We’ve had quite a lot of source IP’s flooding our web server the past few days. The first couple, I just blocked entirely … but we get a good bit of traffic to my husband’s business domain. That traffic is not exclusively people randomly surfing the Internet — we’ve been getting records in our logs that very specifically look like hacking attempts.<\/p>\n
I’ve added a few stanzas into my Apache configuration to block access to “important” files unless the source is my tablet’s IP:<\/p>\n
<Files ~ \"wp-config.php\">\r\n Order deny,allow\r\n deny from all\r\n Allow from 10.5.5.0\/24\r\n <\/Files>\r\n\r\n <Files ~ \"wp-login.php\">\r\n Order deny,allow\r\n deny from all\r\n Allow from 10.5.5.0\/24\r\n <\/Files>\r\n\r\n <Files ~ \"wp-settings.php\">\r\n Order deny,allow\r\n deny from all\r\n Allow from 10.5.5.0\/24\r\n <\/Files>\r\n\r\n <Files ~ \"xmlrpc.php\">\r\n Order deny,allow\r\n deny from all\r\n Allow from 10.5.5.0\/24\r\n <\/Files>\r\n\r\n <Directory \"\/\">\r\n Order allow,deny\r\n Allow from all\r\n <\/Directory>\r\n\r\n <Directory \"\/var\/www\/vhtml\/lisa\/html\/wp-admin\">\r\n Order deny,allow\r\n deny from all\r\n Allow from 10.5.5.0\/24\r\n <\/Directory> \r\n<\/pre>\nThen went into the MySQL database and renamed all of the tables to remove the default prefix:<\/p>\n
rename table wp_commentmeta to prefix_commentmeta;\r\nrename table wp_comments to prefix_comments;\r\nrename table wp_links to prefix_links;\r\nrename table wp_ngg_album to prefix_ngg_album;\r\nrename table wp_ngg_gallery to prefix_ngg_gallery;\r\nrename table wp_ngg_pictures to prefix_ngg_pictures;\r\nrename table wp_options to prefix_options;\r\nrename table wp_postmeta to prefix_postmeta;\r\nrename table wp_posts to prefix_posts;\r\nrename table wp_statistics_exclusions to prefix_statistics_exclusions;\r\nrename table wp_statistics_historical to prefix_statistics_historical;\r\nrename table wp_statistics_pages to prefix_statistics_pages;\r\nrename table wp_statistics_search to prefix_statistics_search;\r\nrename table wp_statistics_useronline to prefix_statistics_useronline;\r\nrename table wp_statistics_visit to prefix_statistics_visit;\r\nrename table wp_statistics_visitor to prefix_statistics_visitor;\r\nrename table wp_term_relationships to prefix_term_relationships;\r\nrename table wp_term_taxonomy to prefix_term_taxonomy;\r\nrename table wp_termmeta to prefix_termmeta;\r\nrename table wp_terms to prefix_terms;\r\nrename table wp_usermeta to prefix_usermeta;\r\nrename table wp_users to prefix_users;\r\nrename table wp_wfBadLeechers to prefix_wfBadLeechers;\r\nrename table wp_wfBlocks to prefix_wfBlocks;\r\nrename table wp_wfBlocksAdv to prefix_wfBlocksAdv;\r\nrename table wp_wfConfig to prefix_wfConfig;\r\nrename table wp_wfCrawlers to prefix_wfCrawlers;\r\nrename table wp_wfFileMods to prefix_wfFileMods;\r\nrename table wp_wfHits to prefix_wfHits;\r\nrename table wp_wfHoover to prefix_wfHoover;\r\nrename table wp_wfIssues to prefix_wfIssues;\r\nrename table wp_wfLeechers to prefix_wfLeechers;\r\nrename table wp_wfLockedOut to prefix_wfLockedOut;\r\nrename table wp_wfLocs to prefix_wfLocs;\r\nrename table wp_wfLogins to prefix_wfLogins;\r\nrename table wp_wfNet404s to prefix_wfNet404s;\r\nrename table wp_wfReverseCache to prefix_wfReverseCache;\r\nrename table wp_wfScanners to prefix_wfScanners;\r\nrename table wp_wfStatus to prefix_wfStatus;\r\nrename table wp_wfThrottleLog to prefix_wfThrottleLog;\r\nrename table wp_wfVulnScanners to prefix_wfVulnScanners;\r\n\r\nupdate prefix_usermeta set meta_key = REPLACE(meta_key,'wp_','prefix_');\r\nupdate prefix_options SET option_name = 'prefix_user_roles' where option_name = 'wp_user_roles';\r\n<\/pre>\nModified wp-config.php to use the new prefix:<\/p>\n
\/\/ $table_prefix\u00a0 = 'wp_';\r\n$table_prefix\u00a0 = 'prefix_';\r\n<\/pre>\nMore to tweak, but this is a start!<\/p>\n","protected":false},"excerpt":{"rendered":"
We’ve had quite a lot of source IP’s flooding our web server the past few days. The first couple, I just blocked entirely … but we get a good bit of traffic to my husband’s business domain. That traffic is not exclusively people randomly surfing the Internet — we’ve been getting records in our logs …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[30],"tags":[31,52],"class_list":["post-412","post","type-post","status-publish","format-standard","hentry","category-system-administration","tag-apache","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/412","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=412"}],"version-history":[{"count":3,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions"}],"predecessor-version":[{"id":422,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/412\/revisions\/422"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=412"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=412"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=412"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}