This is an old revision of the document!
Warning: Declaration of syntax_plugin_wrap_div::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line
43
Warning: Declaration of syntax_plugin_wrap_div::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line
81
Warning: Declaration of syntax_plugin_wrap_closesection::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line
23
Warning: Declaration of syntax_plugin_wrap_closesection::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line
29
Warning: Declaration of syntax_plugin_wrap_span::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line
43
Warning: Declaration of syntax_plugin_wrap_span::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in
/var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line
63
Warning: Declaration of syntax_plugin_gallery::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in
/var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line
51
Warning: Declaration of syntax_plugin_gallery::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in
/var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line
147
Warning: Declaration of syntax_plugin_vshare::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in
/var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line
47
Warning: Declaration of syntax_plugin_vshare::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in
/var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line
107
Warning: preg_match(): Compilation failed: invalid range in character class at offset 3444 in
/var/www/kucjica/emperors-wiki/inc/parser/lexer.php on line
118
A PCRE internal error occured. This might be caused by a faulty plugin
====== server maintenance ======
===== logging activity =====
apache error log
<code>tail /var/log/apache2/error.log</code>
mysql error log
<code>tail /var/log/mysql/error.log</code>
user authentications, including possible attacks
<code>tail /var/log/auth.log</code>
look up where an IP address is coming from
<code>geoiplookup THE.IP.ADD.RE.SS</code>
===== IP filtering =====
check existing iptables filters
<code>iptables -L</code>
use iptables to filter IP addresses
<code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code>
===== mysql =====
remove comments from a wordpress site
<code>mysql>USE database;
mysql>DELETE FROM wp_comments WHERE comment_approved = '0';
</code>
mysql running out of memory in minutes
http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/
https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server
added the following lines
<code>
#trying to fix mysql memory leak, which is possibly linked to an attack ?
<files xmlrpc.php>
order allow,deny
deny from all
</files>
</code>
to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to block possible **xmlrpc** attack.
In /etc/apache2/access.log grep for this
<code>
POST /xmlrpc.php HTTP/1.1
</code>
installed **lynx** and added the following lines:
<code>
<Location /server-status>
SetHandler server-status
Order Deny,Allow
Deny from all
Allow from localhost
</Location>
</code>
to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many **xmlrpc** requests in seconds.
Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania
consider also this:
http://www.blogtips.org/block-wordpress-brute-force-attacks-via-xmlrpc-php/
also, dataclub.biz domain appears in other brute-force attacks