Archive | Linux

Linux Ninja Tux

ModSecurity protection for WordPress WP-Login

OK, I know this is somewhat late to come to the party, but I recently had to implement some rules to protect servers against wordpress wp-login brute force attacks. Although the attacks were somewhat distributed, many clients were sending hundreds of login requests for wp-login.php. Most of the solutions I have seen overlook the fact […]

Linux Ninja Tux

Run wget from crontab and only receive errors

If you have tried to run wget from a cron job, perhaps to run your WordPress wp-cron.php, then you will have noticed that whether there is an error or not, then you will still receive a notification at the MAILTO= address configured in your crontab. This is because wget  annoyingly throws all of its normal output […]

Linux Ninja Tux

Linux : Modsecurity concurrent log analysis

It’s been a crazy few months with work and family, but following on from the modgrep modsecurity serial log analysis article a few months ago,we’re back with another instalment for modsecurity users who use the concurrent logging format. Anyone who uses modsecurity will know that concurrent logging creates a lot of files and directories. Essentially, […]

Linux Ninja Tux

Linux one-liner to detect Symlink Attack on web server

The symlink attack is an old favourite and still very much prevalent. This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users. The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases […]

images

Install Drush on cPanel shared hosting

Drush is a command line shell and scripting interface for the popular Drupal CMS. To install Drush on almost all shared linux hosting platforms requires just a few steps at the command prompt. For the purposes of this guide, I’ll assume you already know how to connect to your hosting server using SSH to get […]

Linux Ninja Tux

How to : strace php process via apache

This little adventure started today when a customer was complaining of having a slow website (8 seconds plus to serve the home page without any additional resources) for the past 10 days or so. No file modification or change dates matched this timeframe. Also, a scan using clam and another proprietary scanner showed up nothing, […]

Spam-Can

Exim spam hunting – essential one liners

Anyone who looks after an Exim MTA that relays outgoing SMTP at some point finds their installation has been abused by spammers. Given the poor security practices of many users, busy servers will see compromised mailboxes quite regularly. As a sysadmin you probably find out about it in one of two ways: During the attack, […]

Linux Ninja Tux

Kali – NMAP MaxMind GeoCity Lite Database Bug

Symptom : Looking up the location of IP addresses using Nmap fails when using the MaxMind GeoLocation script ip-geolocation-maxmind. Installing the Nmap MaxMind GeoCity Lite database in Kali (1.0.6)

OK, so now we try to use the database:

The result?

So, running with the -d debug option

We get

Checking […]

codeguardlogo

Safe Secure Website Backups with CodeGuard

The online backup business has quite simply exploded in the past couple of years. Well, it has as far as your personal computing environment is concerned. There are so many vendors offering cheap cloud storage for your PC it’s bewildering. But what about your website? How are you backing that up? Most CMS systems have […]

tuxninja

WHMCS : Passwords removal from welcome emails

WHMCS (Web Host Manager Complete Solution) is a popular customer management and provisioning system for cPanel/WHM – get yourself a dedicated server, install WHMCS and bingo, a hosting company is born (well, almost). It’s fair to say that WHMCS has a few security problems in recent times. This is due in part to WHMCS being […]