This one came up as a result of the DoS attack last week when a site I administer was hit repeatedly for page downloads at the rate of 2 or 3 a second for a couple of hours. The same …
Tag Archives: security
Preventing Site Cloning and DoS with Fail2Ban
DoS on Amazon EC2 instances running WordPress
I was got out of bed with an emergency call from a client at the weekend because his blog was down. This is the one that is getting a lot of traffic, but CPU was spiking up to 100% quite …
Fail2Ban behind an Amazon Load Balancer
When using F2B on servers that sit behind Amazon ELBs (and probably load balancers of other types), the client IP in the error log is usually that of the load balancer. Banning the load balancer from access is probably not …
Using Fail2Ban to protect WordPress
I posted some previous ideas on this that were okay, but they turned out to be less-than-ideal solutions. They work, but one of the blogs I watch over is a bit busy, and having Fail2Ban watching the Apache access.log was …
Protecting WordPress from script fishing attacks with Fail2Ban (more…)
A better, but slightly more complex, solution has been posted here A previous post here suggested using a blanket ban on all 404s recorded in the access.log, but this isn’t working quite as well as expected. Mainly due to the …
Protecting WordPress from script fishing attacks with Fail2Ban
A better, but slightly more complex, solution has been posted here Because WordPress redirects all incoming requests and serves dedicated 404 pages, nothing ends up in the Apache error.log. and so, The standard Fail2Ban filter apache-noscript.conf won’t work. So here’s …
Fail2Ban with sendEmail Python MTA and SMTP
The servers I administer are on Amazon cloud, and there are often problems with outgoing emails and sendmail, so for a quick fix to add outgoing email support to scripts, I’m okay with using sendEmail, a small Python SMTP email …
Fail2Ban Error – Iptables returned 200
This relates to seeing things like this in /var/log/fail2ban.log when restarting the fail2ban service: 2011-12-21 23:06:03,471 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport –dports http,https -j fail2ban-apache-wordpress-login iptables -F fail2ban-apache-wordpress-login iptables -X fail2ban-apache-wordpress-login returned 200 The very simple …
Protecting Apache webservers from WordPress admin login dictionary attacks with fail2ban
A better solution has been posted here but I’ll leave this post up too. A very popular webserver I administer has been getting more attention from the script kiddies, and the Apache access log has been filling up with repeated …
Recent Comments