Main menu:


February 2017
M T W T F S S
« Oct    
 12345
6789101112
13141516171819
20212223242526
2728  

Archives

Family Guy and The Simpsons crossover

I finally got around to watching the first five episodes of the 13th season of Family Guy. The first episode was a double length special feature where the Griffins ended up in Springfield while looking for their stolen car.

The episode was generally very funny but I could tell they went out of their way to show every cliche Simpsons joke such as “eat my shorts”. The fight scene between Peter and Homer was epic!

There was even a scene during that fight were we saw Homer as a Family guy character and Peter as a Simpsons character 🙂 .

Peter Griffin and Homer Simpson

Website is now fully HTTPS!

Big thanks to cloudflare for this. They are slowly switching all plans, including the free plan, to https by giving away free SSL certificates. I am now on Full SSL. That means connections between my website and visitors, and between cloudflare and my webhost are fully encrypted.
This is wonderful news because it means over two million websites will now be more secure.
All links on my website should now redirect from http:// to https:// 🙂 .

WordPress websites under attack…again

Last year, it was the wp-login.php brute force attack where bots kept trying to log on to websites by guessing the user name and password.
A basic step in protecting a WordPress website is not to have a user called ‘admin’.
For the last two weeks, there has been a wave of new attacks.
The new brute force attack tries to exploit XMLRPC in WordPress.
I was seeing thousands of requests to /xmlrpc.php per minute today.
I immediately went to cloudflare control panel and changed the Basic protection level to “I am under attack”. This gave me some breathing space while I figured out how to deal with this.
My first guess was to simply deny http access to that file.

<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>

However, this isn’t very effective as it will generate a mass amount of 404 pages which WordPress still has to process. It is no better than deleting the file itself.
As a final resort, I used a htaccess rule to redirect access away from the file.
The advantage of this is no high CPU or memory usage.
I added the following code to my .htaccess file

RewriteRule ^xmlrpc\.php$ "http\:\/\/0\.0\.0\.0\/" [R=301,L]

This is not an optimal permanent solution but it will have to do for now unless someone has a better suggestion 🙂 . The attack itself lasted over 8 hours.

Update: The vulnerability that caused this denial of service has been fixed in WordPress 3.9.2 and the above workaround should no longer be needed.

System Administrator Appreciation Day

It’s on the 25th of July this year which is today and there is even a website for it.
A day to appreciate the people who keep our websites, databases, applications and internet connections running.

But…umm…this doesn’t look quite right.
SysAdminDay.com

Scheduling virus scans on Arch Linux

Virus threats under Linux are mostly negligible. But I might still want to keep my system free from virus infected downloads and such. There is no need for on-access scanning and a weekly disk scan should do.
Under Arch Linux, I have clamav installed with freshclam service enabled so it auto updates the virus signatures.
Let us say I want to scan my /home partition once a week.

I will create a unit file /etc/systemd/system/clamscan.service

[Unit]
Description=Home Directory Virus Scan

[Service]
Type=oneshot
ExecStart=/usr/bin/clamscan --log=/var/log/clamav/clamd.log --remove=yes --recursive /home/ --infected
Nice=19
IOSchedulingClass=best-effort
IOSchedulingPriority=7

and a timer file /etc/systemd/system/clamscan.timer

[Unit]
Description=Home Directory Virus Scan

[Timer]
OnCalendar=weekly
AccuracySec=12h
Persistent=true

[Install]
WantedBy=multi-user.target

Finally I can type:

systemctl enable clamscan.timer
systemctl start clamscan.timer

Running systemctl list-timers shows the active systemd timers.
And that’s it. Now clamav will scan the /home partition once a week, delete infected files and log its activity to clamd.log 🙂 .