Mergy Dot Org Notes and Hacks From Jonathan Mergy

CategoryCybersecurity

Using fail2ban To Mitigate Excessive Apache 403, 404, 500, and 503 Attacks

I finally spent some time last weekend to address the botnets attacking my site and specifically looking for known exploits, bad WordPress plugins, and just general random stuff. I should disclaimer that messing around and systematically blocking hosts viewing your website generating 404s may or may not make sense for you. If you create a fail2ban filter, jail, and start picking off hosts that...

SSH Honeypot Cowrie Session Video

I had a ssh honeypot running a few months ago for a couple of weeks and while most session playbacks are just rapid fire scripts from bots trying to plant crypto mining software, I did have a few humans kicking around in there. I had a colleague login and kick the tires and shared the video back to him. Here is the video to give you a sense of what the ssh session looks and feels like. Disclaimer...

Fixing the fail2ban filter for Postfix unverified address / user unknown spam attacks

For whatever reason, the default distributed postfix filter I had on my fail2ban setup on ubuntu was not triggering on: 450 4.1.1 Receipient address rejected: unverified address: unknown user mail.log errors. The failregex line was in there for it, but it wasn’t hitting on the endless dictionary attack random attempts from spammer servers across the world. This was annoying because, in...

Setting up a killswitch for attacks with ufw and fail2ban on Linux

Who doesn’t love fail2ban? I know I do. If you look at logs and see the constant and acceleration of the server attacks on the internet from the massive resources across the world doing nothing but trying to takeover your servers for crypto currency mining, ransomware, or to help aid criminal phishing attacks, you’re probably using fail2ban in some form. If you are using fail2ban to...

Standard WordPress Attacks Visualized

Everyone that runs WordPress or any website knows there are thousands upon thousands of servers across the Internet doing nothing but looking for vulnerabilities and trying to hack sites. Logs directly don’t give you the sense of what is really happening in a nice visual way. An old favorite of mine, Logstalgia, is a fun way to see what all those servers trying to take you down, hack and...

Mergy Dot Org Notes and Hacks From Jonathan Mergy