Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - damador

Pages: [1]
1
Updates / VARNISH update - tutorial for varnish 6.6
« on: April 19, 2021, 05:57:27 PM »
How to make latest varnish on CWP 7 work

centos 7 cwp

first - backup

/etc/ld/so/conf.d/varnish-x86_64.conf
/etc/logorate.d/varnish
/etc/varnish *.* along with all conf.d vhost files

/usr/lib/systemd/system/ varnish.service   and varnishcsa.service



https://packagecloud.io/varnishcache/varnish66/install#bash-rpm

Code: [Select]
curl -s https://packagecloud.io/install/repositories/varnishcache/varnish66/script.rpm.sh | sudo bash
this will add repository with new 6.6 packages for centos 7

update varnish package via yum update or CWP panel

copy back all files from backup - restart varnish and voila

Code: [Select]
[root@vps ~]# varnishd -V
varnishd (varnish-6.6.0 revision ef54768fc10f5b19556c7cf9866efc88cfbda8ff)
Copyright (c) 2006 Verdens Gang AS
Copyright (c) 2006-2020 Varnish Software
[root@vps ~]#

2
Updates / Monit update
« on: April 18, 2021, 10:15:08 PM »
in CWP there is old monit v 5.26 - its is safe to update from sources or CWP use changed / modded version ?

3
CSF Firewall / CSF - IP tables rules
« on: April 11, 2021, 02:56:26 PM »
Situation - i have set custom rules for Wordpress XMLRPC attack - csf deny rule was triggered and IP come to 24 h ban in CSF deny list but ... acces log for domain show

119.29.93.25 - - [11/Apr/2021:15:47:51 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:52 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:52 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:53 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:54 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:55 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:56 +0200] "POST /xmlrpc.php HTTP/2.0" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"
119.29.93.25 - - [11/Apr/2021:15:47:57 +0200] "POST /xmlrpc.php HTTP/1.1" 403 199 "-" "Apache-HttpClient/4.5.2 (Java/1.8.0_151)"

- yeah webserver return 403 but i want to execute blok rule before it even hit nginx proxy or apache

i did  itables -A INPUT -s 119.29.93.25 -j DROP which added IP to drop chain and stopped the flood ( got 3 MB / munute log size )  - is there a rule / way to make it auto seems that CSF drop rule make server to respond with 403 but traffic still hit it and make log spam

Pages: [1]