WordPress – prevent unauthorized admin logins
If you have a WordPress blog, you probably know that there are tons of attempts from users/scripts to try to take over your blog and post spam. There are a lot of plugins there that can take care of different security aspects, but by far, this simple solution works best for me.
It prevents anyone except white listed IPs to access your login page. Instead they’ll get error 404, page not found. The only problem is that you can’t have your own user base. So, if someone wants to post a comment, it can’t be a user registered on your blog. I use the Social Login plugin that allows users to login and register with one click on this blog, using their own social network’s logins.
Anyway, you need mod_rewite installed on your web server. Look for this line and if it’s commented, remove the # and reload the config.
LoadModule rewrite_module libexec/apache24/mod_rewrite.so
In the root of your blog, edit the .htaccess file and make sure it looks like this.
In my example, I have only two IPs allowed that can access the wp-login page. The rest will get page not found when accessing wp-login.php or wp-admin.
ErrorDocument 401 /index.php?error=404
ErrorDocument 403 /index.php?error=404
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^198.16.3.247$
RewriteCond %{REMOTE_ADDR} !^24.184.123.233$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
# BEGIN protect xmlrpc.php
<files xmlrpc.php>
order allow,deny
deny from all
</files>
# END protect xmlrpc.php
AWS: ssh to a server with private IP only
I was playing with some servers in AWS. One of them had a public IP, but the second one had a private IP only. In order to access the 2nd server with private IP only, open up the key that was given to you for the 2nd server by AWS in PEM format in your favorite text editor. Select the text and copy it to the clipboard. The key looks like this. This key should belong to the 2nd server.
Now, log to the first server with the public IP as ec2-user.
Create a new file with nano or vi and paste the content. Save it as some_file.pem.
Change the permissions.
chmod 600 some_file.pem
Then log to the 2nd server with the private IP.
ssh -i some_file.pem <internal_IP>
NTP sync in a domain environment
On the PDC domain controller.
w32tm /config /manualpeerlist:"0.us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org" /syncfromflags:manual /reliable:yes /update
On all other DCs.
w32tm /config /syncfromflags:domhier /update
Resync manually.
w32tm.exe /resync /rediscover
Check the status.
w32tm /query /status
Ubunty 18 – DNS
First, configure the YAML file /etc/netplan, do netplan apply and then…
sudo rm -f /etc/resolv.conf sudo ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
Ubuntu 18 – Change hostname
hostnamectl set-hostname <new_hostname>
Edit /etc/cloud/cloud.cfg and replace preserve_hostname: false to true
Change Windows password from command line prompt
Open up PowerShell/CMD with admin privileges and type:
net user username new_password
FreeBSD vmtools in vCenter
If you want to install VMWare Tools in FreeBSD running in vCenter, install this package.
pkg -y install open-vm-tools-nox11
If you want the full tools that cover X11, install open-vm-tools without “-nox11” suffix in the above command.
FreeBSD change from DHCP to static IP, default gateway and DNS
Edit /etc/rc.conf and you’ll see a ifconfig DHCP assignment somewhere. Change the DHCP keyword with your static IP and netmask and don’t forget the default gateway.
ifconfig_vmx0="inet 192.168.1.11 netmask 255.255.255.0" defaultrouter="192.168.1.1"
The DNS settings are under /etc/resolv.conf.
Find Wireless (WiFi) password
netsh wlan show profile <SSID> key=clear
Install git 2 on CentOS 7 from source
yum -y groupinstall "Development Tools" yum -y install gettext-devel openssl-devel perl-CPAN perl-devel zlib-devel wget wget https://github.com/git/git/archive/v2.23.0.tar.gz -O /tmp/git.tgz cd /tmp tar xzvf git.tgz cd git* make configure ./configure make install cd /tmp rm -Rf git*
Use git with a private key and no password
Anytime you push, clone or pull a repo, you’ll get prompted for a password which is kind of annoying. Do this to use a private key access and never get prompted for a password again. On your Linux workstation, make changes in line 2 and 3 and do:
cd git config --global user.name "Kliment Andreev" git config --global user.email "[email protected]" ssh-keygen -t rsa -b 4096 cat .ssh/id_rsa.pub
Go to GitHub, in the upper-right corner click on the avatar, choose Settings and then SSH and GPG keys. Click to add a key, name it and paste the output from the ssh-keygen command above.
You have to change the remote origin to use SSH instead of HTTPS.
git remote set-url origin [email protected]:<github_username>/<github_repo>
vi – use spaces instead of tabs
Add this to ~/.vimrc
set tabstop=2 shiftwidth=2 expandtab
Replace tabs with spaces in vi
:%s/\t/ /g
Replace tabs with spaces in files
sed -i 's/\t/ /g' *
S3 bucket policy for static web hosting
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "PublicReadGetObject",
"Effect": "Allow",
"Principal": "*",
"Action": [
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::example-bucket/*"
]
}
]
}
Ansible execute playbook locally
ansible-playbook --connection=local --inventory 127.0.0.1, ansible.yml
Import AWS key from another region
Best practice is to have separate keys for all instances, but if you need “one key to rule them all” instances, you have to create a public key from your private key and import it in AWS keys.
Let’s say your private key is something.key.
ssh-keygen -y -f something.key > something.pem
Now, cat out the pem file and paste it under AWS key import.
