“Profitability is a necessary condition for existence and a means to more important ends, but it is not the end in itself for many of the visionary companies. Profit is like oxygen, food, water, and blood for the body; they are not the point of life, but without them, there is no life.”
–Built to Last: Successful Habits of Visionary Companies

I have two weapons I use when creating my webpages. I use these Firefox plugins primarily to make sure my pages load lightning fast.
Web Developer - I use it mostly as an easy way to inspect my pages (as well as pages of others.) It is also an easy way to tweak and test your css code.
Firebug - I love this one for a single feature it has. Install it and check out the “Net” tab. It will show you all of the items loaded when you visit a page. It will also tell you the load time for each item as well as for the entire page.

Take a moment and install them. You’ll need them for my next post on how to tweak your webserver or php code to serve up your pages lightning fast.

Here I am, peacefully working at my computer when I’m interrupted by a text message on my phone:

** PROBLEM alert - someserver.somewhere.com/SSH is CRITICAL **

That’s not a good thing. Hoping it’s a false alert, I try to ssh in. No luck. I try again. Still no luck. And a third time, Yes! I’m in. Let the troubleshooting begin.

I check to see what processes are running and sure enough, I find a culprit. There are a ton of sshd processes going. I take a look at auth.log and it’s full of “Failed password for root from 218.145.160.100 port 55739 ssh2″ messages (about 9,000 of them.) Here’s what’s going on: someone is trying to login to the server most likely by trying a bunch of passwords in a brute force attack. A brute force attack consists of trying every possible password until you find the right one. The attack doesn’t really concern me since I don’t allow password logins on most of the servers I manage. The excessive login attempts are a little annoying.

One command later and all traffic from that IP address drops into oblivion.

iptables -A INPUT -s 218.145.160.100 -j DROP

With that band-aid applied, it’s time to get something better in place for the long term. A while back there was some discussion about preventing or slowing down such attacks on the SLLUG email list and some people posted scripts they use to deal with it. Here is my current version of one of those scripts:

#!/bin/bash
case "$1" in
start)
# Put IP addresses for allowed hosts into this, separated by spaces.
SSH_ALLOWED="123.45.67.89 98.76.54.32"

*)
echo "Usage: $0 {start|stop}" >&2
exit 1
;;
esac

This is an init script, so I put it in my /etc/init.d directory and set it up to run when the server boots up. What it does is only allows 5 SSH connection attempts per minute based on the source’s IP address. From there, it blocks and logs any connection attempts. Two words of warning when working with IP tables; be careful. It’s very easy to block yourself from accessing your own server. I’ve done this more times than I care to mention and had to take a drive to the datacenter or call their helpdesk to make things available again.

Another WordPress security update was released recently. Since I maintain about 10 wordpress installations on one of my servers, I wanted an easier way to update them.
(more…)

jessionid, it makes for ugly URLs and can hurt your search rankings. Sure, it’s not technically our problem that the search engines don’t handle them correctly. But since many of us get a good chunk of revenue from the search engines, we get to deal with it. Let me clarify, the site I’m currently working on doesn’t require session tracking to display its informational pages. Besides that, what “normal” user doesn’t have cookies enabled anyway.
(more…)