Monthly Archives: March 2014

How to use BFD tool to block WordPress brute force attacks

I have written about the excellent and lightweight (unlike fail2ban which is more popular but too resource consuming and 3rd party tools dependent) tool BFD earlier. This tool is actually the set of bash scripts that looks for known pattern in the logs and executes actions against offending IPs based on the configuration. Little is known that it’s also modular and allows to extend it’s behavior by writing custom rules to assist with more uncommon situations.

I’ve also written about widespread WordPress brute force attacks that targets wp-logon.php script. The solution I’ve offered there takes care of single WordPress site. It’s getting more difficult to mitigate the attack in case you have multiple servers with multiple WordPress sites. So I decided to come up with more general approach.

Read more »

Sysadmin: How to delete specific messages from postfix queue

postfix
In case your server mailqueue is full of messages you want to delete, most of google found instructions are not correct – there is no mailq for postfix anymore.
Read more »