Main menu:

November 2018
« Mar    


Website is now fully HTTPS!

Big thanks to cloudflare for this. They are slowly switching all plans, including the free plan, to https by giving away free SSL certificates. I am now on Full SSL. That means connections between my website and visitors, and between cloudflare and my webhost are fully encrypted.
This is wonderful news because it means over two million websites will now be more secure.
All links on my website should now redirect from http:// to https:// 🙂 .

WordPress websites under attack…again

Last year, it was the wp-login.php brute force attack where bots kept trying to log on to websites by guessing the user name and password.
A basic step in protecting a WordPress website is not to have a user called ‘admin’.
For the last two weeks, there has been a wave of new attacks.
The new brute force attack tries to exploit XMLRPC in WordPress.
I was seeing thousands of requests to /xmlrpc.php per minute today.
I immediately went to cloudflare control panel and changed the Basic protection level to “I am under attack”. This gave me some breathing space while I figured out how to deal with this.
My first guess was to simply deny http access to that file.

<Files "xmlrpc.php">
Order Allow,Deny
deny from all

However, this isn’t very effective as it will generate a mass amount of 404 pages which WordPress still has to process. It is no better than deleting the file itself.
As a final resort, I used a htaccess rule to redirect access away from the file.
The advantage of this is no high CPU or memory usage.
I added the following code to my .htaccess file

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

This is not an optimal permanent solution but it will have to do for now unless someone has a better suggestion 🙂 . The attack itself lasted over 8 hours.

Update: The vulnerability that caused this denial of service has been fixed in WordPress 3.9.2 and the above workaround should no longer be needed.

System Administrator Appreciation Day

It’s on the 25th of July this year which is today and there is even a website for it.
A day to appreciate the people who keep our websites, databases, applications and internet connections running.

But…umm…this doesn’t look quite right.

Scheduling virus scans on Arch Linux

Virus threats under Linux are mostly negligible. But I might still want to keep my system free from virus infected downloads and such. There is no need for on-access scanning and a weekly disk scan should do.
Under Arch Linux, I have clamav installed with freshclam service enabled so it auto updates the virus signatures.
Let us say I want to scan my /home partition once a week.

I will create a unit file /etc/systemd/system/clamscan.service

Description=Home Directory Virus Scan

ExecStart=/usr/bin/clamscan --log=/var/log/clamav/clamd.log --remove=yes --recursive /home/ --infected

and a timer file /etc/systemd/system/clamscan.timer

Description=Home Directory Virus Scan



Finally I can type:

systemctl enable clamscan.timer
systemctl start clamscan.timer

Running systemctl list-timers shows the active systemd timers.
And that’s it. Now clamav will scan the /home partition once a week, delete infected files and log its activity to clamd.log 🙂 .

Berlin, the first city with its own TLD

The top-level domain .BERLIN publicly was made available for domain registration earlier this week. This makes Berlin the first city in the world to have its own top-level domain. Until now, most German businesses and organizations used Germany’s .DE TLD but it is now possible for local companies and Berlin residents to register an internet addresses under .BERLIN instead. This makes it easier for people to tell where a business is located.
If it doesn’t exist already, I would like to see a .BEIRUT as it may encourage more local businesses to make an online presence outside social media.