User Tools
server_maintenance
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
server_maintenance [2015/06/29 20:48] zoza |
server_maintenance [2016/06/02 12:45] zoza [mysql] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== server maintenance ====== | ====== server maintenance ====== | ||
| - | * logging activity | + | ===== logging activity ===== |
| apache error log | apache error log | ||
| Line 15: | Line 15: | ||
| <code>geoiplookup THE.IP.ADD.RE.SS</code> | <code>geoiplookup THE.IP.ADD.RE.SS</code> | ||
| - | * IP filtering | + | ===== IP filtering ===== |
| check existing iptables filters | check existing iptables filters | ||
| Line 22: | Line 23: | ||
| <code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code> | <code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code> | ||
| - | * mysql | + | ===== mysql ===== |
| remove comments from a wordpress site | remove comments from a wordpress site | ||
| Line 28: | Line 29: | ||
| mysql>DELETE FROM wp_comments WHERE comment_approved = '0'; | mysql>DELETE FROM wp_comments WHERE comment_approved = '0'; | ||
| </code> | </code> | ||
| + | |||
| + | mysql running out of memory in minutes | ||
| + | http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/ | ||
| + | https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server | ||
| + | |||
| + | added the following lines | ||
| + | <code> | ||
| + | #trying to fix mysql memory leak, which is possibly linked to an attack ? | ||
| + | <files xmlrpc.php> | ||
| + | order allow,deny | ||
| + | deny from all | ||
| + | </files> | ||
| + | </code> | ||
| + | to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to block possible **xmlrpc** attack. | ||
| + | In /etc/apache2/access.log grep for this | ||
| + | <code> | ||
| + | POST /xmlrpc.php HTTP/1.1 | ||
| + | </code> | ||
| + | installed **lynx** and added the following lines: | ||
| + | <code> | ||
| + | <Location /server-status> | ||
| + | SetHandler server-status | ||
| + | Order Deny,Allow | ||
| + | Deny from all | ||
| + | Allow from localhost | ||
| + | </Location> | ||
| + | </code> | ||
| + | to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many **xmlrpc** requests in seconds. | ||
| + | Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania | ||
| + | |||
| + | consider also this: | ||
| + | http://www.blogtips.org/block-wordpress-brute-force-attacks-via-xmlrpc-php/ | ||
| + | |||
| + | also, dataclub.biz domain appears in other brute-force attacks | ||
server_maintenance.txt · Last modified: 2016/06/19 12:13 by zoza
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
