…we’re in admin area – i.e. commenters stay logged out if( beresp.http.Set-Cookie && req.url !~ “^/wp-(login|admin)” ){ unset beresp.http.Set-Cookie; } # # don’t cache response to posted requests or those… (Search hits: 13 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 555.5)
…enable the slow query log unless the Slow Queries result is very high. Slow Queries result % will be somewhat high if MySQL has run for less than 24 hours…. (Search hits: 9 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 384.61)
…This would, of course go in /etc/fail2ban/filter.d/dovecot.conf: Here’s the original, commented out via #: #failregex = .*(?:pop3-login|dovecot):.*(?:Authentication failure|Aborted login \(auth failed|Aborted login \(tried to use disabled|Disconnected \(auth failed).*rip=(?P<host>\S*),.* …and here’s… (Search hits: 7 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 299.11)
VacantServer WordPress sites are getting hammered with bad logins and probes. We’ve implemented a plugin to log failed login attempts to syslog, and a Fail2Ban filter for the same. If you run these on RedHat, you’ll need some additional configuration info… here it is: WordPress login failure regex (error_log): ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ […]
…# But allowing phpMyAdmin to anyone other than localhost should be considered # dangerous unless properly secured by SSL Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin <Directory /usr/share/phpMyAdmin/> <IfModule mod_authz_core.c> #… (Search hits: 2 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 85.46)
…they show up under WHM and Cpanel and usr/local/cpanel/3rdparty/mailman/bin/list_lists However, when cpanel user clicks Manage link, the following message appears: cpanel1.hosting.com mailing lists – Admin Links No such list listname_domainname.com… (Search hits: 1 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 42.73)
…RegEx: apc.filters = “-/home/username/public_html/apc\.php$,-/home/username/public_html/wordpress/wp-content/themes/themename/thumb\.php$,-/usr/share/psa-horde/.*,+/home/username/public_html/phpmyadmin/.*” TimThumb is a good example of a common WordPress theme plugin that may not need to be cached. Because the apc.filters RegExp only works with filenames,… (Search hits: 1 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 42.73)
…TEDxChattanooga.com! Love Open Source software, but hate the generic branding? No problem. It’s very simple to create a fully-branded login screen for WordPress and Webmin/Virtualmin, to match a client’s logo and color scheme. … (Search hits: 1 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 42.73)
…to be made. Among the changes: Implemented a Stateful Packet Inspection firewall and Login Failure Daemon to block malicious IP addresses, malware servers, bad bots, content scrapers, etc. Many of… (Search hits: 1 in body, 0 in title, 0 in categories, 0 in tags, 0 in other taxonomies, 0 in comments. Score: 42.73)