Install Squid Proxy on Ubuntu

Install Squid [crayon-59c7ea0c2dd6e848662706/] When asked to continue press Y Configure Squid The default configuration file for squid is located under /etc/squid3/squid.conf or /etc/squid/squid.conf. [crayon-59c7ea0c2dd7b883482405/] For http proxy you may need to change below options http_port: Default is 3128 http_access deny all: You may want this to change to http_access allow all for probably testing purpose but real life scenario would be to allow just 1 IP address of your webserver Remember to restart squid after making any changes to the configuration file [crayon-59c7ea0c2dd80136317044/]  ...
Read More

WordPress XMLRPC attacks – How to prevent

What is wordpress XMLRPC RPC stands for Remote Procedure Call. Wordpress XMLRPC is a protocol which allows remote systems to communicate with Wordpress. The language to communicate is XML. With WordPress XMLRPC support, you can post to your WordPress blog using many popular Weblog Clients. XML-RPC functionality is turned on by default since WordPress 3.5. Brute Force Attack through wordpress XMLRPC Attackers user system.multicall method in XML-RPC to create hundreds of request combined in a single request to attack a system i.e. mostly to guess the username and password to the system. This is called as Brute Force Amplification Attacks  via WordPress XML-RPC How to prevent XMLRPC attack The most recommended way is to disable XML-RPC completely. To disable XML-RPC completely add following to your APACHE configuration file. [crayon-59c7ea0c2e3d4258091186/] Some plugins in wordpress e.g. Jetpack is based on XML-RPC. In that case it is not possible to disable XML-RPC entirely. In that case you can disable system.multicall requests through your firewall Check server logs regularly and find IPs...
Read More

How to correctly get visitor/client IP address

For security reasons and to prevent spam it is always recommended to log visitor/client IP address in your database atleast for important transactions like posting a comment, registration, etc. However it is important that we store the real IP of the visitor. Visitor/Client is not using proxy In almost all cases i.e. when the visitor/client is not behind the proxy we can get the real IP address of the visitor/client using [crayon-59c7ea0c2e75a544794296/] Visitor/Client is behind a proxy server In some cases the visitor/client could be behind a proxy server. In that case we can get the real IP using [crayon-59c7ea0c2e762606781201/] However using some tools one can easily pretend to be behind a proxy server. In that case we cannot get the real IP using above method Also we cannot be sure if the visitor/client is using a proxy or not. So it is best to store both the values in different fields in your database....
Read More

Clickjacking – How to prevent on wordpress sites

What is clickjacking In simple words Clickjacking means users are tricked into clicking or keystroking on a different site/page making them think they are on their usual site. How can that be a problem from security point of view. Here is an example An example of Clickjacking Lets assume you own a website my_domain.com and you login to it everyday. If this site is not protected from clickjacking a hacker may be able to call this site in an iframe on some page hosted on his domain some_domain_owned_by_hacker.com Now the hacker also adds some javascript to this page which records users keystrokes. Through some means the hacker may trick you in clicking and opening this page. If you do not notice the domain name in the URL then you may feel that it is your own website and may even log in. Due to the keystroke recording script the hacker is then able to get your password. However you may feel that you always check the domain name before performing any transaction on a website and...
Read More

WordPress Security – Configuration / Installation

1. Wordpress security at the Configuration and installation level This section explains measures to be taken for achieving wordpress security while installing and configuring wordpress. 1.1 Change default table prefix Many published WordPress-specific SQL-injection attacks make the assumption that the tableprefix is wp, the default. Changing this can block at least some SQL injection attacks. 1.2 Securing wp-config.php Are you aware that wp-config.php can be stored one directory level above the WordPress installation? This is quite a simple task. Also, make sure that only you (and the web server) can read this file (it generally means a 400 or 440 permission). This file contains quite sensitive information like password, database user etc so it's very imp to protect this file 1.3 Disable File Editing through Wordpress Dashboard The WordPress Dashboard by default allows administrators to edit PHP files, such as plugin and theme files. This is often the first tool an attacker will use if able to login, since it allows code execution. WordPress has a constant to disable editing...
Read More

WordPress – How to disable dashboard access to subscribers

For security reasons you may wish to disable dashboard access to subscribers and allow access to only Admins, Editors and Authors. Below is a simple snippet of code to achieve this. Add below code in your theme's functions.php file [crayon-59c7ea0c2ef2d634611061/] The above code will redirect the user to your home page when the user tries to visit the Dashboard. However in some cases you may want a certain subscriber to access Dashboard. In that case I have created a capability called as dashboard_access. This capability can be assigned to the required user....
Read More

How to overcome Cloudflare 522: Connection timed out error

There are a few reasons why this error occurs. The most obvious is your server is down or a certain process is taking too long and your server is very busy. However that may not be the most likely reason for this error especially if this is happening quite frequently. Here are the 2 most likely reasons. When your website goes on clouflare, most of the incoming connections to your website are through the cloudflare IPs. If your server does not know about cloudflare IPs, its internal firewall limits access to any connections through those IPs simply because of the number of connections. So it is very important for your server firewall to whitelist those IPs. (Just to tell your server that connections through these IPs are ok). These IPs can be found on the cloudflare site: https://www.cloudflare.com/ips You may have tried something which may have triggered some rule set within the clouflare firewall. This block is only limited to you and mostly for a...
Read More

WordPress how to assign only necessary capabilities to users

Quite often there is a requirement in wordpress to give certain users access to certain Administrative function e.g. manage widgets but you do not want to make them administrator for obvious reasons Here are some steps to achieve this requirement Create some role e.g. widgets_manager (based on the Author role i.e. same as Author role) Assign edit_theme_options capability to this newly created role [crayon-59c7ea0c2f19c421078182/] Now just add below code to your functions.php [crayon-59c7ea0c2f1a4751620630/]   ...
Read More