Tag Archives: Security

Whitelist your own computer in fail2ban

Fail2ban is a great "dynamic" firewall for servers that is installed by default on many of our VPSs, and we can install it on your VPSs at your request. It protects against brute-force attacks, where an attacker is trying to … Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , | Leave a comment

Using Fail2ban on wordpress wp-login.php and xmlrpc.php

A fair few customer of ours use wordpress and occasionally notice that there are people hammering on a few URLs This can cause high load, slow websites and a number of issues, espoecuially when you have more than a single … Continue reading

Posted in Rimuhosting, Security | Tagged , , | Comments Off on Using Fail2ban on wordpress wp-login.php and xmlrpc.php

Monitor sites for exploits

We dislike dealing with exploited websites. A common cause is "the long forgotten outdated install from a web developer who left years ago. hoping works forever". Public facing services need to be kept updated in order to remain secure, so … Continue reading

Posted in HOWTO, Security | Tagged , , , | Comments Off on Monitor sites for exploits

Keeping WordPress secure

According to Wikipedia, "WordPress is the most popular blogging system in use on the Web, at more than 60 million websites."  It's also the most commonly installed blogging system on our customers' servers, and we use it to run the … Continue reading

Posted in HOWTO, Rimuhosting, Security | Tagged , , , , | Comments Off on Keeping WordPress secure

deghost ridding the world of the ghost vulnerability one host at a time

As part of our mission to wipe the 'ghost' vulnerability (CVE-2015-0235) from our customers servers we have created 'deghost'. Deghost is a cross-distro script to determine the vulnerability of a libc library on a server and then patch that where … Continue reading

Posted in Rimuhosting | Tagged , | Comments Off on deghost ridding the world of the ghost vulnerability one host at a time

SSLv3 and securing against Poodle

If you are using SSL in your web server, you probably want to read this. Google recently published details about an attack that targets SSLv3. The exploit first allows attackers to initiate a “downgrade dance” that tells the client that … Continue reading

Posted in Rimuhosting, Security | Tagged , , , , , , , , | 2 Comments

Two Factor Authentication

We have just added optional two factor authentication to the RimuHosting control panel. You can enable it at http://rimuhosting.com/cp/twofactor.jsp It uses Time-based One Time Password (TOTP) so you will need an application like Google Authenticator or Authy. To enable 2FA … Continue reading

Posted in Rimuhosting | Tagged , , | Comments Off on Two Factor Authentication

Preventing brute force WordPress login attacks

Over the last month or two we have seen an increase in WordPress brute force login attacks. The symptom is typically higher CPU usage on your server (often resulting in slower page load times). It can be particularly painful on … Continue reading

Posted in Rimuhosting | Tagged , | Comments Off on Preventing brute force WordPress login attacks

Identifying exploits and exploited websites

I have made posts before regarding how to find exploits, and what to do about those previously, however it has come to my attention that some people are not even realizing what the basics are to look for. In this … Continue reading

Posted in Rimuhosting, Security | Tagged , , , , | Comments Off on Identifying exploits and exploited websites

DNS amplification DoS attacks

If you are running a DNS server, then you need to check it is not being co-opted into 'DNS amplification attacks'. Random nasty servers (typically part of virus created bot-nets) send your DNS server a short request but use a … Continue reading

Posted in Rimuhosting | Tagged , , , | Comments Off on DNS amplification DoS attacks