Archive

Articles taggués ‘Wordpress’

Block WordPress xmlprc.php DDOS attacks using Fail2Ban

17/04/2024 Aucun commentaire

Few days ago, my friend’s WordPress website went down. After investigation, I have figured out that it was receiving massive amount of posts requests to the xmlrpc.php file, which brings the apache and mysql to eat up all the system resources and the website crashed. Fortunately, I have figured out the way to mitigate this attack using Fail2Ban, which I’ll share in this post.

Install the Fail2Ban package using the following command:

apt-get install fail2ban iptables

1Make a local copy of jail.conf file for configuration change:

cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

2

Lire la suite…

Categories: Réseau, Sécurité Tags: , , , , ,

URL rewriting, Apache 2.4 et WordPress: pour ne pas y passer deux heures…

29/03/2024 Comments off

Le URL rewriting (permaliens) sous WordPress nécessite pour la version 2.4 de Apache des paramètres différents de ceux utilisés pour Apache 2.2.

La configuration des fichiers:

  • monsite.com.conf
  • .htaccess

de votre site Wordpress est spécifique lors du passage à Apache 2.4.

Si vous choisissez /%year%/%monthnum%/%postname%/, il faut préciser le chemin complet dans la configuration du site (monsite.com.conf):

En effet, il faut activer:

 <Directory /var/www/dbsysnet/>
 Require all granted
 Options -Indexes
 AllowOverride All
 </Directory>

en n’oubliant surtout pas Require all granted et surtout le « / » à la fin du chemin vers le dossier racine.

Sinon tous les permaliens amèneront à une page « Not found » et même pas celle que vous avez défini pour les erreurs 404 dans votre .htaccess.

Voilà. Ça m’a pris plus de deux heures (si Julien n’avait pas été là, on aurait retrouvé mon cadavre au bout d’une branche…).

 

Categories: Logiciel, Système Tags: , , ,

WordPress: Se protéger des spams sur les commentaires via un fichier .htaccess

25/02/2024 Comments off
Si vous autorisez vos visiteurs à poster des commentaires sur les articles de votre blog, vous avez certainement fait face aux robots spammeurs. Pour aider Askimet à lutter et réduire les attaques des spammeurs, il existe une astuce qui consiste à bloquer l’accès au fichier wp-comments-post.php qui permet de traiter la soumission des commentaires. Le code qui suit est à placer dans un fichier .htaccess à la racine de votre site Internet.

## ******** Pour se protéger contre des commentaires de Spam **********
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !.*mon-site.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://www.mon-site.com [R=301,L]
Categories: Système Tags: , , , , , ,

Thumbnail Generation PHP Memory Limit NextGEN Gallery

04/01/2024 Comments off

Source: Visser Labs Blog

When uploading a set of admittedly large images using NextGEN Gallery to my WordPress site I exceeded my web hosts default memory usage allocation for PHP applications. The error was:

Follow thumbnails could not created. sample.jpg (Error : Exceed Memory limit. Require : 80.65 MByte)

This issue can be resolved by increasing the memory usage allocation at a per-plugin level for PHP applications that require more grunt than others. It’s quick and easy!

  1. Open an FTP connection to your root WordPress directory
  2. Open /wp-content/plugins/nextgen-gallery/lib/gd.thumbnail.inc.php with your favourite text editor (e.g. UltraEdit, etc.)
  3. On line #168 un-comment (remove the //) from before @ini_set('memory_limit', '128M');
  4. Save and upload changes
  5. Delete image/s that failed to generate a thumbnail and re-upload using NextGEN Gallery’s standard Upload Images feature

If you find 128MB is too ‘conservative’ this can be increased again to any figure of your liking, I find 128MB appropriate for most commercial and personal usage but if you’re a HD photographer then you’re going to hit this limit very quickly… that’s it!

 

Categories: Logiciel Tags: , ,

How to Migrate a Web Server Running Apache, MySQL, WordPress and Drupal

09/12/2023 Comments off

Well folks its time that my old home hosted server is retired. Which means I have to migrate all of my 5 websites to a new server. Thanks to the way apache, MySQL WordPress and Drupal work, its easy.

1. Copy Apache Config Files

# ssh username@oldserver
# scp /etc/apache2/sites-available/ user@newserver:/etc/apache2/sites-available/

This will copy all the apache config files over to the new server. Now enable all the sites you copied by creating a symbolic link for each .config file you copied in sites-enabled.

# ln -s /etc/apache2/sites-available/yourwebsite.com.conf /etc/apache2/sites-enabled/yourwebsite.com.conf

or use the command a2ensite which does the same thing for you

# a2ensite yourwebsite.com

Restart apache for the changes to take effect.

# /etc/init.d/apache2 restart

2. Copy Your Websites

# scp -r /var/www/ username@newserver:/var/www

Default WordPress and Drupal installs are just files and we have now copied them across. However all the content, comments etc are stored within MySQL so lets migrate that now.

3. Migrate MySQL

Start by being logged into the old server.

# mysqldump --all-databases -u root -p > backup.sql
# scp backup.sql username@newserver:/home/username/
# ssh username@newserver
# mysql -u root -p < backup.sql

What we did here was use mysqldump to script every database and its contents into several sql commands. Then we copied them to the new server and piped them into the new sql server. All our databases, users and table contents have been imported. Magic.

4. DNS Migration

Now all you need to do is reconfigure your DNS servers to point to the new IP address. Chances are your not hosting your own DNS server so you will have to update them using your provider’s web interface. A word of advice though, create a new entry like test.yourdomain.com and point it to the new server first to make sure everything works.

Categories: Logiciel, Système Tags: ,