Quote:
Originally Posted by newbie14
|
I'm going to answer "no" on that link at this time. Installed "but did not really tweak" sounds like defaults to me!
We can work with that.
Let's not use the 't' word. Let's leave "tweaking" to the over-modifiers.
Right now, you need a basic and simple fail2ban "starter kit" and if you are committed to spending "some time" with it, you
can have a working defense in place. I used quote for "some time" as this unknown will depend on your skill level, how comfortable
you are on the command-line and not affected by too many things. Are you focused? Are you scared of the terminal/shell/console?
Quote:
Originally Posted by newbie14
What else logs can I look into give me more details on this? Yes I have the folder images but no images/stories
|
Oh boy, logs! Don't get me started.
That is another Thread/blog
Consider section titled "Changing
file permissions"
Yes, I realize you have custom Joomla! code and the link goes on about Wordpress.
Consider types valid.
Quote:
Originally Posted by newbie14
What do you mean on this meaning that can the post action drop virus or threat in any manner?
|
Consider what the POST Method does:
Quote:
The post method is used to request that the origin server accept the entity enclosed in the request as a new subordinate of the resource identified by the Request-URI in the Request-Line. Essentially this means that the POST data will be stored by the server and usually will be processed by a server side application.
|
[
1]
Depending on what the site "does" this may be considered "actionable" and by that I mean to stress "It depends".
An e-commerce site may be perfectly acceptable situation to accept POST data.
Forums, clans, Minecraft.... you get the idea.
I don't have such a site.
No extraneous "users" or "editors" or "contributors" whatevs, just one power user (however labeled) and a secondary admin
who does not post, contribute, or edit any thing.
Quote:
Originally Posted by newbie14
I learn some thing from the link you provided.
|
Don't tell the boss.
fail2ban is kind of "my thing".
Yes, I have resources! Same as you! Consider my previous searches:
I started here -
https://www.google.com/#q=fail2ban+s...gitalocean.com
https://www.google.com/#q=%22deny+fr...gitalocean.com
https://gggeek.github.io/phpxmlrpc/
https://hc.apache.org/httpclient-3.x/methods/post.html
https://www.wordfence.com/blog/2015/...-on-wordpress/
"deny from all" is another "layer" you can add to site defense.
Again, It's about "who's asking?" and "what" they are asking for?
Why would a foreign IP need to POST data to my site?
Can I see the POST data after the fact? Not that I've seen.
What does a "normal" browser session look like for your site? Peak and Off Peak hours?
Do I have Peak 'hours'?
You have to examine your logs.
You have to ask yourself
what's normal for a session on your site, or even off of it (API 'hooks'?)
I am naturally a Type A personality and I've read, seen and cleaned enough http hosts.
And I certainly don't trust "error codes" from POST method without examining the traffic concerning it.
Consider this 403:
Code:
69.42.71.124 - - [22/May/2016:22:20:26 -0700] "POST /xmlrpc.php HTTP/1.1" 403 399 "-" "-"
Just one hit, right?
WRONG. And exactly 1 hit.
One hit on xmlrpc.php is the policy. We don't allow that for reasons I have already stated.
Code:
grep xmlrpc.php /etc/fail2ban/filter.d/custom.conf
^<HOST> .* ".*?xmlrpc.php.*?"
Digitalocean has some great stuff.
Sorry for the long answer.
The short version died an untimely death.