How To Use AWS CloudTrail For Intrusion Detection To Monitor Your AWS Account For Unwanted Activity

Author: , December 30th, 2022

Summary Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity. Background While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account. Once access is gained, such criminals could […]

How To Use Apache Scalp Log Analyzer to Catch Website Attacks

Author: , August 31st, 2015

Requires Python! Scalp Home https://code.google.com/p/apache-scalp/ Download Scalp: https://code.google.com/p/apache-scalp/downloads/detail?name=scalp-0.4.py Backup Link: http://www.wyzaerd.com/scalp/scalp-0.4.py Original (Broken) XML Rules File: https://dev.itratos.de/projects/php-ids/repository/raw/trunk/lib/IDS/default_filter.xml Fixed XML Rules File: http://www.wyzaerd.com/scalp/default_filter.xml To Fix the XML file: Replace: (?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)? and: (?i:(\%SYSTEMROOT\%)) with (?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%)) Examples:

Current options: exhaustive: Won’t stop at the first pattern matched, but will test all the patterns tough: Will […]

How to Install Apache mod_evasive on AWS Linux/CentOS

Author: , July 26th, 2014

I was getting tired of using iptables to block the various hackers and bots constantly slamming my servers (the Chinese are the worst offenders by far – curse them!). I found the Apache module mod_evasive and installed it. Here are links to various articles about mod_evasive: http://www.zdziarski.com/blog/?page_id=442 https://coderwall.com/p/eouy3g http://www.crucialp.com/resources/tutorials/server-administration/flood-protection-dos-ddos-protection-apache-1.3-2.0-mod_dosevasive-avoiding-denial-of-service-attacks.php Add the Module to Apache I […]

How To Block WordPress XMLRPC Attacks

Author: , July 8th, 2014

Add the following to either your .htaccess file or to your Apache config:

How to Block wp-login.php Attacks on WordPress Sites

Author: , May 17th, 2013

Introduction WordPress installs globally have been taking quite a hit recently, as nefarious persons continue to attempt brute-force attacks against the WordPress login page. Based on research and experimentation, I have chosen the following approach to provide security with the lowest performance hit: require a web-server-level password for all requests to the wp-login.php file. This […]

Safe, Sane and Secure – IPTables Introduction

Author: , January 20th, 2011

As a webmaster of over a decade, sometimes the load on my server spikes high. Investigation discovered that various bad guys on the Internet were probing/attacking my server on a regular basis. Step One – Be Aware Read your apache logs Actively monitor your servers. I use Nagios running on my home server. Use top […]

Protected: Denial of Service Attack Records

Author: , December 30th, 2010

There is no excerpt because this is a protected post.