Web server maintenance is an indispensable part of hosting. You need preventive security audits and addins.

Ubuntu / WordPress Server Maintenance

This post aims to cover the points I currently think are important if you are running your own web server. 

Security Patches

I would place a monthly reminder in your calendar to run updates on your server. This is a task that can maybe be automated, but, I haven't found a good way yet. You should run these commands:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

Tips For Basic Operational Security

You should not allow the public to access your parts of the web server with statistics, i.e. Webalizer. I've seen viagra sites just ping your site to get their URL appearing in your statistics, which in turn then gets Googled and ranked. 

If you are going to install a tool like phpMyAdmin, which I wouldn't, then you should make sure only your IP can access the server or/and increase the security by password protecting the directory using "Basic Auth".

If you use WordPress then you should have a security addin to help harden your site. I use "ShieldSecurity" which I like and would recommend. I find it alarming to see that after 420 days of operating my site there have been 20'000+ logins blocked. 

20000+ login blocks in 420 days operation

When you create administrator accounts for your WordPress site. I would make the username something random. The password needs to be long and your security plugin should definitely offer reCAPTCHA or other means to slow the automated attacks. 

Google ReCaptcha For Securing WordPress Logins

Pentest Your Site 

Luckily there are tools out there that you can try for free. If you have an online shop, this is the best 50$ you could invest ever! Head on over to https://pentest-tools.com and check your site.

List of some high risk vulnerabilities on a Apache webserver.

If you see any High-Risk warnings, you must take immediate action. In this example, I was surprised myself, as I had done the apt updates and upgrades on my Ubuntu server. Well, they have a six-month release cycle. Critical bug fixes do make it sooner but still take time. The solution to this is the Personal Package Archive (PPA). This is a repository, provided by Canonical (the company behind Ubuntu) and allows developers and enthusiasts to offer up-to-date versions of software to all Ubuntu users.

sudo add-apt-repository ppa:ondrej/apache2
sudo apt update
sudo apt upgrade

Before adding any old PPA I would suggest first investigating them a little. In this case Ondrej you'll find listed on the list of maintainers https://packages.ubuntu.com/cosmic/apache2 

Web Server Logs

Seeing evidence in the logs that hackers are trying to hack doesn't mean you have been hacked. I would venture a look every now and then. For an apache server they are typically found under the /var/logs/apache2 directory..

If you're on AWS like me, you will need to Putty or SSH on to the server and navigate to where the log files are found. Maybe you have a lot of log files too, but don't worry I have a trick to help you scan them. 

List of log apache log files in /var/logs/apache2 directory

The following command can scan the GZ compressed files for keywords. In this example its wp-admin area.

find -name access.log.\*.gz -print0 | xargs -0 zgrep "wp-admin"

log of hackers calling  /wp-admin/setup-config.php?step=0

You can see someone is testing the server if they can run the setup wizard.

A surefire indication you have hackers probing  or even hacked your server is seeing loads of entries with URLs ending .RU like this

"http://viagra-blah-blah.ru/

General keywords I might look for in my logs include

  • .cgi
  • wp-admin
  • admin
  • 404
  • passwd
  • .tables

Want to learn to dig deeper, then have a look at the following blog "Looking for hacking activity in Apache Logs"

When you add ShieldSecurity it will guide you through setup using its wizard. Two important features are automated updates, which ensures your WordPress is running using the latest patches and the login protection. I choose to add the Google ReCapture   

Neil

Leave a Reply

Your email address will not be published. Required fields are marked *