The quickest way to find brute force attackers on a server using Netstat
Step 1. Identify the bastard: netstat -an | grep ‘:443’ | grep ESTABLISHED | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq
Security
How to recognise and outbound attackers and a website compromise
Platforms: Outdated CentOS 7 Virtualmin Client suddenly added to 8 block lists visible on MX Toolbox. Server’s top shows many users of the same name.
Proxmox Firewall Primer
Background Sooner rather than later your servers and routers will be attacked. This is especially so if you run a large network (>100 servers), and
KernelCare Broken Warnings and Looping about Free Symlink Protection on WHM/cPanel servers
On a cPanel server you may see this warning: You’ll notice the link “Add KernelCare’s Free Symlink Protection” but clicking it bring up either a
Finding an active PHP attacker / hacker on a cPanel shared server with many subdomains
Background cPanel has this lovely feature where you can use one site and then create many more sites below public_html. This is all fine and
Emails from StandardBank.co.za to a cPanel hosted server fails with bodyhash_mismatch – DKIM issues
cPanel bodyhas_mismatch Emails from StandardBank.co.za to a cPanel hosted server fails with bodyhash_mismatch – DKIM issues Email from standardbank.co.za might fail with bodyhash_mismatch. Since it’s
How to test SSL ports HTTPS, 465, 587, 995 and 993 using openssl
Introduction Fixing certificate problems can be really hard, but not if you have the right tools. Let’s do a quick exercise for HTTPS: Port 443
Centralized Security software list for multiple WordPress installations
Keeping tabs on WordPress security is super important. But what if you have 10s or even 100s of sites? How would you do that? Here
How to mitigate the extremely popular xmlrpc.php XML-RPC attack on WHM hosted WordPress servers
WordPress Is a Security Hole WordPress is a convoluted mess of security holes. Every year millions of WordPress websites are attacked because of the poor
Connection from [a.b.c.d]… refused: too many connections and Exim
At times your Exim server might be overwhelmed: 2023-11-09 12:04:05 Connection from [188.234.244.30]:3802 refused: too many connections Your server is most likely under attack. Check