I always have people asking me for a dummies guide to IPtables, and in all reality their isn’t one it takes time, reading, and understanding to use it properly. If IPtables is used properly and effectively it can save you hundreds of dollars in networking equipment and time. Here is a collection of several IPtables how-to’s and links I have collected for people through the years.

• Basic IPtables Commands
• Using iptables to limit bruteforce attacks
• Configuring IPtables on ubuntu server
• Basic IPtables Configuration example

Bookmark It

System Commands

—

Shutting Down -
Usage: shutdown [OPTION]

Options:
-r reboot after shutdown
-h halt or power off after shutdown
-H halt after shutdown (implies -h)
-P power off after shutdown (implies -h)
-c cancel a running shutdown
-k only send warnings, don’t shutdown
-q, –quiet reduce output to errors only
-v, –verbose increase output to include informational messages
–help display this help and exit
–version output version information and exit

so to shutdown and turn off system immediately just run:

shutdown -h 0

—

Monitoring Your System -

Most people familiar with Linux have use top to see what process is taking the most CPU or memory. There’s a similar utility called htop that is better!

The first thing about htop is that it will show you your usage per CPU, as well as a ext graph of your memory and swap usage right at the top. It’s easier to understand at a glance than the default output from top, more human readable.

To install htop run this:

apt-get install htop

To run htop just type:

htop

To stop it use the F10 key.

Files and Directories

—

Listing

Usage: ls [OPTION]… [FILE]…
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuvSUX nor –sort.

Mandatory arguments to long options are mandatory for short options too.
-a, –all do not ignore entries starting with .
-A, –almost-all do not list implied . and ..
–author with -l, print the author of each file
-b, –escape print octal escapes for nongraphic characters
–block-size=SIZE use SIZE-byte blocks
-B, –ignore-backups do not list implied entries ending with ~
-c with -lt: sort by, and show, ctime (time of last
modification of file status information)
with -l: show ctime and sort by name
otherwise: sort by ctime
-C list entries by columns
–color[=WHEN] control whether color is used to distinguish file
types. WHEN may be `never’, `always’, or `auto’
-d, –directory list directory entries instead of contents,
and do not dereference symbolic links
-D, –dired generate output designed for Emacs’ dired mode
-f do not sort, enable -aU, disable -ls –color
-F, –classify append indicator (one of */=>@|) to entries
–file-type likewise, except do not append `*’
–format=WORD across -x, commas -m, horizontal -x, long -l,
single-column -1, verbose -l, vertical -C
–full-time like -l –time-style=full-iso
-g like -l, but do not list owner
–group-directories-first
group directories before files
-G, –no-group in a long listing, don’t print group names
-h, –human-readable with -l, print sizes in human readable format
(e.g., 1K 234M 2G)
–si likewise, but use powers of 1000 not 1024
-H, –dereference-command-line
follow symbolic links listed on the command line
–dereference-command-line-symlink-to-dir
follow each command line symbolic link
that points to a directory
–hide=PATTERN do not list implied entries matching shell PATTERN
(overridden by -a or -A)
–indicator-style=WORD append indicator with style WORD to entry names:
none (default), slash (-p),
file-type (–file-type), classify (-F)
-i, –inode print the index number of each file
-I, –ignore=PATTERN do not list implied entries matching shell PATTERN
-k like –block-size=1K
-l use a long listing format
-L, –dereference when showing file information for a symbolic
link, show information for the file the link
references rather than for the link itself
-m fill width with a comma separated list of entries
-n, –numeric-uid-gid like -l, but list numeric user and group IDs
-N, –literal print raw entry names (don’t treat e.g. control
characters specially)
-o like -l, but do not list group information
-p, –indicator-style=slash
append / indicator to directories
-q, –hide-control-chars print ? instead of non graphic characters
–show-control-chars show non graphic characters as-is (default
unless program is `ls’ and output is a terminal)
-Q, –quote-name enclose entry names in double quotes
–quoting-style=WORD use quoting style WORD for entry names:
literal, locale, shell, shell-always, c, escape
-r, –reverse reverse order while sorting
-R, –recursive list subdirectories recursively
-s, –size print the size of each file, in blocks
-S sort by file size
–sort=WORD sort by WORD instead of name: none -U,
extension -X, size -S, time -t, version -v
–time=WORD with -l, show time as WORD instead of modification
time: atime -u, access -u, use -u, ctime -c,
or status -c; use specified time as sort key
if –sort=time
–time-style=STYLE with -l, show times using style STYLE:
full-iso, long-iso, iso, locale, +FORMAT.
FORMAT is interpreted like `date’; if FORMAT is
FORMAT1FORMAT2, FORMAT1 applies to
non-recent files and FORMAT2 to recent files;
if STYLE is prefixed with `posix-’, STYLE
takes effect only outside the POSIX locale
-t sort by modification time
-T, –tabsize=COLS assume tab stops at each COLS instead of 8
-u with -lt: sort by, and show, access time
with -l: show access time and sort by name
otherwise: sort by access time
-U do not sort; list entries in directory order
-v sort by version
-w, –width=COLS assume screen width instead of current value
-x list entries by lines instead of by columns
-X sort alphabetically by entry extension
-Z, –context print any SELinux security context of each file
-1 list one file per line
–help display this help and exit
–version output version information and exit

so to list a directory with file sizes run a:

ls -lh

—

Changing Directories

to change a directory use cd command followed by the directory you want to move to.

So to cd to root use:

cd /

File Editing

—

NANO

I LOVE NANO!

to install:

apt-get install nano

to use it to make/edit a file use the nano command followed by the file name. The control keys you need to use will list at the bottom of your terminal!

nano foo

These are some commands I use often! If you have a question on how to do something just leave a comment. I will be adding more commands soon!

Bookmark It

Securing WordPress is one of those topics a lot of people need to do, but not many have a defined guide of how to do it. When securing WordPress remember it is about making trade-offs between usability and security. For everything you want lock down it will make access for your users and yourself harder or add an extra step to get in.

Today I will go over the basic things you can do to secure your version of WordPress. For some parts of this guide I assume you have your own server with root access; I will note where you can do things in a shared hosting environment or your own.

Hosting

The first thing to consider when securing WordPress is your hosting. Is your hosting service provide secure? Do they do updates to the newest versions of their respective software? What other measures have they taken to mitigate attacks on your site? If you are using a shared hosting provider or have managed hosting this should all be taken care of for you; don’t be hesitant to ask as not all hosting providers care. If you are managing your own server you need to consider all the steps necessary to secure it all the way down from keeping your OS (Operating System) updated, to how you are going to squelch a DDoS (Distributed Denial of Service) attack when you make someone mad.

The Basics

Throughout my guide you find find the following ideas; they may be repeated but all follow four basic ideas of security:

1. Limit Access – Making decisions on permissions or access to files that will definitely lower points of entry available to a malicious person or bot (most WordPress attacks are carried out automatically.
2. Password Security – Most people don’t realize the easiest points of entry is by knowing the user name and password.
3. Containment – If you know of a weak point in your installation contain it so there will be minimal damage to your system if this point of entry is used. If you get hacked figure out where the point of entry was and harden its security.
4. Snapshot – What I mean by this is keeping a snapshot of your WordPress configuration: Regular database backups, File/Folder backups even noting changes to your code so you know what was changed, why it was changed and can easily be tracked so you know you did it!

Common Vulnerabilities

1. Your Computer – Remember that anything you do won’t matter if your computer has been compromised. Be sure to have the latest updates on your Operating System, Virus Scan, Malware/Adware scan.
2. WordPress Itself – WordPress itself can have vulnerabilities it the way it handles data, form input, etc… The only real way to keep up with this is to use the latest version of WordPress. It may be a pain to do it once a week or bi-weekly but the enhanced security is very important.
3. The Server – What ever server you are using whether it be your own or a shared server needs to be kept up to date. If it is not you may be compromised from outside of WordPress. Things to check for are newer versions of: Apache, PHP, MySQL, IIS (on windows), MsSQL (on windows).
4. The Network – If the network isn’t secure or made to automatically squelch a DDoS attack you are probably hosting in the wrong place.
5. Plugins – Many bots look for known plugins that have easy to exploit vulnerabilities. I have found my plugins tend to be my easiest point of entry. If you can obscure your plugins of versions of the plugins it will mitigate there use.

Attack Types

The most common attack typed against WordPress are:

1. Sending special made HTTP requests to the server with a payload to try to get results from wordpress or a wordpress plugin, this may be automated or not.
2. Brute force password attacks

Implementation

1. Securing your /wp-admin directory. Your /wp-admin directory needs to be secured from outside of WordPress. The way I would recommend you to do this is with a simple .htaccess and .htpasswd file. I would definitely not recommend any sort of plugin to do this as it is vital to add this extra layer of security to stop almost all bot (automated) attacks and attacks from the unlearned hacker. Keep in mind your users will all need to know the user/pass to get in. What I have done is create a .htaccess that lets humans know what user and password to use. The biggest benefit here is making your attacker go through HTTP Auth first, thereby not allowing a http request beyond it without authentication.
2. Changing the admin username – If your attacker has no username he has nowhere to start a bruteforce password attack. You can change your admin username either through MySQL commands or using phpMyAdmin.
3. Obscurity – if a bot or attacker doesn’t know what your running or its version this decreases chance of an attack. Here is a plugin to help: Plugin Page
4. Backups – Please people backup your stuff, regularly (daily or better).
5. Logs – If you don’t have good logs you won’t find any points of entry when you do get attacked.

The moral of the story

WordPress is popular, popular things get hacked more often…..learn from others mistakes take your blogs security seriously.

As always any questions just leave a comment.

Bookmark It