Contents
- 1 WordPress – prevent unauthorized admin logins
- 2 AWS: ssh to a server with private IP only
- 3 NTP sync in a domain environment
- 4 Ubunty 18 – DNS
- 5 Ubuntu 18 – Change hostname
- 6 Change Windows password from command line prompt
- 7 FreeBSD vmtools in vCenter
- 8 FreeBSD change from DHCP to static IP, default gateway and DNS
If you have a WordPress blog, you probably know that there are tons of attempts from users/scripts to try to take over your blog and post spam. There are a lot of plugins there that can take care of different security aspects, but by far, this simple solution works best for me.
It prevents anyone except white listed IPs to access your login page. Instead they’ll get error 404, page not found. The only problem is that you can’t have your own user base. So, if someone wants to post a comment, it can’t be a user registered on your blog. I use the Social Login plugin that allows users to login and register with one click on this blog, using their own social network’s logins.
Anyway, you need mod_rewite installed on your web server. Look for this line and if it’s commented, remove the # and reload the config.
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
In the root of your blog, edit the .htaccess file and make sure it looks like this.
In my example, I have only two IPs allowed that can access the wp-login page. The rest will get page not found when accessing wp-login.php or wp-admin.
ErrorDocument 401 /index.php?error=404
ErrorDocument 403 /index.php?error=404
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^198.16.3.247$
RewriteCond %{REMOTE_ADDR} !^24.184.123.233$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
# BEGIN protect xmlrpc.php
<files xmlrpc.php>
order allow,deny
deny from all
</files>
# END protect xmlrpc.php
AWS: ssh to a server with private IP only
I was playing with some servers in AWS. One of them had a public IP, but the second one had a private IP only. In order to access the 2nd server with private IP only, open up the key that was given to you for the 2nd server by AWS in PEM format in your favorite text editor. Select the text and copy it to the clipboard. The key looks like this. This key should belong to the 2nd server.
Now, log to the first server with the public IP as ec2-user.
Create a new file with nano or vi and paste the content. Save it as some_file.pem.
Change the permissions.
chmod 600 some_file.pem
Then log to the 2nd server with the private IP.
ssh -i some_file.pem <internal_IP>
NTP sync in a domain environment
On the PDC domain controller.
w32tm /config /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /syncfromflags:manual /reliable:yes /update
On all other DCs.
w32tm /config /syncfromflags:domhier /update
Resync manually.
w32tm.exe /resync /rediscover
Check the status.
w32tm /query /status
Ubunty 18 – DNS
First, configure the YAML file /etc/netplan, do netplan apply and then…
sudo rm -f /etc/resolv.conf sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Ubuntu 18 – Change hostname
hostnamectl set-hostname <new_hostname>
Edit /etc/cloud/cloud.cfg and replace preserve_hostname: false to true
Change Windows password from command line prompt
Open up PowerShell/CMD with admin privileges and type:
net user username new_password
FreeBSD vmtools in vCenter
If you want to install VMWare Tools in FreeBSD running in vCenter, install this package.
pkg -y install open-vm-tools-nox11
If you want the full tools that cover X11, install open-vm-tools without “-nox11” suffix in the above command.
FreeBSD change from DHCP to static IP, default gateway and DNS
Edit /etc/rc.conf and you’ll see a ifconfig DHCP assignment somewhere. Change the DHCP keyword with your static IP and netmask and don’t forget the default gateway.
ifconfig_vmx0="inet 192.168.1.11 netmask 255.255.255.0" defaultrouter="192.168.1.1"
The DNS settings are under /etc/resolv.conf.
