Show Release Version of Ubuntu

Which Release Version of Ubuntu Do You Have?

Knowing the exact release version allows you to perform upgrades properly and lets you know about known vulnerabilities. The Ubuntu Release Schedule states that 14.04 LTS will be supported until April 2019 but 14.10 will will only be supported until July 23, 2015. Make sure you build your servers with the LTS version so you can get updates for the longest possible period. Here are the commands that tell you what version of Ubuntu you are running, along with example output:
ubuntu-releases

Ubuntu 14.10


user@somesite# uname -a
Linux somesite.com 3.16.0-28-generic #37-Ubuntu SMP Mon Dec 8 17:15:28 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

user@somesite# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.10
Release:        14.10
Codename:       utopic

user@somesite# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.10
DISTRIB_CODENAME=utopic
DISTRIB_DESCRIPTION="Ubuntu 14.10"

Ubuntu 14.04 LTS


user@somesite# uname -a
Linux somesite.com 3.13.0-77-generic #121-Ubuntu SMP Wed Jan 20 10:50:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

user@somesite# lsb_release -a
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04.3 LTS
Release:        14.04
Codename:       trusty

user@somesite# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.3 LTS"

Palo Alto Firewall Incomplete Insufficent Data Not Applicable

Sometimes when reviewing logs you’ll find the information in the application field that doesn’t intuitively make sense. Here are more detailed descriptions of the various types of failures.

Incomplete in Application Field
The three-way TCP handshake did not complete or it completed but there is no data after the handshake. This is caused by traffic that isn’t an application, or if the SYN was sent, but the SYN ACK was not received. (Far end application might not respond correctly)
Insufficent Data in Application Field
There isn’t enough information to correctly indentify the application. Palo firewalls will check their signatures and if nothing matches, this error will be the result.
Not-applicable
Data will be discarded because the service and/or port is not allowed or there is no rule allowing this service.
unknown-tcp
There is a three-way TCP handshake, but the the firewall cannot determine what application it is. A custom application is often the culprit.

How to Block XMLRPC ATTACKS in WordPress

xmlrpc.php attacks in wordpress are basically brute force password attacks. The attacks are able to get the passwords (but not usernames) for your wordpress users. Finding the username is trivial. The attackers seem not to be able to use the xmlrpc.php to do anything else besides brute force guess the passwords, but that is plenty.
In addition to brute force guessing, they take considerable resources and on a small VPS, this can act like a denial of service attack.
ishalluse

Are You a Victim of xmlrpc Brute Force Attack:


# grep xmlrpc /var/www/logs/access.log | head
46.105.8.191 - - [21/Feb/2016:14:52:29 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:30 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:31 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:32 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:33 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:34 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:35 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:36 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:37 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"
46.105.8.191 - - [21/Feb/2016:14:52:38 -0600] "POST /xmlrpc.php HTTP/1.0" 200 55161 "-" "-"

How to Block xmlrpc Attacks in Apache

This code blocks all access to xmlrpc.php.


vim /etc/apache2/apache2.conf
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

How to block xmlrpc attacks in Apache

If you want to allow certain ips to access xmlrpc.php still, you can use code like this:


vim /etc/apache2/apache2.conf
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 111.222.333.444 100.200.300.400
</Files>

brute-force-password-xmlrpc

Hardening WordPress

To further harden wordpress you should review the Hardening WordPress document.

How to Solve These 7 Common Problems With Shared Hosting

Everyone knows that VPS (virtual private server) hosting or dedicated hosting is better than shared hosting, but not everyone knows exactly why. This articles attempts to briefly explain some of the reasons you shouldn’t run a business website (we think any website), on a shared hosting plan.
Continue reading “How to Solve These 7 Common Problems With Shared Hosting”

Remove WordPress Revisions


DELETE a,b,c
FROM wp_posts
a LEFT JOIN wp_term_relationships
b ON (a.ID = b.object_id) LEFT JOIN wp_postmeta
c ON (a.ID = c.post_id) WHERE a.post_type = 'revision'

Site Wide Limiting of Revisions in wp-config.php:


define('WP_POST_REVISIONS', false);
//or if you want 1 revision:
define('WP_POST_REVISIONS', 1);

note that you cannot delete all inherits in the wp_post status because each attachment inherits it’s short codes from the published article. If I publish id 271, then have 3 attachments, they’ll be numbered 272, 273, 274