Tag: antihack

Apache: Analyse Logs Spam Bots

If you admin a Apache Webserver, you see often weekly¬†thousand of visits a day on your Blogs. Background: These are no real users, this visits are made by Spam Bots in my Logs like Xovi.de or xovibot.net Bots! On info pages this Company says Admins should disallow crawl by robots.txt, but they IGNORE the settings! This x-guys is in my opinion against German Law “Datenschutz”. "Mozilla/5.0 (compatible; XoviBot/2.0; +http://www.xovibot.net/)" Solution: On Linux Setup a Firewall like ufw and block these IP Ranges To find out the IPs do: $sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | […]

WordPress: Monitor the Size of the MYSQL Database

If you use WordPress or a other Blog Software with a MySQL Database over years it is useful to do some things regularly: Check the Database Size weekly, that no Skript Kid has found a Backdoor and fills up the Database silent Purge Database Caches with default maintenance tools of the Software Dont forget to create a MySQL Dump Backup weekly with cron To Check the Size login on mysql command prompt do: $mysql -u dbuser -p #Enter Password mysql > use dbwordpress mysql > SELECT table_schema "Data Base Name", sum( data_length + index_length) / 1024 / 1024 "Data Base […]

Major Webserver Setup Rules: The “must” do!

If you want to setup a fresh secure Webserver then use this list dont ever upload data, files, images on the Webserver who are classified as “secret” setup daily full backup with Cron view daily the system logs, auth, www, errors … setup a local firewall with less opened ports 80,25 .. setup daily automatic updates by cron reduce the count of users who can login use no logical usernames force long passwords by rules min 15 digits setup a daily load monitor by “uptime” to log setup a realtime network monitor by “iftop” use “nmap” as local portscan to […]