Category Archives: Security
How to block wordpress logins and xmlrpc with no referer
If you are getting flooded with wordpress login attempts by a suspected hacker, you can add the following rule to mod security in /usr/local/apache/conf/modsec2.user.conf This rule will block any access to wp-login.php that does not contain a referer #block wp-lgoin.php with no referer <Locationmatch “/wp-login.php”> SecRule REQUEST_METHOD “POST” “deny,status:401,id:5000130,chain,msg:’wp-login request blocked, no referer’” SecRule &HTTP_REFERER …
Mod_security and cPanel temp URL’s
If you have a customer that is getting ModSecurity errors when accessing parts of their site using a temp URL like this: http://host.servername.com/~theirusername You may want to whitelist the rule that is blocking the page, however you can not just whitelist this on the users account itself. You need to make sure the whitelist happens …
How to check if iptables blocked your IP address, and how to remove a block if it did
Weak SSL error in thunderbird
If you are using thunderbird to connect to a mail server, and you see an error like this: Error: An error occurred during a connection to host.server.com:993. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) Then this indicates the server is vulnerable to logjam attack, and should …
LastPass has had a security breach
If you are using the LastPass Password Management service, you may want to go and reset your passwords. They have had a security breach on their network, and although they don’t believe they hackers got into any user accounts, they have confirmed that that LastPass account email addresses, password reminders, server per user salts, and …
Share a folder between 2 cpanel accounts on a server
If you have a customer that wants to share a folder between 2 separate accounts of theirs, it’s a little tricky to get the permissions just right, but it can be done fairly easily. Note* This is not something that cPanel supports, and their may be some inherent security risks with this, so do this …
How to get your mail server removed from Gmail’s blacklist
If you’re getting bounce backs from gmail, then you know it’s not easy to find your way though Google’s website to track down a form to get delisted. I have spent a long time going their site, answering questions on forms to finally bring me to the following URL: https://support.google.com/mail/contact/msgdelivery Fill this …
How to regain access to a server that you lost the root password to
This applies to CentOS servers running GRUB To regain access to a server that you no longer know the root password to, you need to gain physical access to the server, and boot into single user mode. This will then allow you to change the root password. Single-user mode will boot your system, mount …
- English Support
- 24/7 x 365
- Branded Support
- Reduced Overhead
- Linux Experts
- Friendly Staff