If you use modsecurity2 Plugin Filter on a Apache2 / Apache24 Setup then on my Blogs Gutenberg fails to SAVE Pages and Drafts. Update 12-2025 : Hardening with mod_security2 and mod_evasive must be customized for the WordPress Block Editor called Gutenberg! Workaround: Install the old but useful “Classic Editor Plugin” and replace Gutenberg for all […]
Tag: apache2
Apache2 evasive Problems with WordPress
If you use Apache2 / Apache24 and anti-hammering tools like the Modul evasive and security2 as addon fail2ban than you can fail blogging. Problems: Apache2 Module “evasive” must be fine tuned for WordPress go /etc/apache2/ if you use default enabled auto-safe drafts of posts can let you look like a Attacker so disable auto save […]
mj12bot hammer mediawiki
Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with : cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 […]
Backup daily WordPress Drupal Script
If you use Drupal or WordPress and you have a virtual Server with SSH Login you should set up a daily Backup Script to have a Snapshot of your Blogs if Hackers insert SQL Code Injections or hack PHP Sites. Cause you cant NEVER know every EXPLOIT of every used Plugin (here less plugins is […]
Apache MEMCACHED UDP Protection
Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to […]
NEXTCLOUD OWNCLOUD BUG FAIL2BAN
FAIL2BAN blocks access to “.ocdata” file! Apache Error Log: ..AH01630: client denied by server configuration: … cloud/data/.ocdata create with a Custom Rule for FAIL2BAN do: $sudo nano /etc/fail2ban/filter.d/apache-auth.local insert: [apache-auth] ignoreregex = nextcloud/data/.ocdata do: $sudo service fail2ban restart Check Log: tail -f n50 /var/log/apache2/error.log Remark: Sometimes the Login take long time after Enter the Password […]
Nextcloud Owncloud Opensource Risk’s
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) […]
Apache: Count Visits on Console
If you use a Webserver like Apache, you can use a small script to Analyse your Logs. Create a analyse-web.sh Script with: $sudo nano /home/user/analyse-web.sh insert: #!/bin/bash cat /var/log/apache2/access.log | awk '{ print $1 }' | sort | uniq -c exit 0 System Output: 1573 www.domain2.de 3568 www.domain3.de .. If you change the “$1” to […]