SSH, SASL, Hackers, and more…

SSH (Port 22 if you haven’t moved it) and the SASL mail authentication will get hammered with Brute force attacks on a regular basis if a system is available on the Internet.  However, there are ways to mitigate these attacks…

Fail2Ban for Linux bases systems does an excellent job of stopping these kinds of attacks.  These instructions are for installing fail2ban on a Ubuntu Server 14.04.

From the Command-Line and a sudo authorized account:

Sudo apt-get update

sudo apt-get install fail2ban

Copy the Config file: sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

Edit the Config: vi or nano /etc/fail2ban/jail.local

Bantime is defaulted to 600 seconds (10 Minutes), I prefer 1200 (20 minutes) or 1800 (30 Minutes) since most clients that trigger the ban are well deserving.

Maxretry defines how many attempts in Findtime (600 Seconds or 10 Minutes) a user can try to login before triggering the ban.  3 attempts in 10 minutes is a great qualifier for a web server, if its a server in a production environment that has multiple users leveraging ssh, you may want to raise the attempts.

You can then turn fail2ban on for other web services towards the bottom of the configuration file.


Shellshock Patch

Symptoms: Your system is susceptible to the Shellshock Patch, unless you have updated in the last two weeks, this is probably the case.  This article applies to Linux based systems.

Solution:  In Ubuntu, run sudo apt-get update, then run sudo apt-get install bash.  This will update your system against the latest vulnerability.

If you are using centos, use yum.

Connection reset by peer: mod_fcgid: error reading data from FastCGI server

Symptoms: The following errors are found in the web server error logs:

Connection reset by peer: mod_fcgid: error reading data from FastCGI server

Premature end of script headers: index.php

Solutions:  This is one of those frustrating errors that can take a long time to fix and may be dependent on multiple problems.  The solution that worked in my case was adding:

ini_set(‘zend.enable_gc’, 0); <<Below the <?php tag in the index.php

Why does this work?  There are known conflicts between zend and APC, if both are installed you may receive the above error, adding the above code into your php file should resolve your issue.

Other possible solutions:  Modify your php.ini to increase max_execution_time, post_max_size, and max_input_time :: IMPORTANT – Make sure you maintain a limit, no limit could result in massive resource usage.

Magento: Call to undefined function mcrypt_module_open()

Problem: Magento Shopping cart displays blank page when items are clearly in the cart. Server Error log will display the following message: Call to undefined function mcrypt_module_open()

Solution: PHP mcrypt() Module is not installed, install mcrypt to resolve this issue.

To install mCrypt for PHP5 on your Ubuntu Linux system:

sudo apt-get install php5-mcrypt

Then restart Apache with:

sudo /etc/init.d/apache2 restart

Additionally, this problem can present itself in the admin panel as blank pages that don’t resolve, and it also throws a function error on every login.

Plesk: DNS Server installed but Bind9 won’t load

Symptom: Plesk 11 comes installed with Bind9 but the DNS Server will not start.

Solution: There is a known conflict with apparmor in Ubuntu 10.04 LTS

1. sudo /etc/init.d/apparmor stop

2. Add the following to the apparmor profile: /etc/apparmor.d/usr.sbin.named

# plesk runs bind in chroot, need perms
/var/named/run-root/** rw,

3. sudo /etc/init.d/bind9 start

4. sudo /etc/init.d/apparmor start

5. sudo /etc/init.d/psa stop

6. sudo /etc/init.d/psa start

Bind9 / DNS Service should now be enabled in the control panel.