Archive

Articles taggués ‘htaccess’

Detect and Block WordPress Brute Force Login Attacks

03/11/2020 Comments off

detect and block wordpress brute forceIf you run a wordpress blog these days, you are likely to experience brute force attacks where nefarious individuals attempt to break in to your website by quickly a list of userids and passwords against your wp-login.php.  Here’s how I automated detection and blocking of WordPress brute force login attacks.

Detecting a WordPress Brute Force Attack

One can typically detect a wordpress brute force attack by parsing through your webserver’s access_log file.  The access_log file records all of the access requests that a web server handles.  A brute force attack typically will have frequent and numerous attempts to the wp-login.php file as shown below:

Example:  In the access_log file below, we detect a brute force login attack on our WordPress blog.  We detected it by noticing frequent and constant requests to the wp-login.php file.

31.192.210.159 - - [11/Sep/2014:02:01:43 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:44 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:45 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:47 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:49 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:50 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:51 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:52 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:54 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"
31.192.210.159 - - [11/Sep/2014:02:01:55 +0000] "POST http://www.uptimemadeeasy.com/wp-login.php HTTP/1.1" 200 3389 "http://www.uptimemadeeasy.com/wp-login.php" "Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"

Typically in an event like this, I lookup the IP address in the ARIN database as I showed in a previous article:  What Personal Information Can You Get From Your Web Server?  Frequently, I find that the address is from APAC or RIPE addresses.

Lire la suite…

URL rewriting, Apache 2.4 et WordPress: pour ne pas y passer deux heures…

30/08/2020 Comments off

Le URL rewriting (permaliens) sous WordPress nécessite pour la version 2.4 de Apache des paramètres différents de ceux utilisés pour Apache 2.2.

La configuration des fichiers:

  • monsite.com.conf
  • .htaccess

de votre site Wordpress est spécifique lors du passage à Apache 2.4.

Si vous choisissez /%year%/%monthnum%/%postname%/, il faut préciser le chemin complet dans la configuration du site (monsite.com.conf):

En effet, il faut activer:

 <Directory /var/www/dbsysnet/>
 Require all granted
 Options -Indexes
 AllowOverride All
 </Directory>

en n’oubliant surtout pas Require all granted et surtout le “/” à la fin du chemin vers le dossier racine.

Sinon tous les permaliens amèneront à une page “Not found” et même pas celle que vous avez défini pour les erreurs 404 dans votre .htaccess.

Voilà. Ça m’a pris plus de deux heures (si Julien n’avait pas été là, on aurait retrouvé mon cadavre au bout d’une branche…).

 

Protect WordPress sites with .htaccess

26/07/2020 Comments off

Plug-ins

Our job as WordPress users (aside from contributing to the WordPress community) is keeping our installs safe from people we do not want to access our sites. There are numerous plug-ins to help shore up our WordPress defenses such as Login LockDown which records IP address and blocks them after a set number of login attempts which helps against brute force attacks. Lire la suite…

Basic .htaccess for New Projects

26/07/2020 Comments off
# allows php on html
 AddType application/x-httpd-php .html
# Using this code, instead of having to type in http://mysite.com/contact.php, you only need to enter http://mysite.com/contact to access that page.
# And the best part is, you can still access the page with .php on the end of it, so no old incoming links or bookmarks become orphaned as a result of this, and everyone is happy.
 RewriteCond %{REQUEST_FILENAME} !-d
 RewriteCond %{REQUEST_FILENAME}\.htm -f
 RewriteRule ^(.*)$ $1.htm
# gzip compression.
# html, txt, css, js, json, xml, htc:
 AddOutputFilterByType DEFLATE text/html text/plain text/css application/json
 AddOutputFilterByType DEFLATE text/javascript application/javascript application/x-javascript
 AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
# ------------------------
# CACHING to speed up site
# MONTH
 <FilesMatch "\.(flv|gif|jpg|jpeg|png|ico|swf)$">
 Header set Cache-Control "max-age=2592000"
# WEEK
 <FilesMatch "\.(js|css|pdf|txt)$">
 Header set Cache-Control "max-age=604800"
# DAY
 <FilesMatch "\.(html|htm)$">
 Header set Cache-Control "max-age=43200"
# webfonts and svg:
 <FilesMatch "\.(ttf|otf|eot|svg)$" >
 SetOutputFilter DEFLATE
# use utf-8 encoding for anything served text/plain or text/html
 AddDefaultCharset utf-8
# force utf-8 for a number of file formats
 AddCharset utf-8 .html .css .js .xml .json .rss
# Custom 400 errors
 ErrorDocument 400 /error.php
# Custom 401 errors
 ErrorDocument 401 /error.php
# Custom 403 errors
 ErrorDocument 403 /error.php
# Custom 404 errors
 ErrorDocument 404 /error.php
# Custom 500 errors
 ErrorDocument 500 /error.php
# Changes http://example.com to http://www.example.com
 RewriteEngine on
 RewriteCond %{HTTP_HOST} !^www.your-domain.com$
 RewriteRule ^(.*)$ http://www.your-domain.com/$1 [R=301]
# Specifies what file will be the directory index
 DirectoryIndex index.php index.html index.htm
# Unhide the code below to turn on a Site Down Page
 # RewriteEngine On
 # RewriteBase /
 # RewriteCond %{REQUEST_URI} !^/your-domain\.php$
 # RewriteRule ^(.*)$ http://your-domain.com/site-down.php [R=307,L]
# redirect any variations of a specific character string to a specific address
 # RewriteEngine On
 # RewriteRule ^appsupport http://www.your-domain.com/ [R]
# ---- # The following will redirect to the new page permanently ----#
 # Redirect 301 /index.php http://www.your-domain.com/site-down.php
Categories: Système Tags: ,

A Standard .htaccess File with ExpressionEngine

25/07/2020 Comments off
.htaccess files can be a powerful tool for a developer, that is, as long as they are set up properly. What follows is a pretty simple .htaccess template that I use on the majority of my projects.

Secure .htaccess File

<Files .htaccess>
 order allow,deny
 deny from all
</Files>

This first set of lines essentially prevents others from viewing your htaccess file (and learning all about your crazy redirects).
Lire la suite…

Categories: Système Tags: ,