Author Archives: peter

Prevent WordPress Brute-force attacks with fail2ban

Introduction

If you run wordpress on a Raspberry Pi then the chances are very high that you get attacked with many attempts and failed logins on you wp-login.php file.

In my case all these attempt showed up in my websites statistics as uniq ip’s that have had many tousands hits on my site…..it’s not only a security problem, but it also have a small impact on performance of your site, i was lucky my Pi 3 didn’t complain and was fast enough 😉

You can use the filters and jails in this post on other linux distributions, but the fail2ban and log files may be in a different place, i have made this to work for the Pi 3 with Rasperian (Debian)

Setting up fail2ban jail and filter rules

I assume that you allready have installed fail2ban

Open the jail configuration

sudo vi /etc/fail2ban/jail.d/defaults-debian.conf

Put this section in the file and save

[wordpress]
enabled = true
port = http,https
filter = wordpress
action = iptables-multiport[name=wordpress, port="http,https", protocol=tcp]
logpath = /var/log/apache2/*.log
maxretry = 30
findtime = 10800 ; 3 hours
bantime = 86400 ; 1 day

Make a filter file for wordpress

sudo vi /etc/fail2ban/filter.d/wordpress.conf

Make this section and save file.

[Definition]
failregex = ^<HOST> .* "POST .*wp-login.php
            ^<HOST> .* "POST .*xmlrpc.php
ignoreregex =

Restart fail2ban

sudo systemctl restart fail2ban

C64 Mini with US keyboard and USB-hub

Got an upgrade to my C64 Mini today, a USB2.0 hub and a US keyboad, that means that makes it easier for me to use the C64 Mini because many games requires some keyboard presses like hitting the F1, the spacebar or writing your name on a highscore.

The C64 was sold with a US keyboard and if you wanted to change that then you had to alter the ROM and that required a EPROM burner.

The C64 Mini can use a normal US keyboard and if you wan’t a nice one that is small then they are way to expensive here in Denmark, so i had to wait a month to get one from China, but with a price of 58,- kr with free shipping, it was ok with the waiting time…..the hub was “free” but had to pay 28 kr. i n shipping still very cheap.

The C64 Mini with an USB hub and US keyboard from Wish.com

Can’t wait to program BASIC with my son 😉

The C64 with a fullsize keyboard is expected to hit the danish stores (Elgiganten) in December also with a better joystick, look the same but with microswitches and much more robust. The joystick on the photo is the original and it’s better than expected, i have had the problems that other users have reported.

Edit your hostfile the easy way on Windows 10

If you are a Windows User/Developer and often need to alter your hostfile to hit sites on local ip numbers then here is a tool that make it easier to manage it.

You can cut, copy, paste, duplicate, enable, disable and move one or more entries at a time, disable the whole hostfile and some other stuff.

screenshot of hostfileeditor

Host File Editor is free and open source, it can be downloaded from https://hostsfileeditor.com/

How to get an SSL A+ rating with Apache

If you need a high rating with tests like https://www.ssllabs.com then i have an example on a working configuration that will get you the A+ score.

I’m using letsencrypt for my SSL site but you can use any certificate to get the result.

<VirtualHost *:80>
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
Redirect / https://www.pvangsgaard.com/
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
CustomLog /var/log/apache2/pvangsgaard.com.access.log combined
</VirtualHost>
<VirtualHost *:443>
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
ServerName www.pvangsgaard.com
ServerAlias pvangsgaard.com
DocumentRoot /home/pva/public_html/pvangsgaard.com
ErrorLog /var/log/apache2/pvangsgaard.com.error.log
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLEngine on
SSLCipherSuite EECDH+AES:EDH+AES:-SHA1:EECDH+RC4:EDH+RC4:RC4-SHA:EECDH+AES256:EDH+AES256:AES256-SHA:!aNULL:!eNULL:!EXP:!LOW:!MD5
SSLHonorCipherOrder on
SSLCertificateFile    /etc/letsencrypt/live/pvangsgaard.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/pvangsgaard.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/pvangsgaard.com/fullchain.pem
</VirtualHost>

Remember to enable headers with:

a2enmod headers
systemctl restart apache

I have also made an example for NGINX at this url https://www.pvangsgaard.com/2018/02/22/how-to-get-an-a-rating-with-100-score-on-the-ssllabs-test-with-nginx/