Restrict SSH Access by IP Address on Linux

[dfads params=’groups=-1′]

Here is how to restrict SSH access to certain IP addresses on and off your home LAN.

Edit the /etc/hosts.allow file to include these lines, assuming your home LAN is on the 192.168.4.x nonrouting IP block, and your work address is on the routing 1.1.1.x
IP block: Remember to add the period on the end of each incomplete IP number.
If you have another complete IP address or range, add a space and that range on the end.

# allow ssh login from home LAN and work LAN
sshd,sshdfwd-X11: 192.168.4. 1.1.1.x.

Edit your /etc/hosts.deny file to include this line:
sshd,sshdfwd-X11:ALL
These lines refuse SSH connections from anyone not in the IP address blocks listed.

Log out and then try logging back in to test your configuration. Good luck!

[dfads params=’groups=-1′]

How to detect a DOS / DDOS Attack on your Linux Server?

[dfads params=’groups=-1′]

While researching through website traffic problems, the first thing that came in my mind is DoS / DDoS attacks. So, I started to study about it.

What is DoS / DDoS attack? 

(Wiki Answer) : In computing, a denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a machine or network resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of efforts to temporarily or indefinitely interrupt or suspend services of a host connected to the Internet.

How to check if your Linux server is under DDOS Attack?

Login to your Linux Server and type the following command:

netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n

This command will show you the list of IP’s which have logged in is maximum number of connections to your server. It becomes more complex if the attacker use fewer connections with more number of attacking IP’s.

[dfads params=’groups=-1′]

We can check active connections to the server using the following command:

netstat -n | grep :80 |wc –l

The above command will show the active connections that are open to your server. The result may vary but if it shows connections more than 500, then you will be definitely having problems.

netstat -n | grep :80 | grep SYN |wc –l

If the result of the above command is 100 or above then you are having problems with sync attack.

Once you get an idea of the ip attacking your server, you can easily block it. Fire the following command to block specific IP:

route add ipaddress reject

Fire the following command to check whether that IP is blocked or not:

route -n |grep IPaddress

You can also block a IP with iptables on the server by using the following command.

iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT

service iptables restart

service iptables save

After firing the above command, KILL all httpd connection and than restart httpd service by using  following command:

killall -KILL httpd/apache2

[dfads params=’groups=-1′]

[Updated 12-12-2013]

In order to delete the route entry, fire the following command.

ip route delete ipaddress

[Source : https://kb.hivelocity.net/how-to-check-if-your-linux-server-is-under-ddos-attack/]

How to stop/prevent drupal registration spam?

[dfads params=’groups=-1′]

I am a web developer at IGNOU. I have been maintaining IGNOU Website ignou.ac.in since August, 2013. Yesterday, my colleague found that there were number of users automatically registered and asked me to handle the issue.

I studied the issue and found that the users registered were spam having similar kind of email addresses. I explored the internet and found a solution.

Block the offending domains:

I went to the Access Rules section in the admin panel (admin/user/rules), and added a DENY rule for each of the domains. The rule configuration takes a wildcard, so I could simply enter %@http://pray.agencja-csk.pl.

I also found that access rules functionality has been removed from the Drupal 7 core. It is now provided by the User restrictions module.

[dfads params=’groups=-1′]

Embed your latest tweets on your website the API v1.1

[dfads params=’groups=-1′]

Procedure

Side note: There are many ways to connect to Twitter, but this post isn’t about how to make authenticated calls to the API. Here, we are just going to focus on the simple display of a timeline without authentication.

  1. Log into your twitter account
  2. Go to your widget management page using https://twitter.com/settings/widgets
  3. Create your widget choosing the timeline source of your choice (user, favs, list or search)
  4. Copy and paste the code into the HTML of your site.
  5. Change the settings you are able to change (which isn’t much) to your liking (read from Client Side Options and onwards on the embedded timelines page)

Example

A simple example with a status timeline limited to 5 tweets (data-tweet-limit=”5″), a transparent background, no header, no footer (data-chrome=”nofooter noheader transparent”), and the color of my choice for the links (data-link-color=”#1BB5E0″) and borders (data-border-color=”#B5DDE8″).

 

Screenshot from 2013-08-16 17:37:39

[dfads params=’groups=-1′]