Postfix spam attack

Discussion in 'Server Operation' started by fernandoch, Oct 30, 2019.

Tags:
  1. fernandoch

    fernandoch Member HowtoForge Supporter

    And any tool to check the database?
     
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    ISPProtect can check also the database.
     
  3. fernandoch

    fernandoch Member HowtoForge Supporter

    Is it a good idea to not allow apache to write to disk?
    To only enable writing when I want to update Wordpress?
    Or is that a bad idea?
     
  4. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Not much relevance to the topic of this thread. You should start new thread when asking about something completely different.
    How did you plan to prevent Apache from writing to disk? I mean, Apache and Wordpress need to write to work properly.
     
  5. fernandoch

    fernandoch Member HowtoForge Supporter

    To prevent another hack, why do you feel it is irrelevant?
     
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    I did not write irrelevant.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Personally, I won't do that. In the end, you will probably postpone installing updates over the long run. Better install updates instantly, use security plugins like wordfence and in general, install only active and maintained plugins and themes to ensure that you get security updates.
     
  8. adamjedgar

    adamjedgar Member

    I am a little late in on this however I use and develop with Wordpress a lot. It cannot be stressed enough how important it is to harden Wordpress and absolutely always keep BOTH the CMS itself, AND all themes and plugins updated. So many people think all they have to do is update Wordpress and leave it at that. Wordpress and themes/plugins are different entities. Just updating Wordpress does not update all themes and plugins.

    Ialso agree with what Till says, use Wordfence. It is one of the best options for securing your website. Also, I thought I saw a mention about post comments in Wordpress...if possible restrict these to "manually approved" if you can. Ensure all contact forms use captcha, change your wp-login and wp-admin URLs, set Wordfence to auto-ban attempts to access them (only after you whitelist your own **"static" IP address so you don't ban yourself)...there is a whole range of really decent inbuilt ways to harden Wordpress from Wordfence. Wordfence also has a self-learning mode which is worth giving a shot too. You can also use Wordfence to check the Wordpress CMS itself (as well as many theme and plugin files) against its own generic databases to detect any malicious file changes in them. Wordfence is also capable of warning you via email of any file changes (although this will warn even when legit updates are performed which can be a bit annoying)

    Finally, use Jetpack...it has some really good stuff available for helping administer WordPress and well worth having on board.

    (Offtopic but I feel is important anyway even if only for newbies who might read this)
    **Static IP address - If you dont have one, sign up with your home/office ISP (internet service provider) for a static ip address. as an example of cost, here in Australia costs me $10 per month...its a must for administering any web servers). Then use your VPS network provider firewall to restrict SSH port access to that static IP address
     

Share This Page