Tag Archives: bash

Sysadmin: Brute force detection – custom rule for SMTP and SSH

I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendĐ°bility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD

Read more »

Share Button

How to use BFD tool to block WordPress brute force attacks

I have written about the excellent and lightweight (unlike fail2ban which is more popular but too resource consuming and 3rd party tools dependent) tool BFD earlier. This tool is actually the set of bash scripts that looks for known pattern in the logs and executes actions against offending IPs based on the configuration. Little is known that it’s also modular and allows to extend it’s behavior by writing custom rules to assist with more uncommon situations.

I’ve also written about widespread WordPress brute force attacks that targets wp-logon.php script. The solution I’ve offered there takes care of single WordPress site. It’s getting more difficult to mitigate the attack in case you have multiple servers with multiple WordPress sites. So I decided to come up with more general approach.

Read more »

Share Button

Sysadmin: correcting file permissions recursively from the shell

In a way of troubleshooting web application there is the step when all known reasons why it doesn’t work exhausted so they just change permissions on everything to 0777 and hope that this drastic step would fix the problem. Most likely it does not but leaves the permissions broken and and the whole site wide open.
Usually nobody cares until first break-in, then everybody start looking for the responsible parties, and host is first and most likely last to blame.
In order to avoid this problem permissions (and possibly ownership) of the web content should be corrected.
Read more »

Share Button

Sysadmin : remove all virtualmin domains in one shot

virtualminIf you need to clean up the hosting server and clean install is not an option and you know that all domains on servers were created with virtualmin you can remove all virtualmin domains in one shot using command line API:
virtualmin list-domains --name-only | xargs -n1  virtualmin delete-domain --domain
Wait a while and you are done. There are tons of useful options for command line virtualmin that you might want to explore if you are using virtualmin for your hosting domain management.

Share Button

Mysql weekly/monthly backup: reliability in simplicity

mysqlI’ve been asked many times to put together mysql database backup with weekly/monthly rotation.
I’m pretty sure there are plenty of such scripts out there on the web.
I am going to add mine so that somebody can compare and choose.
Read more »

Share Button

Sysadmin shell oneliner: update serial in all DNS zones

Sometimes you just need to force updates on slave DNS servers. The easiest way to do it is to increase zone serials on master server. what if there are hundreds of zone files? Here is one way to do it
Read more »

Share Button