Bug Report – Problem no “Login” Dialog: Today i upgraded SUCCESSFUL my Mailserver with Group Office Community Edtion BUT: Technical Setup: Version: 25.0.80 PHP8.2 incl. all needed Modules Apache24 Mariadb10 Redis Memcached php_fpm System Log Echos: no Errors on Log no Debug Info if Debug switched on Group Office nothing.. to view All System stuff […]
Category: apache
Linux IPFS two node Setup with Mirroring (Easy Setup)
If you want to Mirror your Personal Files over the Internet to two or more Decentral Nodes (perhaps Private), you can do it with the well known Internet Planetary Filesystem called IPFS. The major problem was in History to SYNC the Nodes hourly by Cronjob. The very easy fast way is to Setup kubo-go-ipfs from […]
WordPress Gutenberg Editor fails on mod_security2 mod_evasive
If you use modsecurity2 Plugin Filter on a Apache2 / Apache24 Setup then on my Blogs Gutenberg fails to SAVE Pages and Drafts. Update 12-2025 : Hardening with mod_security2 and mod_evasive must be customized for the WordPress Block Editor called Gutenberg! Workaround: Install the old but useful “Classic Editor Plugin” and replace Gutenberg for all […]
Apache2 evasive Problems with WordPress
If you use Apache2 / Apache24 and anti-hammering tools like the Modul evasive and security2 as addon fail2ban than you can fail blogging. Problems: Apache2 Module “evasive” must be fine tuned for WordPress go /etc/apache2/ if you use default enabled auto-safe drafts of posts can let you look like a Attacker so disable auto save […]
mj12bot hammer mediawiki
Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with : cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 […]
Backup daily WordPress Drupal Script
If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is […]
Apache MEMCACHED UDP Protection
Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to […]
NEXTCLOUD OWNCLOUD BUG FAIL2BAN
FAIL2BAN blocks access to “.ocdata” file! Apache Error Log: ..AH01630: client denied by server configuration: … cloud/data/.ocdata create with a Custom Rule for FAIL2BAN do: $sudo nano /etc/fail2ban/filter.d/apache-auth.local insert: [apache-auth] ignoreregex = nextcloud/data/.ocdata do: $sudo service fail2ban restart Check Log: tail -f n50 /var/log/apache2/error.log Remark: Sometimes the Login take long time after Enter the Password […]
Nextcloud Owncloud Opensource Risk’s
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) […]
Apache: Count Visits on Console
If you use a Webserver like Apache, you can use a small script to Analyse your Logs. Create a analyse-web.sh Script with: $sudo nano /home/user/analyse-web.sh insert: #!/bin/bash cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c exit 0 System Output: 1573 www.domain2.de 3568 www.domain3.de .. If you change the “$1” to […]
Apache: Analyse Logs Spam Bots
If you admin a Apache Webserver, you see often weekly thousand of visits a day on your Blogs. Background: These are no real users, this visits are made by Spam Bots in my Logs like Xovi.de or xovibot.net Bots! On info pages this Company says Admins should disallow crawl by robots.txt, but they IGNORE the settings! […]
Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!
Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like […]