How to get free space in Dropbox

January 3rd, 2016 No comments

Dropbox is like having a “magic pocket” – you put anything in it and can take anything out on whatever computer, laptop, tablet or phone you happen to be using.

Dropbox_logo_(September_2013).svg

The only downside is that with the free account you only get a measly 2Gb of space…

I started off with 2Gb but now have 16Gb space all by doing one simple thing. I used the “invite to Dropbox” feature in the Dropbox website and linked it to my Google GMail contacts!

Screen-Shot-2015-03-26-at-4.25.11-AM

This way I send out a Dropbox invite to a hundred of my friends and contacts with a link that meant if they signed up for a Dropbox account, they would get 250Mb of free space and so would I.

(by the way, Here’s my referral link if you want to sign up using me)

You can guess what happened next. Over time as my friends creating their own accounts I got more and more free storage space until I reached a massive 16Gb.

Cool eh?

(Stay tuned for another post where I share some cool tricks n tips you can do with Dropbox)

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterEmail this to someoneShare on RedditShare on LinkedIn
Categories: Uncategorized Tags:

Should I buy a Kindle or other e-book reader?

January 3rd, 2016 No comments

The Amazon Kindle (or any other e-reader) is superior to a tablet for reading books.

kindle-paperwhite

Why you may ask? Well for one the screen is much easier on the eyes with an e-reader like the Kindle.

In fact, it’s as almost as good as looking at a real paper page thanks to the “e-ink” technology. You can read it in bright sunlight in the park on a lovely summers day if you like! Can you do that on a tablet? Would you even want to take an expensive tablet to the park anyway? What if you drop it, it gets lost etc.

You also get long battery life – almost a month.

You can also subscribe to newspapers and magazines on these devices (eg. Guardian, Times etc).

If you’re a bit more geeky you can also use the “Send-to-Kindle” browser extension to send snippets of web pages to your kindle to read later – cool eh?

The only downside I have found is that reading technical books and PDF files tends to be very clunky. You simple cannot scan between pages as quick compared to a real paper book.

So there are pros and cons – do you have an e-reader? What is your experience? Please make a comment below thank you!

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterEmail this to someoneShare on RedditShare on LinkedIn
Categories: Technical Tags:

How to protect WordPress from DoS, DDoS and XMLRPC attacks

August 8th, 2015 2 comments

 

So, you are sysadmin of a Linux server that runs one or more WordPress sites. Everything “just works”… but now and again you notice a massive slowdown in site performance. You may even get an alert or three from your site monitoring system. Normally at anti-social times of the day :(

After looking into the Apache access logs for the WordPress site vhost you discover that large number of requests are seen from the same IP to a bunch of pages on your site.

Here are some examples from my own logs:

[malicious ip] - [02/Jul/2015:21:24:28 +0100] "GET /wp-login.php HTTP/1.1" 404 504 "-" "Mozilla/5.0 (Windows NT 6.1
; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17"
[malicious ip] - - [02/Jul/2015:21:24:28 +0100] "GET /administrator/ HTTP/1.1" 404 502 "-" "Mozilla/5.0 (Windows NT 6
.1; WOW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17"
[malicious ip] - - [02/Jul/2015:21:24:31 +0100] "GET /admin.php HTTP/1.1" 404 500 "-" "Mozilla/5.0 (Windows NT 6.1; W
OW64) AppleWebKit/537.1 (KHTML, like Gecko) Chrome/24.0.1309.0 Safari/537.17"

[malicious ip] - - [02/Jul/2015:21:25:14 +0100] "POST /blog/xmlrpc.php HTTP/1.0" 500 607 "-" "Mozilla/4.0 (compatible
: MSIE 7.0; Windows NT 6.0)"
[malicious ip] - - [02/Jul/2015:21:26:44 +0100] "POST /blog/xmlrpc.php HTTP/1.0" 500 607 "-" "Mozilla/4.0 (compatible
: MSIE 7.0; Windows NT 6.0)"

What you are seeing is malicious network traffic – designed to find vulnerabilities in your WordPress site software or to make it unavailable to genuine site visitors.

While you can keep your WordPress updated to help defend against these attacks (and indeed it’s as easy as clicking a button these days), this will not help keeping your site available.

Defending your WordPress site from a large quantity of malicious network requests cannot be done using just WordPress alone.

In this blog post, I’m going to share what I did to defend my own WordPess sites against such attacks.

I use Debian Linux but these instructions are also applicable to other distros with slight changes to package names, paths etc.

We’re going to install two packages:

  • fail2ban – this will handle the network level blocking of malicious traffic by manipulating iptables
  • mod_evasive – this is an Apache module that detects suspicious site activity, blacklists IPs to prevent access and logs those IPs

What we’re going to do is wire these two up to get “the best of both worlds“. In essence we’re going to detect malicious users, block them once they start misbehaving and ensure they never bother you again.

So lets start by installing both packages:

aptitude install fail2ban mod_evasive

fail2ban has a concept of “jails” – any malicious IPs detected by mod_evasive get “jailed”.

Lets create a couple of jails: one for the XMLRPC attacks and another for anything mod_evasive regards as suspicious:

In /etc/fail2ban/jail.conf


[apache-mod-evasive]
enabled = true
port = http,https
filter = apache-mod-evasive
logpath = /var/log/daemon.log
maxretry = 1
bantime = 3600

# keep the jail name short 29 chars or iptables will not be able to create the chain
[wp-xmlrpc]
enabled = true
port = http,https
filter = wp-xmlrpc
logpath = /var/log/apache2/mywordpress.com/access.log
maxretry = 1
bantime = 86400

Note the name limit for the jail!

Next we create filter files for both these jails so we can extract the malicious IPs (you can adapt these to other services and logfiles once you get the general idea)

/etc/fail2ban/filter.d/wp-xmlrpc.conf


# Fail2Ban configuration file

[Definition]

# Option: failregex
# Notes.: regex to match the Forbidden log entrys in apache error.log
# maybe (but not only) provided by mod_evasive
#
# Values: TEXT
#
#failregex = ^\^\*\]\s+\[error\]\s+\[client \] client denied by server configuration:\s
failregex = .*POST /blog/xmlrpc.php

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

…and in /etc/fail2ban/filter.d/apache-mod-evasive.conf


# Fail2Ban configuration file

[Definition]

# Option: failregex
# Notes.: regex to match the Forbidden log entrys in apache error.log
# maybe (but not only) provided by mod_evasive
#
# Values: TEXT
#
#failregex = ^\^\*\]\s+\[error\]\s+\[client \] client denied by server configuration:\s
failregex = mod_evasive\[\d+\]:\s+Blacklisting address :

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =

For mod_evasive the config files vary depending on your Debian version…

Debian Wheezy: /etc/apache2/conf.d/mod-evasive
Debian Jessie: /etc/apache2/conf-available/mod-evasive.conf

# docs in /usr/share/doc/libapache2-mod-evasive/README.gz
DOSPageCount 10
DOSSiteCount 10
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 60

# this works but i dont really need to know all the time
#DOSEmailNotify root@localhost

# XXX make sure this dir exists beforehand!
DOSLogDir “/var/log/mod_evasive”

DOSWhitelist 127.0.0.1

# server external IP – just in case
DOSWhitelist [server external ip]

Please heed some of the comments above!

Note that the full docs for mod_evasive (and a config test program) can be found in /usr/share/doc/libapache2-mod-evasive/README.gz

You can add multiple DOSWhitelist lines – it would sensible to add the IP that you connect from the most – or add a “safe” unchanging once such as your employers IP.

I suggest playing about with the first bunch of settings (DOSPageCount, DOSSiteCount, DOSPageInterval, DOSSiteInterval) as you can easily get false-positives when trying this out – you could block legitimate traffic if you are not careful!

Ensure you restart the respective services once finished with configuration. Observe the log files to ensure operation is correct.

mod_evasive will log to /var/log/daemon.log like this:


Jul 2 11:19:44 defiant mod_evasive[8949]: Blacklisting address [blacklisted ip 1]: possible DoS attack.
Jul 2 11:26:24 defiant mod_evasive[9033]: Blacklisting address [blacklisted ip 2]: possible DoS attack.

fail2ban will log to /var/log/fail2ban.log like so


2015-07-08 18:44:06,516 fail2ban.actions: WARNING [wp-xmlrpc] Ban [malicious ip 1]
2015-07-08 18:44:06,536 fail2ban.actions: WARNING [wp-xmlrpc] Ban [malicious ip 2]

You can also examine the fail2ban jail like so:


# fail2ban-client status wp-xmlrpc
Status for the jail: wp-xmlrpc
|- filter
| |- File list: /var/log/apache2/mywordpress.com/access.log
| |- Currently failed: 0
| `- Total failed: 2
`- action
|- Currently banned: 2
| `- IP list: [malicious ip 1] [malicious ip 2]
`- Total banned: 2

You can also see the corresponding iptables chain:


# iptables --list --line-number
...
1 fail2ban-wp-xmlrpc tcp -- anywhere anywhere multiport dports http,https
...
Chain fail2ban-wp-xmlrpc (1 references)
num target prot opt source destination
1 DROP all -- [malicious ip 1] anywhere
2 DROP all -- [malicious ip 2] anywhere
3 RETURN all -- anywhere anywhere

And that should do it!

You may need to tweak the settings occaisonally. Just keep an eye on it. Log-in now and again for the next week or so after configuration and check these logs to see if things are running smoothly:


# multitail /var/log/apache2/mywordpress.com/access.log /var/log/fail2ban.log /var/log/daemon.log

If something does slip through the net you can manually ban/unban using something like:


# fail2ban-client set wp-xmlrpc banip [malicious ip]

Hope that helps! Let me know if it works/does not work by leaving a comment.

It's only fair to share...Share on FacebookShare on Google+Tweet about this on TwitterEmail this to someoneShare on RedditShare on LinkedIn
Categories: Technical Tags: , , ,