Author: David Goodwin

Posted on

Fail2ban filter for WordPress

With the annoying brute force wordpress hack going round, one way to protect your site(s) would be to use fail2ban, with a configuration something like (which I’ve shamelessly lifted from http://blog.somsip.com/2011/12/protecting-apache-webservers-from-wordpress-admin-login-dictionary-attacks/ ).

The below seems to be working, and given it’s relative simplicity it’s obvious how you’d go about changing to protect other POST based scripts from brute force attacks.

As with all fail2ban rules, it’s not going to work if the attacker changes IP often (but from scanning the logs so far, it doesn’t seem to be the case that they are).

Obvious caveats :

  1. Users who can’t remember their password(s) will get blocked.
  2. It’s not going to protect you from a distributed attack (multiple IPs) very well
  3. You may want to perform other counter-measures (like putting Apache http authentication in for URLs matching /wp-login.php)

 

In /etc/fail2ban/jail.conf :

[apache-wp-login]
enabled = true
port = http,https
filter = apache-wp-login
logpath = /var/www/vhosts/*/statistics/logs/access_log
maxretry = 5
findtime = 120

And In /etc/fail2ban/filter.d/apache-wp-login.conf :

[Definition]
failregex = <HOST> - - .* "POST /wp-login.php HTTP/.*" 200

ignoreregex =

Where a “hacking” access.log entry looks a bit like :

107.21.107.144 - - [02/Feb/2014:12:50:01 +0000] "POST /wp-login.php HTTP/1.0" 200 4344 "-" "-"
Posted on

Script to fix NFS (Debian Squeeze + Backports bits)

I have a NFS server running Debian Squeeze. Additionally it’s using the 3.2.x kernel from backports, and the nfs-kernel-server from backports too.

Sometimes NFS breaks, and gives helpful messages like :

mount.nfs: connection timed out

or just:

Stale NFS handle on clients.

 

While I’m confident that my /etc/exports and other configuration files are correct, it still insists on misbehaving.

Below is a random shell script I seem to have created to fix the NFS server –

#!/bin/bash
set -e
/etc/init.d/nfs-kernel-server stop
/etc/init.d/nfs-common stop
/etc/init.d/rpcbind stop

rm -Rf /var/lib/nfs
mkdir /var/lib/nfs
mkdir /var/lib/nfs/v4recovery /var/lib/nfs/rpc_pipefs

for f in /var/lib/nfs/etab \
/var/lib/nfs/rmtab \
/var/lib/nfs/xtab; do
[ -e $f ] || touch $f
done

/etc/init.d/rpcbind start
sleep 2
/etc/init.d/nfs-common start
sleep 2
/etc/init.d/nfs-kernel-server start

echo "NFS may now work"

exportfs -f

Yes… “NFS may now work” … that sums it up about right.

Posted on

Spam and Comic Sans.

Today, I received a spammy email from an unknown golf club. There was no obvious unsubscribe link or instructions, so I blindly replied with :

Hi,
Please remove 'xxxxxx' from your mailing list; we've no interest in golf…
Thanks,
David

 

They replied with :

REMOVED OK

But it was actually :

<FONT color=#0000ff size=4 face=”Comic Sans MS”>REMOVED OK</FONT>

i.e.

comic sans thank you
So I had to reply with :

<div style=”text-align: center;”><u style=”font-size: 144px; color: rgb(245, 236, 0); font-family: ‘Comic Sans MS’; “><b>Thank you!1!!</b></u></div>

Horrible yellow comic sans thing

 

I fear the intricacies of my reply were lost on them.

 

Posted on

A few months with a Nexus 4

So, I’ve had a Nexus 4 for a while now … here’s some findings :

  1. The phone is symmetrical (or very close to it) – so I often pick it up the wrong way around – at least with an iPhone there was a button at the bottom which acts as an easy to feel guide so you can pick it up correctly in the dark. Adding a case to it helped.
  2. You need a bumper/case for it… mine cost £3 on Amazon or something … without one it’s too slippery/slides off everything.
  3. The battery life is both good and bad – while not in use, it lasts ages; but it has a big screen – so playing games or watching Netflix on it, will really kill the battery. I’m using Battery Widget Reborn – which does a great job at turning wifi/sound/gps etc all off overnight which helps a bit.
  4. I came to use the Nexus 4 from using an iPhone – my main like is widgets – having something that updates in real time on your desktop (why did the iOS weather app never display today’s symbol?) is great.
  5. I miss having a count of notification numbers next to the launch icons.
  6. I kind of miss iMessage – in so far, as I wish Google had something similar. At the moment there is gtalk, google plus chat (or something) …. which don’t seem to be totally integrated … and I have to supplement this with WhatsApp which not all that many people use (here’s hoping for Google Babble)
  7. I wish the Bluetooth integration was better – not being able to see track names etc on the £30 Sony MW600 thing I bought kind of sucks. I’m fairly sure that if my car was good enough to have a bluetooth capable radio, then I wouldn’t see any track names from it either :-/
  8. I like Navigation – I’ve used this a number of times and it does a good job. If only I could make it’s voice louder though. Perhaps this is why I need a car radio with blue teeth.
  9. I’ve not noticed that I’m missing any apps from iOS which aren’t available on Android – but I suspect I only regularly use ~10 (k9 mail, world war, twitter, whatsapp, bbc news, facebook, gallery, nagios, kashdroid, ZombieRun!).
  10. The screen is a little too big to use it with only one hand.
Posted on

Virtualbox 4.2 VM autostart on Debian Squeeze & Wheezy

One new feature of VirtualBox 4.2 is that it has support for auto-starting vm’s on bootup of the host server (via init etc). This means I can remove my hackish ‘su – vbox -c “VBoxHeadless –startvm VMName &”‘ additions in /etc/rc.local, and the VM’s will also hopefully be terminated gracefully on shutdown.

The docs/guides online which I could find were a bit cryptic, or incomplete, so here’s what I ended up doing :

Continue reading “Virtualbox 4.2 VM autostart on Debian Squeeze & Wheezy”