Skip to main content

Posts

Showing posts from 2016

LAMP : Apache Web Server Security Hardening

Firewall - UFW A good place to start is to install a Firewall.
UFW - Uncomplicated Firewall is a basic firewall that works very well and easy to configure with its Firewall configuration tool - gufw, or use  Shorewall, fwbuilder, or Firestarter.
Use Firestarter GUI to configure your firewall or refer to the Ubuntu Server Guide,  UFW manual pages or the Ubuntu UFW community documentation.

Install UFW and enable, open a terminal window and enter :

:~$ sudo apt-get install ufw

Allow SSH and Http services.
:~$ sudo ufw allow ssh
:~$ sudo ufw allow http
:~$ sudo ufw allow https/tcp

Enable the firewall.
:~$ sudo ufw enable

Check the status of the firewall.
:~$ sudo ufw status verbose


SSH Hardening - key based login, disable root login and change port.
The best way to secure SSH is to use public/private key based login. See SSH/OpenSSH/Keys
If you have to use password authentication, the easiest way to secure SSH is to disable root login and change the SSH port to something different than the sta…

Protect your apache server from WordPress Pingback DDoS attacks

A security researcher at SANS Technology Institute put out an advisory around 8 months ago when he discovered that WordPress’s “pingback” functionality contains an exploit allowing it to request a result from any server that an attacker wishes. This vulnerability means that there are thousands of WordPress installations that can be effectively weaponized to conduct floods against any target site of someone’s desire. This particular attack is dangerous because many servers can be overwhelmed with only 200 blogs “pingbacking” their site, clogging up their limited connections and/or resources.




To confirm if you are under wordpress pingback ddos attack, check your access logs.

$ sudo tail -f /var/log/apache2/access.log

Logs will look like this:

74.86.132.186 - - [09/Mar/2014:11:05:27 -0400] "GET /?4137049=6431829 HTTP/1.0" 403 0 "-" "WordPress/3.8; http://www.mtbgearreview.com"

143.95.250.71 - - [09/Mar/2014:11:05:27 -0400] "GET /?4758117=5073922 HTTP/1.0&quo…

Cakeswatch is adaptation of Bootswatch for CakePHP 3.x themes

Cakeswatch Cakeswatch is adaptation of Bootswatch for CakePHP 3.x themes. Get it here : https://github.com/sherwinrobles/Cakeswatch

Installation using gitcd my_app_name git clone git://github.com/sherwinrobles/Cakeswatch plugins/Cakeswatch Manual installation Download and extract file inside my_app_name/plugins/ Load plugin and use the theme In your config/bootstrap.php in the bottom of the file add Plugin::load('Cakeswatch'); In your src/Controller/AppControler.php add public function initialize() { $this->viewBuilder()->theme('Cakeswatch'); } To use the different bootswatch themes. In your plugins/Cakeswatch/src/Template/Layout/default.ctp change the css name of bootswatch theme you want to use. echo $this->Html->css('flatly.css'); When running bake use the --theme option to specify the bake-theme you want to use.