If you hold a website and use SSL/HTTPS with Certificates theres is often the question should i block Port 80? The most Admins think after the Major Changes of the Browsers to pull first HTTPS Port 443 they can close the HTTP Port 80. But you should NOT do it! Why? most Bots scan at first Port 80 for Content or for Listening Web Servers. More Details: https://letsencrypt.org/de/docs/allow-port-80/
Category: Firewall
Apache2 evasive Problems with WordPress
If you use Apache2 / Apache24 and anti-hammering tools like the Modul evasive and security2 as addon fail2ban than you can fail blogging. Problems: Apache2 Module “evasive” must be fine tuned for WordPress go /etc/apache2/ if you use default enabled auto-safe drafts of posts can let you look like a Attacker so disable auto save by wp-config set “define(‘AUTOSAVE_INTERVAL’, 86400);” !! on small systems redis and other cache technics can generate too additional hidden “posts” traffic to the Apache2 & SQL checkout the system by disable all security addons and fine tune settings, if ok enable them again.. try wordpress […]
Apache2 evasive Problems with WordPress
If you use Apache2 / Apache24 and anti-hammering tools like the Modul evasive and security2 as addon fail2ban than you can fail blogging. Problems: Apache2 Module “evasive” must be fine tuned for WordPress go /etc/apache2/ if you use default enabled auto-safe drafts of posts can let you look like a Attacker so disable auto save by wp-config set “define(‘AUTOSAVE_INTERVAL’, 86400);” !! on small systems redis and other cache technics can generate too additional hidden “posts” traffic to the Apache2 & SQL checkout the system by disable all security addons and fine tune settings, if ok enable them again.. try wordpress […]
Major Tools for your IT Systems
A must “USE” in these insecure days: nmap Portscan Tool use nmap -PN IP-Address to check failed Firewall Settings! arp-scan Network Scan to find active devices iftop to detect traffic and used Ports on a physical network Interface! ps aux show active processes on a Linux System htop more human friendly Process Monitor iotop human friendly traffic monitor from CPU/RAM to Drives Daily check Error Logs! Use always Firewalls and Disk/File Encryption! Don’t trust Hardware Protection (TPM) Chips most do communicate by clean signals on copper which can be read out by hardware hacking or magnetic fields! NEVER leave Hardware […]
mj12bot hammer mediawiki
Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with : cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 69.30.198.186 144.76.60.198 40.121.210.108 5.189.152.91 5.9.66.153 69.30.198.242 69.30.205.218 81.109.126.245 192.99.10.47 If this doesn’t help the use “Apache AUTH Basic” to block unwanted access!! It’s easy to setup.
Firefox Stop Home Calls
During my last Network Monitoring found out that MANY of “free” Software calls home permanent Article: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections .. if you want to be safe, block all OUTGOING Traffic by a Firewall or local DNS Server and use a Proxy with Auth Mechanism!
Major Bug: UFW stopped thru logrotate
On Debian Sid i have seen that ufw service is stopped on logrotate!! Its a bad known bug! Workaround: Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2) Disable unneeded Services ! like Samba, FTP… move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !! edit /etc/ufw/ufw.conf set LOGLEVEL to “off” restart the Server and check open Ports next Days from outside with: $sudo nmap -PN my.server.com
Postfix: Automatic UFW Firewall Updates
If you use a Mail Server with Postfix you got daily Spam Attacks by Scripts: How to fix? Install ufw Firewall Run a Scanner Script as cronjob On Debian/Ubuntu: Install ufw: sudo apt-get update && sudo apt-get install ufw && sudo ufw enable && sudo ufw logging off Scan Script: sudo nano /home/user/firewall-update.sh: #!/bin/bash # scan rejected cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt # insert to Firewall while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt # scan "denied" cat /var/log/mail.log | […]
Security: Protection Against Cryptware Wannacry
You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]
Freifunk: Setup Router Software Bugfix
If you want to share Public Wifi at home for friends and you don’t want to share the Wifi Password, you can setup cheap a Public Openwrt Wifi Router as Access Point. Advantages: Public Setup needs no Wifi Password You are not responsible, cause the Internet is pulled thru a VPN of Freifunk Network It’s anonymous! It’s free of Charge! Supported by a big Community Can installed on very cheap old Routers like the TP-Link 841 (find the Singleband Router on Amaz or EbXX 12$ or Powerfull Dualband Router TP Link C7 at 50$) Can by used at EVERY Freifunk […]