Cpanel – Chris Gilligan » new media https://chrisgilligan.com portfolio of web work Fri, 27 Sep 2013 20:12:28 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.1 WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/ https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/#respond Thu, 30 May 2013 00:30:24 +0000 https://chrisgilligan.com/?p=1875 VacantServer WordPress sites are getting hammered with bad logins and probes. We’ve implemented a plugin to log failed login attempts to syslog, and a Fail2Ban filter for the same. If you run these on RedHat, you’ll need some additional configuration info… here it is: WordPress login failure regex (error_log): ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ […]

The post WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux appeared first on Chris Gilligan » new media.

]]>
VacantServer WordPress sites are getting hammered with bad logins and probes.

We’ve implemented a plugin to log failed login attempts to syslog, and a Fail2Ban filter for the same. If you run these on RedHat, you’ll need some additional configuration info… here it is:

WordPress login failure regex (error_log):
^%(__prefix_line)sAuthentication failure for .* from <HOST>$

Apache nohome regex (error_log):

[[]client <HOST>[]] File does not exist: .*/~.*

PHP noscript regex (/home/*/logs/error_log,/var/log/httpd/error_log):

[[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
[[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$

XMLRPC flood attacks — DDoS and probing (/home/*/logs/access_log):

<HOST>\s.*\s.POST\s/xmlrpc.php*.\s.*

Please also enable the generic apache-nohome, apache-noscript. Install wp fail2ban plugin (and configure it for your server) on your high traffic blogs. These all are helping during the current onslaught, which also includes probing for wp-admin directories, probing for /wp-admin/login.php, plus comment spam.

A new XMLRPC exploit has the script kiddies doing DDoS and probing for vulnerable services, and possibly doing remote code execution on vulnerable services.

Here are some additional resources:

The post WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/feed/ 0
Cpanel Mailman mailing lists: cannot manage lists after migrating to new host https://chrisgilligan.com/wordpress/cpanel-mailman-mailing-lists-cannot-manage-lists-after-migrating-to-new-host/ https://chrisgilligan.com/wordpress/cpanel-mailman-mailing-lists-cannot-manage-lists-after-migrating-to-new-host/#comments Tue, 19 Jul 2011 19:27:32 +0000 https://chrisgilligan.com/?p=466 We recently migrated 2 Cpanel servers to VPS. Most things migrated properly and without incident. However, Mailman mailing lists were the exception. Mailing lists appear to have migrated properly, as they show up under WHM and Cpanel and usr/local/ … /list_lists However, when cpanel user clicks Manage link, the following message appears: cpanel1.hosting.com mailing lists […]

The post Cpanel Mailman mailing lists: cannot manage lists after migrating to new host appeared first on Chris Gilligan » new media.

]]>

We recently migrated 2 Cpanel servers to VPS. Most things migrated properly and without incident. However, Mailman mailing lists were the exception.

Mailing lists appear to have migrated properly, as they show up under WHM and Cpanel and usr/local/cpanel/3rdparty/mailman/bin/list_lists

However, when cpanel user clicks Manage link, the following message appears:

cpanel1.hosting.com mailing lists – Admin Links
No such list listname_domainname.com
There currently are no publicly-advertised Mailman mailing lists on cpanel1.hosting.com.To visit the administrators configuration page for an unadvertised list, open a URL similar to this one, but with a ‘/’ and the right list name appended. If you have the proper authority, you can also create a new mailing list.

This turned out to be a permissions issue:

root@cpanel1 [/usr/local/cpanel/3rdparty/mailman/bin]# ./check_perms

--snip--
directory permissions must be 02775: /usr/local/cpanel/3rdparty/mailman/.../list_domain.com/...
--snip--
Problems found: 2999

# ./check_perms -f

FIXED!!!

The post Cpanel Mailman mailing lists: cannot manage lists after migrating to new host appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/wordpress/cpanel-mailman-mailing-lists-cannot-manage-lists-after-migrating-to-new-host/feed/ 2