User Tools

Site Tools


server_maintenance

This is an old revision of the document!



Warning: Declaration of syntax_plugin_wrap_div::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line 43

Warning: Declaration of syntax_plugin_wrap_div::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/div.php on line 81

Warning: Declaration of syntax_plugin_wrap_closesection::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line 23

Warning: Declaration of syntax_plugin_wrap_closesection::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/closesection.php on line 29

Warning: Declaration of syntax_plugin_wrap_span::handle($match, $state, $pos, Doku_Handler &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line 43

Warning: Declaration of syntax_plugin_wrap_span::render($mode, Doku_Renderer &$renderer, $indata) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/wrap/syntax/span.php on line 63

Warning: Declaration of syntax_plugin_gallery::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line 51

Warning: Declaration of syntax_plugin_gallery::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/gallery/syntax.php on line 147

Warning: Declaration of syntax_plugin_vshare::handle($match, $state, $pos, &$handler) should be compatible with DokuWiki_Syntax_Plugin::handle($match, $state, $pos, Doku_Handler $handler) in /var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line 47

Warning: Declaration of syntax_plugin_vshare::render($mode, &$R, $data) should be compatible with DokuWiki_Syntax_Plugin::render($format, Doku_Renderer $renderer, $data) in /var/www/kucjica/emperors-wiki/lib/plugins/vshare/syntax.php on line 107

Warning: preg_match(): Compilation failed: invalid range in character class at offset 3444 in /var/www/kucjica/emperors-wiki/inc/parser/lexer.php on line 118
A PCRE internal error occured. This might be caused by a faulty plugin

====== server maintenance ====== ===== logging activity ===== apache error log <code>tail /var/log/apache2/error.log</code> mysql error log <code>tail /var/log/mysql/error.log</code> user authentications, including possible attacks <code>tail /var/log/auth.log</code> look up where an IP address is coming from <code>geoiplookup THE.IP.ADD.RE.SS</code> ===== IP filtering ===== check existing iptables filters <code>iptables -L</code> use iptables to filter IP addresses <code>iptables -A INPUT -s THE.IP.ADD.RE.SS -j DROP</code> ===== mysql ===== remove comments from a wordpress site <code>mysql>USE database; mysql>DELETE FROM wp_comments WHERE comment_approved = '0'; </code> mysql running out of memory in minutes http://brunzino.github.io/blog/2016/05/21/solution-how-to-debug-intermittent-error-establishing-database-connection/ https://www.linode.com/docs/websites/apache-tips-and-tricks/tuning-your-apache-server added the following lines <code> #trying to fix mysql memory leak, which is possibly linked to an attack ? <files xmlrpc.php> order allow,deny deny from all </files> </code> to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to block possible **xmlrpc** attack. In /etc/apache2/access.log grep for this <code> POST /xmlrpc.php HTTP/1.1 </code> installed **lynx** and added the following lines: <code> <Location /server-status> SetHandler server-status Order Deny,Allow Deny from all Allow from localhost </Location> </code> to all /etc/apache2/sites-available/domain.com configuration files which host a WordPress, to enable lynx analytics report, which clearly showed many **xmlrpc** requests in seconds. Solved the memory issue by blocking the ip that was sending xmlrpc requests (iptables drop) after geoiplocating it in lithuania consider also this: http://www.blogtips.org/block-wordpress-brute-force-attacks-via-xmlrpc-php/ also, dataclub.biz domain appears in other brute-force attacks

server_maintenance.1464871545.txt.gz · Last modified: 2016/06/02 12:45 by zoza