Summary Use AWS CloudTrail as the basis for a simple Intrusion Detection System to monitor your AWS account for unwanted activity. Background While I follow best practices for security, it is always possible that a bad actor could obtain my credentials and gain access to my AWS account. Once access is gained, such criminals could […]
Requires Python! Scalp Home https://code.google.com/p/apache-scalp/ Download Scalp: https://code.google.com/p/apache-scalp/downloads/detail?name=scalp-0.4.py Backup Link: http://www.wyzaerd.com/scalp/scalp-0.4.py Original (Broken) XML Rules File: https://dev.itratos.de/projects/php-ids/repository/raw/trunk/lib/IDS/default_filter.xml Fixed XML Rules File: http://www.wyzaerd.com/scalp/default_filter.xml To Fix the XML file: Replace: (?:all|distinct|[(!@]*)? with (?:all|distinct|[(!@]+)? and: (?i:(\%SYSTEMROOT\%)) with (?:(\%[sS][yY][sS][tT][eE][mM][rR][oO][oO][tT]\%)) Examples:
I was getting tired of using iptables to block the various hackers and bots constantly slamming my servers (the Chinese are the worst offenders by far – curse them!). I found the Apache module mod_evasive and installed it. Here are links to various articles about mod_evasive: http://www.zdziarski.com/blog/?page_id=442 https://coderwall.com/p/eouy3g http://www.crucialp.com/resources/tutorials/server-administration/flood-protection-dos-ddos-protection-apache-1.3-2.0-mod_dosevasive-avoiding-denial-of-service-attacks.php Add the Module to Apache I […]
Introduction WordPress installs globally have been taking quite a hit recently, as nefarious persons continue to attempt brute-force attacks against the WordPress login page. Based on research and experimentation, I have chosen the following approach to provide security with the lowest performance hit: require a web-server-level password for all requests to the wp-login.php file. This […]
As a webmaster of over a decade, sometimes the load on my server spikes high. Investigation discovered that various bad guys on the Internet were probing/attacking my server on a regular basis. Step One – Be Aware Read your apache logs Actively monitor your servers. I use Nagios running on my home server. Use top […]