This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
server_maintenance [2016/06/02 11:46] zoza |
server_maintenance [2016/06/19 12:13] (current) zoza [mysql] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== server maintenance ====== | ====== server maintenance ====== | ||
- | * logging activity | + | ===== logging activity ===== |
apache error log | apache error log | ||
Line 15: | Line 15: | ||
<code>geoiplookup THE.IP.ADD.RE.SS</code> | <code>geoiplookup THE.IP.ADD.RE.SS</code> | ||
- | * IP filtering | + | ===== IP filtering ===== |
check existing iptables filters | check existing iptables filters | ||
Line 22: | Line 23: | ||
<code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code> | <code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code> | ||
- | * mysql | + | ===== mysql ===== |
remove comments from a wordpress site | remove comments from a wordpress site | ||
Line 32: | Line 33: | ||
http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/ | http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/ | ||
https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server | https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server | ||
+ | |||
added the following lines | added the following lines | ||
<code> | <code> | ||
Line 56: | Line 58: | ||
to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many **xmlrpc** requests in seconds. | to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many **xmlrpc** requests in seconds. | ||
+ | run <code>lynx http://localhost/server-status</code> | ||
+ | |||
+ | to see statistics | ||
+ | |||
+ | Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania | ||
+ | |||
+ | consider also this: | ||
+ | http://www.blogtips.org/block-wordpress-brute-force-attacks-via-xmlrpc-php/ | ||
+ | also, dataclub.biz domain appears in other brute-force attacks |