Some problems and security concerns
Hi there,
I have two small servers here at Linode.
One of them I use to host two small websites (WordPress), with Apache vhosts, MySQL, etc.
Well, I installed Fail2Ban since the day I deployed this server, and from that point I could see the number of "strange" things increase.
I have UFW running and have also deployed some other extra Fail2Ban filters, as for example wordpress-extra
, wordpress-soft
and wordpress-hard
.
Today I can see that wordpress-hard
banned 382 IPs (this number is a bit lower for wordpress-soft
).
At the server logs I can see a lot of login attempts to WordPress, SSH, etc. And despite I only allow SSH logins via SSH keys, I am a bit preocuppied.
Today I have password protected (via .htaccess and .htpasswd) the WordPress admin area, as well as the phpMyAdmin page.
But despite all of this, I am really preocuppied, also because I know that if this continue to increase I can experience some kind or performance related issue.
This server is very small, a Nanode with 1GB of RAM. I wanted to know your opinions, if possible, regarding what more I could do in order to increase security and prevent any problems.
I was thinking in to install a WordPress plugin which changes the default login page (from wp-login.php
and wp-admin
to something else). But I really don't know if this would be effective or reasonable once I have already protected the WP admin folder.
Well, any help and/or suggestion would be very appreciated.
Thanks in advance.
6 Replies
By all means change the admin login url. There is a nice plugin that does this… probably several… use wps-hide-login.
You should also install the wordfence plugin
WordPress sites are a huge target for hacker since there are so many of them. Thus, I suggest you run a cron (bash) script that will truncate your error logs or they will eventually fill up your storage!
Thanks for the suggestions.
I was really wondering if to change the admin login URL would benefit the server, once I have already password protected the area.
About WordFence, I always feared it, afraid of some kind of excessive resource usage. But I will try to give it a test.
With WordPress you can't change a username. All you can do is create a new admin user, login as as that new user and delete the old admin user.
I've never known or noticed WordFence to be a resource hog. Try it. If you think it is causing any latency you can deactivate it.
You might want to up in a 2FA plugin for WP for added security.
Thank you very much. I am already trying WordFence.
I have also activated 2FA and changed the admin URL.
Other thing I've done was to deactivate xmlrpc.php
as it was a constant appearance at the logs.
But I just saw the logs paying attention to what Fail2Ban done, and there is a lot of IPs banned for constant SSH login attempts.
But I just saw the logs paying attention to what Fail2Ban done, and there is a lot of IPs banned for constant SSH login attempts.
Welcome to the public internet…
You might want to consider the fail2ban package that puts banned IP addresses into ipsets. That way, you have a single DROP rule that DROPs any traffic from any member of the ipset instead of creating a single rule for every banned IP address.
You have to have 2 rules…one for an ipset of IPv4 addresses and one for an ipset of IPv6 addresses (because the mavens at the Linux Foundation haven't caught on to the fact that, in the 3rd decade of the 21st century, people use both -- hence iptables and ip6tables…).
-- sw
That's seems to be really great.
I'll take a look and try to implement it.