{"id":257,"date":"2016-05-18T03:04:39","date_gmt":"2016-05-18T03:04:39","guid":{"rendered":"http:\/\/softinite.com\/?p=257"},"modified":"2016-05-18T03:06:17","modified_gmt":"2016-05-18T03:06:17","slug":"softinite-com-under-attack-part-ii","status":"publish","type":"post","link":"http:\/\/softinite.com\/?p=257","title":{"rendered":"Softinite.com under attack Part II"},"content":{"rendered":"<p>Short time after cleaning up the infection, the attacks renewed, bringing down the website on periodical basis.<\/p>\n<p>After some digging, it looked like some Chinese based IPs were hitting xmlrpc.php on port 80 and brute forcing ssh on 22.<\/p>\n<p>This information was revealed using &#8216;tcptrack -i eth0&#8217; and &#8216;grep sshd \/var\/log\/*&#8217;.<\/p>\n<p>&#8216;http:\/\/www.ipvoid.com&#8217; has also been useful in investigating various IPs.<\/p>\n<p>It seemed critical to start ufw, but how does one do that over ssh and make sure not to lock him\/her-self out?<\/p>\n<p>&#8216;ufw status&#8217; will not be of much use when disabled.<\/p>\n<p>&#8216;ufw show added&#8217; saved the day &#8211; helping to make sure port 22 will remain open when activating the firewall.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Short time after cleaning up the infection, the attacks renewed, bringing down the website on periodical basis.<\/p>\n<p>After some digging, it looked like some Chinese based IPs were hitting xmlrpc.php on port 80 and brute forcing &#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[13],"tags":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7uKYI-49","_links":{"self":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/257"}],"collection":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=257"}],"version-history":[{"count":4,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/257\/revisions"}],"predecessor-version":[{"id":261,"href":"http:\/\/softinite.com\/index.php?rest_route=\/wp\/v2\/posts\/257\/revisions\/261"}],"wp:attachment":[{"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=257"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/softinite.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}