[Solved] Apache2 access log browserToolbarGetData?v=2

Nagios3 as sentinel for your servers and clientsAs I wrote in a previous article, someone is buzzing my server with continuous requests for inexistent resources, just like /browserToolbarGetData?v=2. This could be related with a new ip address i just boght, i don’t know yet but there is no trace of this io address history, so i think i’m the first using it, so io’m prone to belive it is just a remote possibility… anyway let’s tale some countermeasures.
Continue reading “[Solved] Apache2 access log browserToolbarGetData?v=2”

(Visited 184 times, 1 visits today)

Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=

fail2ban-in-action-for-wordpress-security-and-performancesThis webpage http://file.oboz.ua/files/vf4f51401192c57_20123223481.mail%5B1%5D is trying to make a fishing attack using this page to serve unprocessed html code in order to make something with user of mail.ru.
if you see a log entry like this:

37.147.118.211 - - [02/Jan/2013:08:53:31 +0000] "GET /mapi?query=%7B%22cmd%22%3A%22getCounters%22%2C%22jsonPrefix%22%3A%22__PHJSONPCallback_47%22%7D&rnd=1357116906112 HTTP/1.1" 403 507 "http://my.mail.ru/friends?" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12"

Continue reading “Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=”

Incoming search terms:

  • odnoklassniki ru/mapi?query={cmd:getcounters jsonprefix:__phjsonpcallback_2} (684)
  • odnoklassniki ru/mapi?query={cmd:getcounters} (258)
  • https://ok ru/mapi?query={\cmd\:\getCounters\} (24)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_3} (15)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_4} (10)
(Visited 2,301 times, 1 visits today)

Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack

fail2ban-stopping-scannersHow to secure WordPress using advanced tools like fail2ban.

EDIT

This rules can cut out search engines from your server and they can affects all the sites hosted on the machine you are working on. I’m writing this because at the end it turned out that a better solution to prevent distribuited flooding is to use iptables with custom rules.

Fail2ban is one of my favourite server securing software, because it not only protects against several consequences deriving from being attacked by some script kiddy, but it saves a lot of system resources otherwise wasted serving pages to bots or similar.
I just discovered an annoying and repeated access log entry on my access logs wich leads to a 403/404 (i faked a little tso it makes sense for this article) error page (forbidden) and then i decided to let a specialized software do the job instead of using wordpress plugin, wich ,would act at a php/mysql level having to generate each time server headers, and here again, wasting server resources.

Some of these log entries looked loke this: Continue reading “Securing WordPress (or any site) with fail2ban: prevent vuln scanners, flood and bruteforce attack”

(Visited 4,385 times, 1 visits today)