This was a draft post from over a year ago that I forgot about.
I include it now because it has some merit and I found the attack to be very interesting.
-------------------------------------------------------------------------------------------------------------
Something, somewhere went wrong with the machine that hosts justvisiting.org.
It wasn't so much the hardware, but the operating system that began to have problems.
The issue:
Running out of memory and then locking up.
This machine had been running smoothly for years and then started to have a few hiccups and fits.
I'm sure the machine was not compromised by a break-in, but nevertheless it was failing and falling over and not responding to console logins, or responding at all. I finally rolled up my sleeves and replaced it with a newer and more robust machine. Which, IMO, wasn't really needed, but I did want to get justvisiting back online as soon as possible. The Linux OS is installed and it is sitting and waiting for operator input to get the final bits adjusted. Then I'll be able to finally get it back online at its designated IP address.
SSH attacks:
First off, the ssh attacks are still pretty much the same as they have always been. Every day this machine was bombarded with SSH attacks, mostly from host machines in China. I can tell you that reverse name resolution and a simple traceroute shows exactly where these machines are located. It's not that hard to determine and I don't think the perpetrators were much concerned about hiding their real IP addresses. I could be wrong, but think not. Why China wants into my machine so bad, I could not tell you. But if I had to guess, I would say that it is the Chinese Cyber Army that comes knocking. A new to me attack scheme has caused some concern. That concern is that after an IP address was permanently banned after so many SSH login attempts, another attack would occur almost immediately, from another "machine" from the same subnet.
It goes like this (using 1.2.3.x subnet addressing):
- SSH login attack from 1.2.3.1
- IP address is banned after x amount of login attempts
- Then another SSH login attempt from 1.2.3.2, same subnet address, with the next IP address attempting a login
- IP address is banned after x amount of login attempts
- Then another SSH login attempt from 1.2.3.3 with the next IP address attempting a login.
- Then from 1.2.3.4, 1.2.3.5, 1.2.3.6, 1.2.3.7.
And so on. . .
Needless to say, this is a problem. Not only to me and my machine, but to everyone who hangs servers out there on the Internet.
How does an entire, or close to an entire subnet of IP addresses attempt to login to an SSH account with cascading IP addesses from the same subnet? It's probably not that difficult to script, provided you own the IP block you are attacking from. I'm investigating, but in the meantime your guess is as good as mine.
To be continued. . .
Friday, April 7, 2017
Linux LAMP and WordPress Debug notes
Created by: Robert Cazares
Date: April 7th, 2017
Mostly for my own reference, put here in the cloud.
If you find the references useful, awesome.
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
create text file: touch filename.txt
cat > filename.txt
edit text file: nano filename.txt
vi/vim filename.txt
gedit filename.txt
Text editors to investigate -
Lime may be dead. I dunno. TBD
I would consider using this on one of my LAMP servers.
It looks pretty.
https://github.com/limetext/lime
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
How to Solve WordPress Could Not Create Directory
/08 Useful Tips /How to Solve WordPress Could Not Create Directory
November 13, 2014
http://wpnow.io/how-to-solve-wordpress-could-not-create-directory/
I was having a "Installation failed: Could not create directory" problem for a long time.
Now that I've had some time to investigate and drill down into what the problem was, I have found a solution.
Applying "Web Server Ownership" and "Directory Permissions" as listed below worked for me. Quick and simple.
I used these chown and chmod commands to fix most all issues regarding installing "Themes" and "plugins":
1. Web Server Ownership
The first level is actually to make sure that your web server has ownership over the directories:
chown -R www-data:www-data your-wordpress-directory
2. Directory Permissions
The second level is also required – you must make sure that the directory permissions are properly set:
sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \;
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
The following are other sites I found to be useful and great for learning how to apply security to Wordpress -
...............................................................
How to Fix Folder and File Permissions in WordPress
Written by Nick Savov on March 08, 2016 | WordPress
https://www.ostraining.com/blog/wordpress/file-permissions/
---------------------------------------------------------------
Group / Owner And Updating Wordpress Plugins
December 6, 2014
https://www.digitalocean.com/community/questions/group-owner-and-updating-wordpress-plugins
---------------------------------------------------------------
Changing File Permissions
https://codex.wordpress.org/Changing_File_Permissions
---------------------------------------------------------------
How to Fix File and Folder Permissions Error in WordPress
Last updated on March 2nd, 2017 by Editorial Staff
http://www.wpbeginner.com/beginners-guide/how-to-fix-file-and-folder-permissions-error-in-wordpress/
---------------------------------------------------------------
How To Use chmod and chown Command
by Vivek Gite on October 11, 2006 last updated August 31, 2012
in Linux, UNIX
https://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/
---------------------------------------------------------------
15 Practical Examples of “dpkg commands” for Debian Based Distros
http://www.tecmint.com/dpkg-command-examples/
2. List all the installed Packages
[root@tecmint~]# dpkg -l
4. View the Content of a Package
[root@tecmint~]# dpkg -c flashplugin-nonfree_3.2_i386.deb
5. Check a Package is installed or not
[root@tecmint~]# dpkg -s flashplugin-nonfree
6. Check the location of Packages installed
[root@tecmint~]# dpkg -L flashplugin-nonfree
---------------------------------------------------------------
Understanding the WordPress File and Directory Structure
Posted on May 21, 2016 by Tom Ewer in Tips & Tricks | 26 comments
https://www.elegantthemes.com/blog/tips-tricks/understanding-the-wordpress-file-and-directory-structure
---------------------------------------------------------------
Permissions
http://linuxcommand.org/lts0070.php
http://linuxcommand.org/lc3_lts0090.php
---------------------------------------------------------------
Correct file permissions for WordPress
http://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
---------------------------------------------------------------
Installation failed: Could not create directory.
https://wordpress.org/support/topic/installation-failed-could-not-create-directory/
---------------------------------------------------------------
WP Product Review
https://demo.themeisle.com/parallax-one/wp-product-review/
---------------------------------------------------------------
Date: April 7th, 2017
Mostly for my own reference, put here in the cloud.
If you find the references useful, awesome.
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
create text file: touch filename.txt
cat > filename.txt
edit text file: nano filename.txt
vi/vim filename.txt
gedit filename.txt
Text editors to investigate -
Lime may be dead. I dunno. TBD
I would consider using this on one of my LAMP servers.
It looks pretty.
https://github.com/limetext/lime
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
How to Solve WordPress Could Not Create Directory
/08 Useful Tips /How to Solve WordPress Could Not Create Directory
November 13, 2014
http://wpnow.io/how-to-solve-wordpress-could-not-create-directory/
I was having a "Installation failed: Could not create directory" problem for a long time.
Now that I've had some time to investigate and drill down into what the problem was, I have found a solution.
Applying "Web Server Ownership" and "Directory Permissions" as listed below worked for me. Quick and simple.
I used these chown and chmod commands to fix most all issues regarding installing "Themes" and "plugins":
1. Web Server Ownership
The first level is actually to make sure that your web server has ownership over the directories:
chown -R www-data:www-data your-wordpress-directory
2. Directory Permissions
The second level is also required – you must make sure that the directory permissions are properly set:
sudo find /var/www/wordpress/ -type d -exec chmod 755 {} \;
sudo find /var/www/wordpress/ -type f -exec chmod 644 {} \;
~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-~^-
The following are other sites I found to be useful and great for learning how to apply security to Wordpress -
...............................................................
How to Fix Folder and File Permissions in WordPress
Written by Nick Savov on March 08, 2016 | WordPress
https://www.ostraining.com/blog/wordpress/file-permissions/
---------------------------------------------------------------
Group / Owner And Updating Wordpress Plugins
December 6, 2014
https://www.digitalocean.com/community/questions/group-owner-and-updating-wordpress-plugins
---------------------------------------------------------------
Changing File Permissions
https://codex.wordpress.org/Changing_File_Permissions
---------------------------------------------------------------
How to Fix File and Folder Permissions Error in WordPress
Last updated on March 2nd, 2017 by Editorial Staff
http://www.wpbeginner.com/beginners-guide/how-to-fix-file-and-folder-permissions-error-in-wordpress/
---------------------------------------------------------------
How To Use chmod and chown Command
by Vivek Gite on October 11, 2006 last updated August 31, 2012
in Linux, UNIX
https://www.cyberciti.biz/faq/how-to-use-chmod-and-chown-command/
---------------------------------------------------------------
15 Practical Examples of “dpkg commands” for Debian Based Distros
http://www.tecmint.com/dpkg-command-examples/
2. List all the installed Packages
[root@tecmint~]# dpkg -l
4. View the Content of a Package
[root@tecmint~]# dpkg -c flashplugin-nonfree_3.2_i386.deb
5. Check a Package is installed or not
[root@tecmint~]# dpkg -s flashplugin-nonfree
6. Check the location of Packages installed
[root@tecmint~]# dpkg -L flashplugin-nonfree
---------------------------------------------------------------
Understanding the WordPress File and Directory Structure
Posted on May 21, 2016 by Tom Ewer in Tips & Tricks | 26 comments
https://www.elegantthemes.com/blog/tips-tricks/understanding-the-wordpress-file-and-directory-structure
---------------------------------------------------------------
Permissions
http://linuxcommand.org/lts0070.php
http://linuxcommand.org/lc3_lts0090.php
---------------------------------------------------------------
Correct file permissions for WordPress
http://stackoverflow.com/questions/18352682/correct-file-permissions-for-wordpress
---------------------------------------------------------------
Installation failed: Could not create directory.
https://wordpress.org/support/topic/installation-failed-could-not-create-directory/
---------------------------------------------------------------
WP Product Review
https://demo.themeisle.com/parallax-one/wp-product-review/
---------------------------------------------------------------
Subscribe to:
Posts (Atom)
