How to block brute force attacks against your wordpress and live happy

3 minute read Published:

Some time ago i installed on my wordpress a wonderful plugin to help me secure this (and others) blog. it’s named Sucuri Security and it’s from it scans your wordpress for the most common mistakes and add some interesting features. One of these features it’s the capability of trace failed logins and save them in a log file in JSON format like: {"user_login":"admin","user_password":"","attempt_time":1422522535,"remote_addr":"","user_agent":false} This made me think of a possible way to exploit this information to temporary block the ip of the attacker so i made a simple script to “abuse” their log and ended up with a simple script in python.

Deobfuscator, decoder for POST urls

1 minute read Published:

While looking in your apache or nginx logs, you could end up finding some entries of attempt to hack your machine. some of these are easily to spot: POST %63%67%69%2D%62%69%6E/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E but a bit hard to decode. To avoid the pain of looking char by char i’m sharing a really easy python routine to decode them import binascii def parsemi(stri): codes=stri.split('%') stt="" for cc in codes: if len(cc) > 2: stt+=binascii.unhexlify(cc[:2]) stt+=cc[2] else: stt+=binascii.

Kibana and ElasticSearch over Haproxy logs

2 minute read Published:

One of the most interesting things about open source, is the capability of being able to deploy software that can compete with tools more emblazoned or “enterprise” grade appliance. One of these software is HaProxy which, with some tuning and doc reading, can easily sustain 20k-30k connection per seconds on a 1GB dual core virtual machine. Of course, during testing phase and during live you would need to see haproxy logs, in particular error logs but also the access one; since the amount of data is rather big, you’d prefer having another server that has to do with write on the disk and let haproxy only deal with load balancing.

A Wonderful world with ansible

1 minute read Published:

Ansible is a beautiful tool to help you manage a lot of linux server. It follows the philosophy that orchestrating servers should be dead simple rather than complex as writing software. Here some quick and simple use for ansible update apt cache and install python-requests: ansible all -u myuser -s -m apt -a "pkg=python-requests state=installed update_cache=yes" copy /tmp/myfile to any host : ansible all -u myuser -s -m copy -a "

From Screen to Tmux

2 minute read Published:

If you ever worked on long task you’ll end up having the need of detaching from your terminal and come back the next day, without loosing your output. This is where screen and tmux come handy, by making you able to detach your console and logging out. Lately i’ve been trying to migrate from screen to tmux, mostly because tmux looks more advanced and modern from screen. Thanks to this page it’s quite easy to migrate from screen to tmux