Archive

Articles taggués ‘htaccess’

Detect and Block WordPress Brute Force Login Attacks

25/09/2023 Aucun commentaire

detect and block wordpress brute forceIf you run a wordpress blog these days, you are likely to experience brute force attacks where nefarious individuals attempt to break in to your website by quickly a list of userids and passwords against your wp-login.php.  Here’s how I automated detection and blocking of WordPress brute force login attacks.

Detecting a WordPress Brute Force Attack

One can typically detect a wordpress brute force attack by parsing through your webserver’s access_log file.  The access_log file records all of the access requests that a web server handles.  A brute force attack typically will have frequent and numerous attempts to the wp-login.php file as shown below:

Example:  In the access_log file below, we detect a brute force login attack on our WordPress blog.  We detected it by noticing frequent and constant requests to the wp-login.php file.

31.192.210.159 - - [11/Sep/2014:02:01:43 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:44 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:45 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:47 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:49 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:50 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:51 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:52 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:54 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:55 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

Typically in an event like this, I lookup the IP address in the ARIN database as I showed in a previous article:  What Personal Information Can You Get From Your Web Server?  Frequently, I find that the address is from APAC or RIPE addresses.

Lire la suite…

Categories: Logiciel, Réseau, Sécurité Tags: , , , , ,

URL rewriting, Apache 2.4 et WordPress: pour ne pas y passer deux heures…

01/08/2023 Comments off

Le URL rewriting (permaliens) sous WordPress nécessite pour la version 2.4 de Apache des paramètres différents de ceux utilisés pour Apache 2.2.

La configuration des fichiers:

  • monsite.com.conf
  • .htaccess

de votre site Wordpress est spécifique lors du passage à Apache 2.4.

Si vous choisissez /%year%/%monthnum%/%postname%/, il faut préciser le chemin complet dans la configuration du site (monsite.com.conf):

En effet, il faut activer:

 <Directory /var/www/dbsysnet/>
 Require all granted
 Options -Indexes
 AllowOverride All
 </Directory>

en n’oubliant surtout pas Require all granted et surtout le “/” à la fin du chemin vers le dossier racine.

Sinon tous les permaliens amèneront à une page “Not found” et même pas celle que vous avez défini pour les erreurs 404 dans votre .htaccess.

Voilà. Ça m’a pris plus de deux heures (si Julien n’avait pas été là, on aurait retrouvé mon cadavre au bout d’une branche…).

 

Categories: Logiciel, Système Tags: , , ,

Basic .htaccess for New Projects

02/07/2023 Comments off
# allows php on html
 AddType application/x-httpd-php .html
# Using this code, instead of having to type in http://mysite.com/contact.php, you only need to enter http://mysite.com/contact to access that page.
# And the best part is, you can still access the page with .php on the end of it, so no old incoming links or bookmarks become orphaned as a result of this, and everyone is happy.
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME}\.htm -f
 RewriteRule ^(.*)$ $1.htm
# gzip compression.
# html, txt, css, js, json, xml, htc:
 AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
 AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
 AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
# ------------------------
# CACHING to speed up site
# MONTH
 <FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$">
 Header set Cache-Control "max-age=2592000"
# WEEK
 <FilesMatch "\.(js|css|pdf|txt)$">
 Header set Cache-Control "max-age=604800"
# DAY
 <FilesMatch "\.(html|htm)$">
 Header set Cache-Control "max-age=43200"
# webfonts and svg:
 <FilesMatch "\.(ttf|otf|eot|svg)$" >
 SetOutputFilter DEFLATE
# use utf-8 encoding for anything served text/plain or text/html
 AddDefaultCharset utf-8
# force utf-8 for a number of file formats
 AddCharset utf-8 .html .css .js .xml .json .rss
# Custom 400 errors
 ErrorDocument 400 /error.php
# Custom 401 errors
 ErrorDocument 401 /error.php
# Custom 403 errors
 ErrorDocument 403 /error.php
# Custom 404 errors
 ErrorDocument 404 /error.php
# Custom 500 errors
 ErrorDocument 500 /error.php
# Changes http://example.com to http://www.example.com
 RewriteEngine on
 RewriteCond %{HTTP_HOST} !^www.your-domain.com$
 RewriteRule ^(.*)$ http://www.your-domain.com/$1 [R=301]
# Specifies what file will be the directory index
 DirectoryIndex index.php index.html index.htm
# Unhide the code below to turn on a Site Down Page
 # RewriteEngine On
 # RewriteBase /
 # RewriteCond %{REQUEST_URI} !^/your-domain\.php$
 # RewriteRule ^(.*)$ http://your-domain.com/site-down.php [R=307,L]
# redirect any variations of a specific character string to a specific address
 # RewriteEngine On
 # RewriteRule ^appsupport http://www.your-domain.com/ [R]
# ---- # The following will redirect to the new page permanently ----#
 # Redirect 301 /index.php http://www.your-domain.com/site-down.php
Categories: Système Tags: ,

A Standard .htaccess File with ExpressionEngine

01/07/2023 Comments off
.htaccess files can be a powerful tool for a developer, that is, as long as they are set up properly. What follows is a pretty simple .htaccess template that I use on the majority of my projects.

Secure .htaccess File

<Files .htaccess>
 order allow,deny
 deny from all
</Files>

This first set of lines essentially prevents others from viewing your htaccess file (and learning all about your crazy redirects).
Lire la suite…

Categories: Système Tags: ,

WordPress: Se protéger des spams sur les commentaires via un fichier .htaccess

28/06/2023 Comments off
Si vous autorisez vos visiteurs à poster des commentaires sur les articles de votre blog, vous avez certainement fait face aux robots spammeurs. Pour aider Askimet à lutter et réduire les attaques des spammeurs, il existe une astuce qui consiste à bloquer l’accès au fichier wp-comments-post.php qui permet de traiter la soumission des commentaires. Le code qui suit est à placer dans un fichier .htaccess à la racine de votre site Internet.

## ******** Pour se protéger contre des commentaires de Spam **********
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*mon-site.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.mon-site.com [R=301,L]
Categories: Système Tags: , , , , , ,