Web server maintenance is an indispensable part of hosting. You need preventive security audits and addins. Blog

Ubuntu / WordPress Server Maintenance

This post aims to cover the points I currently think are important if you are running your own web server. 

Security Patches

I would place a monthly reminder in your calendar to run updates on your server. This is a task that can maybe be automated, but, I haven't found a good way yet. You should run these commands:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

Tips For Basic Operational Security

You should not allow the public to access your parts of the web server with statistics, i.e. Webalizer. I've seen viagra sites just ping your site to get their URL appearing in your statistics, which in turn then gets Googled and ranked. 

If you are going to install a tool like phpMyAdmin, which I wouldn't, then you should make sure only your IP can access the server or/and increase the security by password protecting the directory using "Basic Auth".

If you use WordPress then you should have a security addin to help harden your site. I use "ShieldSecurity" which I like and would recommend. I find it alarming to see that after 420 days of operating my site there have been 20'000+ logins blocked. 

20000+ login blocks in 420 days operation

When you create administrator accounts for your WordPress site. I would make the username something random. The password needs to be long and your security plugin should definitely offer reCAPTCHA or other means to slow the automated attacks. 

Google ReCaptcha For Securing WordPress Logins

Pentest Your Site 

Luckily there are tools out there that you can try for free. If you have an online shop, this is the best 50$ you could invest ever! Head on over to https://pentest-tools.com and check your site.

List of some high risk vulnerabilities on a Apache webserver.

If you see any High-Risk warnings, you must take immediate action. In this example, I was surprised myself, as I had done the apt updates and upgrades on my Ubuntu server. Well, they have a six-month release cycle. Critical bug fixes do make it sooner but still take time. The solution to this is the Personal Package Archive (PPA). This is a repository, provided by Canonical (the company behind Ubuntu) and allows developers and enthusiasts to offer up-to-date versions of software to all Ubuntu users.

sudo add-apt-repository ppa:ondrej/apache2
sudo apt update
sudo apt upgrade

Before adding any old PPA I would suggest first investigating them a little. In this case Ondrej you'll find listed on the list of maintainers https://packages.ubuntu.com/cosmic/apache2 

Web Server Logs

Seeing evidence in the logs that hackers are trying to hack doesn't mean you have been hacked. I would venture a look every now and then. For an apache server they are typically found under the /var/logs/apache2 directory..

If you're on AWS like me, you will need to Putty or SSH on to the server and navigate to where the log files are found. Maybe you have a lot of log files too, but don't worry I have a trick to help you scan them. 

List of log apache log files in /var/logs/apache2 directory

The following command can scan the GZ compressed files for keywords. In this example its wp-admin area.

find -name access.log.\*.gz -print0 | xargs -0 zgrep "wp-admin"

log of hackers calling  /wp-admin/setup-config.php?step=0

You can see someone is testing the server if they can run the setup wizard.

A surefire indication you have hackers probing  or even hacked your server is seeing loads of entries with URLs ending .RU like this

"http://viagra-blah-blah.ru/

General keywords I might look for in my logs include

  • .cgi
  • wp-admin
  • admin
  • 404
  • passwd
  • .tables

Want to learn to dig deeper, then have a look at the following blog "Looking for hacking activity in Apache Logs"

When you add ShieldSecurity it will guide you through setup using its wizard. Two important features are automated updates, which ensures your WordPress is running using the latest patches and the login protection. I choose to add the Google ReCapture   

website monitoring using AWS Lambda functions Blog

Website Status Checking Using AWS Lambda

Every time I work on my website either updating WordPress or changing the theme, I seem to lose my the code snippet for tracking my web traffic. So when I go to look at the statistics it regularly has been showing no data, 0 active users. So, in this blog, I’m going to detail how to create an alert system, so you can get an Email or SMS notification. The monitoring system I am detailing has 2 programs, one to check the website is available and the other sends an alert it the code for traffic analysis is missing.

A Google Analytics page showing no data.

Login to AWS

You will need an Amazon AWS account before you can access the https://aws.amazon.com/console/

If you have not used AWS before, then the very first thing you will want to do is choose your region. I recommend using a location that is very close to your website or if you are like me and hosting on Amazon, then in the same region. If you want to send SMS notifications, then you may have no choice but to choose another region that is supporting SMS.

In AWS you must first decide which region you are going to work in.

Step 1: Setup The Notifications

Search for and go into the Amazon Simple Notification Service (SNS).

You can get started with Amazon SNS in minutes by using the AWS Management Console. Search for SNS.

If it is your first time here you will see an introduction screen, just click on the blue “getting started” button, then create the topic.

In SNS click on create topic.

You want to create 2 new topics

  • website-offline
  • missing-analytics

You will be prompted for the “topic name” and if you want to setup SMS notification, then you need to come up with a 10 character “display name” too.

Create a new topic has 2 fields to fill out.

To get email notifications you’ll need to subscribe to the notification topic.

Click on the SNS create topic button.

Note Frankfurt currently doesn’t support SMS. Choose the “protocol” Email and provide an address that will be used to get notifications.

Choose email and provide your the address that will receive notifications.

You will need to go into your Email account and click on the subscribe button.

Confirming an SNS service email subscription.

The final step is to set up permissions to allow the Lambda, which will be checking the website. This is an important step or you will be getting AuthorizationErrorException messages, which actually lead to me wanting to write this article. It seems this setup is so trivial that nobody seems to have written about it in some time. I am actually also learning by documenting this and you can see I below I just give Everyone on the AWS account access. If you have a larger organisation, this might not be such a good idea.

In the edit topic policy dialog you need to select 'Everyone' under the basic view -> Allow these users to publish messages to this topic.

You might also want to allow other users to subscribe, in which case you’ll be adapting the settings under “allow these users to subscribe to this topic”.

I’ve only screen provided screenshots for setting up one topic. So repeat the above steps until you have both ready.

Step 2: Setup Lambda Functions

The two programs you’ll need can be found in my GitHub repository https://github.com/neilspink/aws-lambda-website-status-checking

Using the console search for “Lambda”

In the AWS Management Console search for Lambda.

In the Lambda management console, you now create new Lambda functions

  • website-offline
  • missing-analytics

In the Lambda management console click on create function.

When you create the first function you’ll also need to create a new custom role. This would be used to give your Lambda function permissions to do things on your account. We just need a blank one for this time.

Provide the function name and set hte languagr which is Python 2.7

When you choose ‘create a custom role’ you should immediately see the following screen, where you need to provide a good name for your role.

Create a role named lambda-website-checker and click the done button

Click on the create the function button and you’ll be looking at the Lambda editor, which can initially be overwhelming. When you see this JUST Scroll down.

The AWS lambda function editor

Then you can copy and paste in the Python script from https://github.com/neilspink/aws-lambda-website-status-checking (click on RAW view of the files when you want to copy)

Copy paste in your code and save.

Click SAVE and then we can test it.

A Lambda function can be given input parameters, we don’t need any, but still need one.

You first need to create a test event

We will just remove all the sample data; key 1 – 3. and click the create button found at the botton of the screen.

Remove sample data in test data dialog

Now we are ready to run a test and hopefully now see in the execution results “Website Is Alive!” ?  (Do leave a comment if you have problems)

Finally you can run a test

Create your next function and then we can do the third and final step.

Step 3: Schedule Monitoring

Using the console search for “CloudWatch”.

Search for AWS CloudWatch

Then you can create a new rule.

Select rules and create

The final task is to you have to do is define the schedule and select your Lambda function.

Define the schedule and choose the lambda function

Now repeat for the other function and your done.

Summary

Let me know if you have any difficulties or problems in the comments below, then I can maybe improve the instructions here. I also recorded this as a video here https://youtu.be/25LmRQE904w