fbpx
 

Archive

Install DDoS Deflate

DDoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections.

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

How To Install DDoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh
./install.sh

How To UnInstall (D)DoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos
./uninstall.ddos

How To Edit Configuration File:-

vi /usr/local/ddos/ddos.conf

How To Check The Number Of Connected Ips:-

sh /usr/local/ddos/ddos.sh

How To Restart DDos Deflate:-

sh /usr/local/ddos/ddos.sh -c

Prevent Brute Force Attacks On WordPress Web

How is a Brute Force Attack Launched Against a WordPress Site?

Launching a brute force attack on a site is relatively easier than any other kinds of attack. To launch a brute force attack on a site that logs into a user account, you just need to send the login form POST requests with the guessed username and password.

In case of WordPress, the POST request with the guessed username and password is made to wp-login.php file again and again.

Let’s see some of the ways to prevent brute force attacks.

Verifying You Are Human

Most of the time, brute force attacks are made using bots. We can simply verify if a form has been submitted by a human or not. If it’s submitted by a bot then we simply don’t process it.

Agbonghama Collins has written an article here at SitePoint on how to integrate Google’s No CAPTCHA reCAPTCHA in WordPress login form. No CAPTCHA reCAPTCHA is a simple and user friendly way of asking the site visitor to verify if they are human or not when submitting a form.

Here are the following problems using this method:

  1. WordPress processes the request anyway, therefore if the brute force attack is made on large scale by bots then resources are still consumed that can kill the site.
  2. This method prevents access to bots but not humans.

Password Protecting wp-login.php

You can protect access to your wp-login.php file using HTTP Basic Authentication. This simply adds a extra security layer. Although a brute force attack can be launched against HTTP basic authentication but it’s difficult and time intensive to crack down both layers.

To password protect access to the wp-login.php file in Apache, follow the below steps:

  1. Generate a .htpasswd file using htpasswd generator.
  2. Place this file in the same location as your .htaccess file.
  3. Assuming your .htpasswd file includes the username narayanprusty, place the code below in your .htaccess file
## Stop Apache from serving .htpasswd files
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>

<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user narayanprusty
</Files>

Here are the following problems using this method:

  1. If your WordPress site has multiple authors then you may not want to share the username and password of basic authentication.
  2. It’s possible that a bot or human can successfully guess both passwords.
  3. Although WordPress is not loaded during basic authentication, a web server initiates a process to verify the credentials therefore consuming memory and CPU which can kill a site if requests are made in large scale.

Brute Force Login Protection Plugin

Brute Force Login Protection is a WordPress plugin which protects brute force login attempts by taking several factors into account.

This is how the plugin works:

  1. Limits the number of allowed login attempts for an IP Address.
  2. It allows you to manually block an IP address from logging into WordPress
  3. It delays execution after a failed login attempt to slow down the brute force attack. This can prevent the site being killed.
  4. It also informs the users about the number of login attempts remaining before getting blocked.

This is how the settings page of the plugin looks:

Brute Force Login Protection Plugin

Here are the following problems using this plugin:

  1. It will not be able to deal well with a distributed brute force attack because this plugin completely relays on IP address. A distributed brute force attack is one made from many different computers i.e. different IP addresses.
  2. It delays script execution for an IP address if a login has failed previously. While this saves computational time, memory is still used as the process is created in memory.

BruteProtect

BruteProtect is a cloud-powered Brute Force attack prevention plugin and aims to provide the best protection against botnet attacks.

Every WordPress site which has BruteProtect installed will become a part of BruteProtect network. When an IP address is blocked due to malicious activity (such as a some number of failed login attempts) it’s shared among all the sites so that they all can block it before it begins to harm any sites.

You can think of BruteProtect as an advanced version of the above Brute Force Login Protection plugin as it has a bigger list of bad bots therefore probably doing well in the case of a distributed brute force attack.

One feature that the BruteProtect plugin doesn’t have that the Brute Force Login Protection plugin does is a slow down script execution for failed login attempts. However, it doesn’t matter that much, as it takes up memory for the extra time.

The problem using this plugin is that WordPress is loaded on every request for the IP address verification to be done. Therefore, if a brute force attack is done on a large enough scale then the site can still become overwhelmed and fall over.

CloudFlare

CloudFlare protects and accelerates any website online. Once your website is a part of CloudFlare, its web traffic is routed through their intelligent global network. They automatically optimize the delivery of your web pages so your visitors get the fastest page load times and best performance.

What’s important is it can prevent brute force attacks. Its has free and premium plans. Free plan is enough to get a decent amount of brute force protection. All the methods we’ve seen above were making our web server do the work to prevent brute force attack, which as we’ve mentioned, can still consumes memory and CPU. But CloudFlare on the other hand, can prevent malicious requests, before they even hit your server.

This image below shows how CloudFlare stops malicious requests:

CloudFlare Illustration reflection attack

Here are the following problems using this service:
1. You need to make DNS changes to integrate CloudFlare with your site. This can be difficult if you’re not overly technical.
2. It fails to stop brute force attacks made by humans. It’s good at identifying malicious bots, but not malicious humans.

Conclusion

You must be wondering which is the best solution? It really depends on which one you think is the best for your needs. For me personally, I use both CloudFlare and BruteProtect to stops brute force attacks on my site.

SSH without password between two servers

This howto describes setting up SSH without password between two servers so that the two servers share the same SSH keys and can log into each other. This makes life convenient when using two servers together as a team for various scenarios including:

  • High Availability takeover
  • Active-Active clustering
  • Cross-server tasking
  • Monitoring

This guide can also be used to establish one-way trust.

Continue reading “SSH without password between two servers”

Tutorial: MySQL master slave replication CentOS 6

In this tutorial we will learn about how to setup MySQL Master Slave replication in CentOS 6.4.In Master-Slave replication one database server (Master) can replicate the databases to one or more MySQL database Server(slave).
The Slave server is not required to be connected always with Master Server, once slave server is up and when you start the slave thread(START SLAVE command) it will again take all the replicated updates automatically.

Continue reading “Tutorial: MySQL master slave replication CentOS 6”

How to disable IPTables on CentOS

A Linux firewall is software based firewall that provides protection between your server (workstation) and damaging content on the Internet or network. It will try to guard your computer against both malicious users and software such as viruses/worms.

Task: Disable / Turn off Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following two commands (you must login as the root user):
# /etc/init.d/iptables save
# /etc/init.d/iptables stop

Turn off firewall on boot:
# chkconfig iptables off

Task: Enable / Turn on Linux Firewall (Red hat/CentOS/Fedora Core)

Type the following command to turn on iptables firewall:
# /etc/init.d/iptables start
Turn on firewall on boot:
# chkconfig iptables on

Check out related media

See firewall start and stop video tutorial:

A note about other Linux distribution

If you are using other Linux distribution such as Debian / Ubuntu / Suse / Slakcware Linux etc., try the following generic procedure. First, save the current firewall rules, type:
# iptables-save > /root/firewall.rules
OR
$ sudo iptables-save > /root/firewall.rules
Next, type the following commands (login as the root) as bash prompt:

 
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

Or create a shell script as follows and run it to disable the firewall:

 
#!/bin/bash
# reset.fw - Reset firewall
# set x to 0 - No reset
# set x to 1 - Reset firewall
# ---------------------------------------------------------------------------------------------------------------
# Added support for IPV6 Firewall
# ---------------------------------------------------------------------------------------------------------------
# Written by Vivek Gite <vivek@nixcraft.com>
# ---------------------------------------------------------------------------------------------------------------
# You can copy / paste / redistribute this script under GPL version 2.0 or above
# =============================================================
x=1
 
# set to true if it is CentOS / RHEL / Fedora box
RHEL=false
 
### no need to edit below  ###
IPT=/sbin/iptables
IPT6=/sbin/ip6tables
 
if [ "$x" == "1" ];
then
	if [ "$RHEL" == "true" ];
	then
	      # reset firewall using redhat script
		/etc/init.d/iptables stop
		/etc/init.d/ip6tables stop
	else
		# for all other Linux distro use following rules to reset firewall
		### reset ipv4 iptales ###
		$IPT -F
		$IPT -X
		$IPT -Z
		for table in $(</proc/net/ip_tables_names)
		do
			$IPT -t $table -F
			$IPT -t $table -X
			$IPT -t $table -Z
		done
		$IPT -P INPUT ACCEPT
		$IPT -P OUTPUT ACCEPT
		$IPT -P FORWARD ACCEPT
		### reset ipv6 iptales ###
		$IPT6 -F
		$IPT6 -X
		$IPT6 -Z
		for table in $(</proc/net/ip6_tables_names)
		do
			$IPT6 -t $table -F
			$IPT6 -t $table -X
			$IPT6 -t $table -Z
		done
		$IPT6 -P INPUT ACCEPT
		$IPT6 -P OUTPUT ACCEPT
		$IPT6 -P FORWARD ACCEPT
	fi
else
        :
fi

To restore or turn on firewall type the following command:
# iptables-restore < /root/firewall.rules

Rsync files between two servers

This is a follow up post to Copy/Transfer Files Between Two Servers Using Linux SCP. Transferring via scp copies all the files which is what you want sometimes, but I find rsync to be a much better solution in most instances.

I’ll provide a handful of ways I tend to use rsync files but check out the full Linux man page for the a complete description of rsync and all the available options.


Synchronize from Local Server to Remote

rsync -avuz /var/www/example.com/ root@108.175.12.239:/var/www/example.com/

// only one file
rsync -avuz /var/www/example.com/index.html root@108.175.12.239:/var/www/example.com/
  • a = archive mode
  • v = increase verbose
  • u = skip files that are newer on the receiver
  • z = compress file data during the transfer
    Archive mode is the same as options -rlptgoD

  • r = recurse into directories
  • l = copy symlinks as symlinks
  • p = preserve permissions
  • t = preserve modification times
  • g = preserve group
  • o = preserve owner (super-user only)
  • D = preserve device & special files

Synchronize from Local Directory to Another Local Directory

rsync -avuz /var/www/example.com/ /user/websites/

View the progress of the Sync

A percentage of each file’s status will be displayed which is useful if you’re transferring large files. Not so useful for tons of small files.

rsync -avuz --progress /var/www/example.com/ root@108.175.12.239:/var/www/example.com/

Run Sync in the Background

If you’re running a large sync with either lots of files or large files, you probably want to run it in the background. Nothings more frustrating than starting a large sync and then find out later your connection with the server dropped. Below will keep the job running even if you’re connection gets dropped – actually you can exit the SSH session if you want. The job will continue to run.

  • Start rsync command
  • Press Ctrl+Z
  • Enter bg command to place job to the background
  • You can then view the job (or any other jobs) running in the background, by entering jobs command.

These are just a few ways to use rsync, but there are tons of other ways. If you’re interested in leaning about some more checkout How to Backup Linux? 15 rsync Command Examples.