30 Mar

WordPress: getting summary from Login Security Solution plugin

Brute-force attacks are one the most common ones against WordPress sites. One of the possible solution is to use Login Security Solution plugin. It tracks attempts to login and ban IPs if there are too many of them during certain period of time. The plugin stores all information about the attempts in wp_login_security_solution_fail table. Here is how you can get summary on IP addresses which are attacking your site:

select ip, count(ip) as attempts from wp_login_security_solution_fail group by ip order by attempts desc;

Now you can block the most active of them in the firewall.

27 Mar

How to setup ionCube loader on Centos 6.4

If you need to install ionCube loader on Centos 6.4 you will need either to enable Atomic repository on your Linux box or to download their SRPM package and rebuild it.

Way 1

wget -q -O - http://www.atomicorp.com/installers/atomic |sh
yum install php-ioncube-loader

Way 2

rpm -ivh rpmbuild/RPMS/x86_64/php-ioncube-loader-4.2.2-2.art.x86_64.rpm
rpmbuild -bb ~/rpmbuild/SPECS/php-ioncube-loader-art.spec
rpm -ivh rpmbuild/RPMS/x86_64/php-ioncube-loader-4.2.2-2.art.x86_64.rpm


[root@sched ~]# php -v
PHP 5.4.13 (cli) (built: Mar 14 2013 08:57:49)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies
with the ionCube PHP Loader v4.2.2, Copyright (c) 2002-2012, by ionCube Ltd.
[root@sched ~]#
14 Mar

fail2ban setup on Centos

fail2ban is a simple daemon (written in Python, BTW) which monitors your Linux server logs and is able to prevent bruteforce attacks by adding bad IP addresses to iptables. This is a simple self reminder on how to setup it.

yum install fail2ban
vim /etc/fail2ban/jail.conf

If you want fail2ban to only notify you  (and not add them to iptables) modify the configuratio files this way:

action = sendmail-whois[name=SSH, [email protected], [email protected]]

It would be wise to add your IP addresses to be ignored:

ignoreip =


service fail2ban start

Enable auto start:

chkconfig fail2ban on

Now if somebody tries to brueforce your SSH you’ll get a mail.

13 Mar

How to hide readme.html from WordPress setup under nginx

By default Worpdress places readme.hml file to your webroot directory, so it’s possible to get it. The problem is this file contains your WordPress version. So if for some reason you have vulnerable version of WordPress you might want to hide this file. This is how you can implement this:

location = /readme.html
return 404;

Keep in mind that it will not remove your WordPress version from your feeds and HTML headers.