
Or maybe those scientists at the South Pole. The problem is that there are not enough … inbreeding would be a very fast problem.


dnd 5e: Does the advantage deny the disadvantage (for things like the sneak attack)?

Yes, the advantage would deny the disadvantage to the effects of the sneak attack.

According to the rules of advantage and disadvantage (PHB 173, my emphasis):

If circumstances make a roll have both advantage and disadvantage, It is considered that you do not have any of them, and you get a d20. This is true even if multiple circumstances impose disadvantages and only one grants advantage or vice versa. In such a situation, it has neither advantage nor disadvantage.

So, for example, if you (the rogue) have an advantage and disadvantage in an attack roll against an enemy while your ally is less than 5 feet from the target, you could make a sneak attack because they treat you like you don't have a disadvantage when making the roll. This meets the requirements for Sneak Attack (PHB 96, my emphasis):

Once per turn, you can deal (extra) damage to a creature that you hit with an attack if you have an advantage in the attack roll … You don't need an advantage in the attack roll if another enemy of the target is within 5 feet of it , that enemy is not incapacitated, and you have no disadvantage in the attack roll.

However, if the ally was absent in that situation, you could not make a Sneak Attack because they treat you as if you had no advantage in making the roll.

The same reason would apply to characteristics other than the Sneak Attack that depend on the advantage or disadvantage of any attack roll, skill check or save throw. When any of these rolls is made with advantage and disadvantage, the roll is made as if it really had neither advantage nor disadvantage. In this case, no feature that requires advantage or disadvantage would be activated, and no feature that prohibits the advantage or disadvantage would be excluded.

rogue – Swashbuckler rouge: does the sneak attack fail if you have an advantage and disadvantage?

I'm arguing a little with my DM.

The rules say you can have a sneak attack if "you have no disadvantage in the attack roll."

If I have an advantage and a disadvantage, that results in a straight roll when I attack. A straight roll suggests that sneak attack is allowed.

My DM interprets it as, if I have a source of disadvantage, regardless of the weather I also have an advantage or not, the fact that it is disadvantaged in some way prevents the sneak attack from being activated.

Can someone tell me who has the correct interpretation?

Monk: How does Flurry of Blows interact with the Multiple Attack Penalty?

As a monk, I can do a Flurry of Blows action that allows me to make two unarmed strokes with a single action. According to the Multiple Attack Penalty section,

The second time you use an attack action during your turn, you receive a –5 penalty on your attack roll.

With Flurry, I am making 2 attacks with 1 action. What is my multiple attack penalty after making a burst of punches?

dnd 5e: if a PC's ability score increases due to an item, does the corresponding modifier for the skill score or any skill / attack increase?

The modifier is directly linked to the statistic, so a STR of 19 has a +4 modifier. That only happens automatically.
Therefore, STR-based attacks will benefit from the higher modifier.
Skill checks will improve if they use the STR modifier as it has improved.

Basically, the modifier instantly increases to match the new statistic total that then flows in attack rolls, damage rolls and skill checks / saves using that modifier.

From the SRD:

When a character makes an attack roll, the two most common modifiers of the roll are a skill modifier and the character's ability bonus. When a monster makes an attack roll, it uses the modifier provided in its statistics block.

Skill modifier The skill modifier used for a melee weapon attack
it's strength

dnd 5e: attack a swarm with a spell while in a player's space

A swarm can enter another creature's space, but how big is that space?

A medium creature occupies a square on the grid, and a square on the battle grid of the fifth edition represents 5 feet. A creature in a square is not a solid 5X5X5 cube but a being that moves, dodges and threatens. At the moment a spell, like Fire bolt is cast, for the sake of narrative, it doesn't have to be at this moment a swarm necessarily crawls on that creature, but just within the same space of 5 feet. Who describes the results of the action (usually the DM) could describe it like this:

You point your finger and focus on the swarm. A ray of fire shoots from the tip of your finger and hits the ground where the swarm of ants seems denser. Roll 1d10 fire damage against the swarm.


The swarm of deadly mosquitoes is temporarily disconnected from your friend, and you take the opportunity to quickly fire a bolt of fire at the mass of insects that hangs in the air, inches from your ally. Roll 1d10 fire damage against the swarm.

The fact that a swarm is within the space of a creature does not mean that it has to visualize (or narrate) that it is in the creature the entire time it is there. It's simple in the vicinity to the other creature, close enough to attack her.

An alternative

For the most vindictive DMs that exist, you could impose disadvantages on the swarm attack roll, use the coverage rules as suggested in the other answer, or even be inspired by this part of the Fire Discharge spell:

A flammable object struck by this spell lights up if it is not being used or carried.

Certain spells can have dangerous environmental effects and, even using Fire Bolt as an example, a dry bush near the creature can catch fire and pose a danger or perhaps a piece of clothing.

It is noteworthy that if you go in this direction, it is the ability to Sculpt Spells of the Evocation Wizard found on p. It allows the magician to protect a limited number of allies from the dangerous spell effects he casts. This would suggest, for me, that shooting a magic fire beam into the space of your allies should be a dangerous thing to do

However, all these options are house rules and make the system more partial against the players than the designers intend.