User Tools

Site Tools


server maintenance

logging activity

apache error log

tail /var/log/apache2/error.log

mysql error log

tail /var/log/mysql/error.log

user authentications, including possible attacks

tail /var/log/auth.log

look up where an IP address is coming from

geoiplookup THE.IP.ADD.RE.SS

IP filtering

check existing iptables filters

iptables -L

use iptables to filter IP addresses

iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP


remove comments from a wordpress site

mysql>USE database;
mysql>DELETE FROM wp_comments WHERE comment_approved = '0';

mysql running out of memory in minutes

added the following lines

  #trying to fix mysql memory leak, which is possibly linked to an attack ?
   <files xmlrpc.php>
          order allow,deny
          deny from all

to all /etc/apache2/sites-available/ configuration files which host a WordPress, to block possible xmlrpc attack. In /etc/apache2/access.log grep for this

POST /xmlrpc.php HTTP/1.1

installed lynx and added the following lines:

<Location /server-status>
  SetHandler server-status
  Order Deny,Allow
  Deny from all
  Allow from localhost

to all /etc/apache2/sites-available/ configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many xmlrpc requests in seconds.


lynx http://localhost/server-status

to see statistics

Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania

consider also this:

also, domain appears in other brute-force attacks

server_maintenance.txt · Last modified: 2016/06/19 12:13 by zoza