Main menu:


December 2017
M T W T F S S
« Oct    
 123
45678910
11121314151617
18192021222324
25262728293031

Archives

WordPress websites under attack…again

Last year, it was the wp-login.php brute force attack where bots kept trying to log on to websites by guessing the user name and password.
A basic step in protecting a WordPress website is not to have a user called ‘admin’.
For the last two weeks, there has been a wave of new attacks.
The new brute force attack tries to exploit XMLRPC in WordPress.
I was seeing thousands of requests to /xmlrpc.php per minute today.
I immediately went to cloudflare control panel and changed the Basic protection level to “I am under attack”. This gave me some breathing space while I figured out how to deal with this.
My first guess was to simply deny http access to that file.

<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

However, this isn’t very effective as it will generate a mass amount of 404 pages which WordPress still has to process. It is no better than deleting the file itself.
As a final resort, I used a htaccess rule to redirect access away from the file.
The advantage of this is no high CPU or memory usage.
I added the following code to my .htaccess file

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

This is not an optimal permanent solution but it will have to do for now unless someone has a better suggestion 🙂 . The attack itself lasted over 8 hours.

Update: The vulnerability that caused this denial of service has been fixed in WordPress 3.9.2 and the above workaround should no longer be needed.

System Administrator Appreciation Day

It’s on the 25th of July this year which is today and there is even a website for it.
A day to appreciate the people who keep our websites, databases, applications and internet connections running.

But…umm…this doesn’t look quite right.
SysAdminDay.com

Scheduling virus scans on Arch Linux

Virus threats under Linux are mostly negligible. But I might still want to keep my system free from virus infected downloads and such. There is no need for on-access scanning and a weekly disk scan should do.
Under Arch Linux, I have clamav installed with freshclam service enabled so it auto updates the virus signatures.
Let us say I want to scan my /home partition once a week.

I will create a unit file /etc/systemd/system/clamscan.service

[Unit]
Description=Home Directory Virus Scan

[Service]
Type=oneshot
ExecStart=/usr/bin/clamscan --log=/var/log/clamav/clamd.log --remove=yes --recursive /home/ --infected
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

and a timer file /etc/systemd/system/clamscan.timer

[Unit]
Description=Home Directory Virus Scan

[Timer]
OnCalendar=weekly
AccuracySec=12h
Persistent=true

[Install]
WantedBy=multi-user.target

Finally I can type:

systemctl enable clamscan.timer
systemctl start clamscan.timer

Running systemctl list-timers shows the active systemd timers.
And that’s it. Now clamav will scan the /home partition once a week, delete infected files and log its activity to clamd.log 🙂 .

Berlin, the first city with its own TLD

The top-level domain .BERLIN publicly was made available for domain registration earlier this week. This makes Berlin the first city in the world to have its own top-level domain. Until now, most German businesses and organizations used Germany’s .DE TLD but it is now possible for local companies and Berlin residents to register an internet addresses under .BERLIN instead. This makes it easier for people to tell where a business is located.
If it doesn’t exist already, I would like to see a .BEIRUT as it may encourage more local businesses to make an online presence outside social media.

Banks to pay for extended Windows XP support

In today’s news, the internet is outraged at big banks such as HSBC for claiming they can pay Microsoft a lot of money to extend support for the embedded edition of windows XP which powers their ATMs. Current extended support is scheduled to end this April.

By “the internet”, I mean people who read a lot of useless articles on the internet and comment on them…you know…like myself!