Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: Use of undefined constant PREG_PATTERN_VALID_LANGUAGE - assumed 'PREG_PATTERN_VALID_LANGUAGE' (this will throw an Error in a future version of PHP) in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
Warning: preg_replace(): Delimiter must not be alphanumeric or backslash in
/var/www/kucjica/emperors-wiki/inc/parser/xhtml.php on line
633
server maintenance
logging activity
apache error log
tail /var/log/apache2/error.log
mysql error log
tail /var/log/mysql/error.log
user authentications, including possible attacks
tail /var/log/auth.log
look up where an IP address is coming from
geoiplookup THE.IP.ADD.RE.SS
IP filtering
check existing iptables filters
iptables -L
use iptables to filter IP addresses
iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP
mysql
remove comments from a wordpress site
mysql>USE database;
mysql>DELETE FROM wp_comments WHERE comment_approved = '0';
mysql running out of memory in minutes
http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/
https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server
added the following lines
#trying to fix mysql memory leak, which is possibly linked to an attack ?
<files xmlrpc.php>
order allow,deny
deny from all
</files>
to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to block possible xmlrpc attack.
In /etc/apache2/access.log grep for this
POST /xmlrpc.php HTTP/1.1
installed lynx and added the following lines:
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from localhost
</Location>
to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many xmlrpc requests in seconds.
run
lynx http://localhost/server-status
to see statistics
Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania
consider also this:
http://www.blogtips.org/block-wordpress-brute-force-attacks-via-xmlrpc-php/
also, dataclub.biz domain appears in other brute-force attacks