Tag Archives: Wordpress

WordPress 3.4.1 and AJAX problems

Overnight another team member updated the main blogs to the newest version of WP, and subsequently some plugins we use failed to work correctly. The plugins display a list of items which are retrieved via an API call to our …

Read more »

Preventing Site Cloning and DoS with Fail2Ban

This one came up as a result of the DoS attack last week when a site I administer was hit repeatedly for page downloads at the rate of 2 or 3 a second for a couple of hours. The same …

Read more »

DoS on Amazon EC2 instances running WordPress

I was got out of bed with an emergency call from a client at the weekend because his blog was down. This is the one that is getting a lot of traffic, but CPU was spiking up to 100% quite …

Read more »

Using Fail2Ban to protect WordPress

I posted some previous ideas on this that were okay, but they turned out to be less-than-ideal solutions. They work, but one of the blogs I watch over is a bit busy, and having Fail2Ban watching the Apache access.log was …

Read more »

Protecting WordPress from script fishing attacks with Fail2Ban (more…)

A better, but slightly more complex, solution has been posted here A previous post here suggested using a blanket ban on all 404s recorded in the access.log, but this isn’t working quite as well as expected. Mainly due to the …

Read more »

Protecting WordPress from script fishing attacks with Fail2Ban

A better, but slightly more complex, solution has been posted here Because WordPress redirects all incoming requests and serves dedicated 404 pages, nothing ends up in the Apache error.log. and so, The standard Fail2Ban filter apache-noscript.conf won’t work. So here’s …

Read more »

Fail2Ban Error – Iptables returned 200

This relates to seeing things like this in /var/log/fail2ban.log when restarting the fail2ban service: 2011-12-21 23:06:03,471 fail2ban.actions.action: ERROR iptables -D INPUT -p tcp -m multiport –dports http,https -j fail2ban-apache-wordpress-login iptables -F fail2ban-apache-wordpress-login iptables -X fail2ban-apache-wordpress-login returned 200 The very simple …

Read more »

Protecting Apache webservers from WordPress admin login dictionary attacks with fail2ban

A better solution has been posted here but I’ll leave this post up too. A very popular webserver I administer has been getting more attention from the script kiddies, and the Apache access log has been filling up with repeated …

Read more »

WordPress upload/upgrade permissions with group ownership

I have to maintain a few WP blogs for clients. It’s not a package I overly enjoy working with. Sure, it does the job pretty well and is hugely popular, But there is something about it that I just find …

Read more »