System Administration

Friday, 22 October 2021 08:54

How to fix if my IP is blacklisted by UCEPROTECT

Written by

If your IP or mailserver is blacklisted on UCEPROTECT, you don't have to worry about appearing on this

This blacklist is a scam, since they have blocked millions of legitimate IPs and request a financial amount in exchange for removing the IPs from their list.

We must be wary of blacklists where the payment of money is required for the elimination of your IP.

Many companies have already blocked the UCEPROTECT server globally as they are known for their shady tactics and false positives.

Here is an article from the well-known security company Sucuri, on this topic:

https://blog.sucuri.net/2021/02/uceprotect-when-rbls-go-bad.html

Here is another that talks about the extortion that this company was doing, as early as 2009:

http://www.securitybydefault.com/2009/12/el-negocio-de-las-listas-antispam.html

The Telefónica Group, which has tens of millions of IPs, is also listed.

For an antispam system to be reliable, it must follow fair standards agreed by the majority of trusted IPS's in all countries. These rules are summarized here:

https://www.abuses.es/docus/abuses/urln.html

If a mail server rejects your emails because your IP is on the UceProtect Spam lists, it is a mail server that does not follow the guidelines recommended globally by the main Internet mail providers, and therefore it is a totally their problem and not yours, and in which case, your server/IP are NOT responsible.

Friday, 22 October 2021 08:32

How do I fix “DMARC Policy is Not Enabled”?

Written by

If you keep coming across the prompt “ DMARC policy not enabled” for your domain, that means that your domain is not protected against spoofing and impersonation with DMARC email authentication. You may often encounter this prompt while conducting reverse DNS lookups for your domain. However, it often has an easy fix to it. Through this article, we are going to take you through the various steps you need to implement to configure DMARC and set up the right policy for your domain so that you never have to come across the “DMARC policy is not enabled” prompt again!

Configuring DMARC to Protect Against Spoofing 

DMARC, which is the abbreviation for Domain-based Message Authentication, Reporting and Conformance, is a standard for authenticating outbound email messages, to ensure that your domain is adequately protected against BEC and direct-domain spoofing attempts. DMARC works by aligning the Return-path domain (bounce address), DKIM signature domain, and From: domain, to look for a match. This helps to verify the authenticity of the sending source and stops unauthorized sources from sending emails that appear to be coming from you.

Your company domain is your digital storefront that is responsible for your digital identity. Organizations of all sizes make use of email marketing to gain reach and engage their clients. However, if your domain gets spoofed and attackers send out phishing emails to your customers, that drastically impacts not only your email marketing campaigns, it also takes a toll on the reputation and credibility of your organization. This is why adopting DMARC becomes imperative to safeguarding your identity.

In order to start implementing DMARC for your domain:

  • Open your DNS management console
  • Navigate to the records section
  • Publish your DMARC record which you can generate easily using our free DMARC record generator tool and specify a DMARC policy to enable it for your domain (this policy will specify how the receiving MTA responds to messages failing authentication checks)
  • It can take 24-48 hours for your DNS to process these changes, and you’re done!
  • You can verify the correctness of your record using our free DMARC record lookup tool after configuring it for your domain

How to Fix “DMARC Quarantine/Reject Policy Not Enabled”

When you get a warning of “DMARC Quarantine/Reject policy not enabled” or sometimes just “DMARC policy not enabled” or “ No DMARC protection” that simply indicates to your domain is configured with a DMARC policy of none that allows monitoring only.

If you are just starting out on your email authentication journey, and you want to monitor your domains and email flow to ensure smooth email delivery, then we recommend you start off with a DMARC policy of none. However, a none policy offers zero protection against spoofing, and hence you will come across the frequent prompt: “DMARC policy not enabled”, where you are reminded that your domain isn’t adequately protected against abuse and impersonation.

In order to fix this, all your need to do is modify the policy mechanism (p) in your DMARC record from p=none to p=reject/quarantine, and thereby shift to DMARC enforcement. If your DMARC record was previously:

v=DMARC1; p=none; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

Your optimized DMARC record will be:

v=DMARC1; p=reject; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

Or, v=DMARC1; p=quarantine; rua=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.; ruf=mailto:This email address is being protected from spambots. You need JavaScript enabled to view it.;

I Fixed “DMARC Policy Not Enabled”, What Next?

After resolving the “DMARC policy not enabled” prompt, monitoring domains should be a continuous process to ensure DMARC deployment doesn’t affect your email deliverability, rather improves it. DMARC reports can help you gain visibility on all your email channels so that you never miss out on what’s going on. After opting for a DMARC enforcement policy, PowerDMARC helps you view your email authentication results in DMARC aggregate reports with easy-to-read formats that anyone can understand. With this, you might be able to see a 10% increase in your email deliverability rate over time.

Moreover, you need to ensure that your SPF doesn’t break due to too many DNS lookups. This can lead to SPF failure and impact email delivery. Dynamic SPF is an easy fix to stay under the SPF hard limit as well as updated on any changes made by your ESPs at all times.

Source: 

Monday, 11 October 2021 10:52

How to Install phpredis on CentOS 8 / RHEL 8

Written by

How do I install PHP extension called phpredis (php-redis) for interfacing with Redis cluster on CentOS 8 or RHEL 8?

The phpredis extension provides an API for communicating with the Redis key-value store. This Redis client implements most of the latest Redis API. One can use php-redis to talk with Redis server or cluster. This page provides instructions on how to install and configure the phpredis on CentOS 8 or RHEL 8 for PHP version 7.4.

 

Install phpredis on CentOS 8

Let us see all commands in details.

Step 1. Install yum utils

First, we need to install yum-utils CLI compatibility layer package, type the yum command:
sudo yum update
sudo yum install yum-utils

Sample outputs:

Last metadata expiration check: 0:26:29 ago on Sat Feb 15 18:56:33 2020.
Dependencies resolved.
===============================================================================
 Package                      Arch       Version              Repository  Size
===============================================================================
Installing:
 yum-utils                    noarch     4.0.8-3.el8          BaseOS      64 k
Installing dependencies:
 dnf-plugins-core             noarch     4.0.8-3.el8          BaseOS      62 k
 python3-dateutil             noarch     1:2.6.1-6.el8        BaseOS     251 k
 python3-dnf-plugins-core     noarch     4.0.8-3.el8          BaseOS     193 k
 python3-six                  noarch     1.11.0-8.el8         BaseOS      38 k
 
Transaction Summary
===============================================================================
Install  5 Packages
 
Total download size: 608 k
Installed size: 1.3 M
Is this ok [y/N]: y


Step 2 – Enable and install EPEL repo on CentOS 8

You need EPEL repo to install redis releated files. So turn it on, run:
sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
Update and check for epel repo, run:
sudo yum -y update

Step 3 – Install remi repo for PHP 7.4 and php74-php-pecl-redis5

Execute the following commands:
sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
sudo yum -y update

Sample outputs:

 

Last metadata expiration check: 0:33:06 ago on Sat Feb 15 18:56:33 2020.
remi-release-8.rpm                              29 kB/s |  20 kB     00:00    
Dependencies resolved.
===============================================================================
 Package            Architecture Version              Repository          Size
===============================================================================
Installing:
 remi-release       noarch       8.0-4.el8.remi       @commandline        20 k
Installing dependencies:
 epel-release       noarch       8-5.el8              extras              22 k
 
Transaction Summary
===============================================================================
Install  2 Packages
 
Total size: 42 k
Total download size: 22 k
Installed size: 43 k
....

Step 4 – Set default PHP version

CentOS 8 offers various PHP versions using stream and we can see all versions with the following command:
sudo yum module list php

Let us use PHP 7.4.xx as it is supported until Noverber 2021. Run the following two commands to enable php version 7.4
sudo -y yum module reset php
sudo yum -y module enable php:remi-7.4

Sample outputs:

Last metadata expiration check: 0:04:41 ago on Sat Feb 15 19:30:48 2020.
Dependencies resolved.
===============================================================================
 Package           Architecture     Version            Repository         Size
===============================================================================
Enabling module streams:
 php                                remi-7.4                                  
 
Transaction Summary
===============================================================================
 
Complete!

Step 5 – Search for phpredis packge on CentOS 8

Now we have everything set up correctly on CentOS Linux 8 server. It is time to see what packages offered, run:
sudo yum search php-pecl-redis
sudo yum search php-pecl-redis5

Sample outputs:

============================== Name Exactly Matched: php-pecl-redis5 ==============================
php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
================================== Name Matched: php-pecl-redis5 ==================================
php70-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php71-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php72-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php73-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store
php74-php-pecl-redis5.x86_64 : Extension for communicating with the Redis key-value store

Step 6 – Installing phpredis on CentOS 8

For PHP version 7.4, we need to install the php74-php-pecl-redis5 (or php-pecl-redis5 which is selected by default when we enabled ‘php:remi-7.4’ stream ) package as follows:
sudo yum install php-pecl-redis5
Of course, you can install nginx or apache along with other PHP 7.4 modules if not installed on the server:
sudo yum install php-fpm php-common php-cli nginx php-mysqlnd php-pecl-redis5

Step 7 – Restart PHP or Nginx/Apache server

It depends upon your configuration, and you need to restart the Apache 2 or restart PHP-fpm service or restart/reload the Nginx service. Since I am using php-fpm as FastCGI process manager, I am going to use the following systemctl command:
sudo systemctl restart php-fpm.service
## OR ##
sudo systemctl reload php-fpm.service


Source:
Monday, 12 April 2021 19:57

How To Install CentOS Web Panel on CentOS 8

Written by

In this tutorial, we will show you how to install CentOS Web Panel on CentOS 8. For those of you who didn’t know, CentOS Web Panel is a free alternative to cPanel and provides plenty of features and designed for a newbie who wants to build a working hosting server easily and to take control or manage his/her server all in an intuitive web interface without having to open an SSH console. CentOS Web Panel provides Apache, Varnish, suPHP & suExec, Mod Security, PHP version switcher, Postfix and Dovecot, MySQL Database Management, PhpMyAdmin, CSF Firewall, CageFS, SSL Certificates, FreeDNS (DNS server), and many more.

 

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you through the step-by-step installation of CentOS Web Panel on a CentOS 8 server.

 

Install CentOS Web Panel on CentOS 8

Step 1. First, let’s start by ensuring your system is up-to-date.

 

sudo dnf update

Step 2. Setup Hostname.

 

Login into your server as root and make sure to set the correct hostname:

 

hostnamectl set-hostname cwp.idroot.us

Step 3. Download and Installing CentOS Web Panel.

 

After setting hostname, now download script installation Centos Web panel using the following command:

 

cd /usr/local/src

wget http://centos-webpanel.com/cwp-el8-latest

sh cwp-el8-latest

The installation script will take some time to complete, and once it’s done you will be provided with an URL to access the panel and your MySQL root password.

 

#############################

#      CWP Installed        #

#############################

 

go to CentOS WebPanel Admin GUI at http://SERVER_IP:2030/

 

http://SERVER_IP:2030

SSL: https://SERVER_IP:2031

---------------------

Username: root

Password: YOUR_PASSWORD

MySQL root Password: MYSQL_PASSWORD

 

#########################################################

          CentOS Web Panel MailServer Installer          

#########################################################

SSL Cert name (hostname): cwp.idroot.us

SSL Cert file location /etc/pki/tls/ private|certs

#########################################################

 

visit for help: www.centos-webpanel.com

Write down login details and press ENTER for server reboot!

Press ENTER for server reboot!

If the system does not reboot automatically simply type “reboot” to reboot the server:

 

reboot

Step 4. Accessing the CentOS Web Panel.

 

CentOS Web Panel will be available on HTTPS port 2031 by default. Open your favorite browser and navigate to https://your-domain.com:2031 or https://server-ip-address:2030. Login to the panel using the system’s root account. You got the password in the previous step. If you are using a firewall, please open port 2030 to enable access to the control panel.

 

Congratulations! You have successfully installed CentOS Web Panel. Thanks for using this tutorial for installing CentOS Web Panel in CentOS 8 system. For additional help or useful information, we recommend you to check the official CentOS Web Panel website.

 

Source

Tuesday, 01 December 2020 15:07

Script for detecting proxy and VPN

Written by
   $proxy_headers = array(
           'HTTP_VIA',
           'HTTP_X_FORWARDED_FOR',
           'HTTP_FORWARDED_FOR',
           'HTTP_X_FORWARDED',
           'HTTP_FORWARDED',
           'HTTP_CLIENT_IP',
           'HTTP_FORWARDED_FOR_IP',
           'VIA',
           'X_FORWARDED_FOR',
           'FORWARDED_FOR',
           'X_FORWARDED',
           'FORWARDED',
           'CLIENT_IP',
           'FORWARDED_FOR_IP',
           'HTTP_PROXY_CONNECTION'
       );
       foreach($proxy_headers as $x){
           if (isset($_SERVER[$x])) die("You are using a proxy!");
       }
Saturday, 26 September 2020 10:35

Turn On BitLocker for Fixed Drives in Windows 10

Written by

For extra protection, Windows 10 allows enabling BitLocker for fixed drives (drive partitions and internal storage devices). It supports protection with a smart card or password. You can also make the drive to automatically unlock when you sign in to your user account.

 

BitLocker was first introduced in Windows Vista and still exists in Windows 10. It was implemented exclusively for Windows and has no official support in alternative operating systems. BitLocker can utilize your PC's Trusted Platform Module (TPM) to store its encryption key secrets. In modern versions of Windows such as Windows 8.1 and Windows 10, BitLocker supports hardware-accelerated encryption if certain requirements are met (the drive has to support it, Secure Boot must be on and many other requirements). Without hardware encryption, BitLocker switches to software-based encryption so there is a dip in your drive's performance. BitLocker in Windows 10 supports a number of encryption methods, and supports changing a cipher strength.

Butlocker Drive Encryption

Note: In Windows 10, BitLocker Drive Encryption is only available in the Pro, Enterprise, and Education editions. BitLocker can encrypt the system drive (the drive Windows is installed on), and internal hard drives. The BitLocker To Go feature allows protecting files stored on a removable drives, such as a USB flash drive.

There are a number of methods you can use to turn on or off BitLocker for an internal fixed drive.

To Turn On BitLocker for a Fixed Data Drive in Windows 10,

  1. Configure the encryption method for BitLocker if required.
  2. Open File Explorer to the This PC folder.
  3. Right-click on the drive and select Turn on Bitlocker from the context menu.Enable Bitlocker For Fixed Drive
  4. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Turn on BitLocker command.Enable Bitlocker For Fixed Drive In Ribbon
  5. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption. On the right, find your internal drive or partition, and click on the link Turn on Bitlocker.Enable Bitlocker For Fixed Drive In Control Panel
  6. In the next dialog, choose a smart card or provide a password to encrypt the drive contents.Set Bitlocker Password For Fixed Drive
  7. Choose how to backup the encryption key. For example, you can print it.Save Bitlocker Key For Fixed Drive
  8. Select how much of your drive space to encrypt. For new drives, you can choose 'used disk space only'. For drives that already contain files, choose Encrypt entire drive.Bitlocker Encrypt Space For Fixed Drive
  9. Specify which encryption mode to use.
    • New encryption mode (XTS-AES 128-bit) is supported on Windows 10.
    • Compatible mode (AES-CBC 128-bit) is supported on Windows Vista, Windows 7 and Windows 8/8.1.Bitlocker Encryption Method For Fixed Drive
  10. Click on Start encrypting.Bitlocker Start Encrypting Fixed Drive

You are done. The fixed drive will be encrypted. This could take a long time to finish depending on the data size stored on the drive, and its capacity.Bitlocker Fixed Drive Encrypted

You can now check the BitLocker encryption status for the drive.

To Turn Off BitLocker for a Fixed Drive in Windows 10,

  1. Open File Explorer to the This PC folder.
  2. Right-click on the drive and select Manage BitLocker from the context menu.Disable Bitlocker For Fixed Drive
  3. Alternatively, click on Manage tab under Drive Tools in the Ribbon, then click on the Manage BitLocker command.Disable Bitlocker For Fixed Drive In Ribbon
  4. Finally, you can open Control Panel\System and Security\BitLocker Drive Encryption.
  5. On the right side of the Drive Encryption Dialog, find your fixed drive, and click on the link Turn off BitLocker.Disable Bitlocker For Fixed Drive In Control Panel
  6. Click on the Turn off BitLocker to confirm the operation.

You are done. BitLocker will decrypting the drive contents.

You can now check the BitLocker encryption status for the drive.

Also, you can disable BitLocker for an internal drive from Command Prompt or PowerShell.

To Turn Off BitLocker for a Fixed Drive from the Command Line

  1. Open a new command prompt as Administrator.
  2. Type and run the following command: manage-bde -off <drive letter>:.
  3. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: manage-bde -off D:.Bitlocker Turn Off In Command Prompt
  4. Alternatively, open PowerShell as Administrator.
  5. Type and run the following command: Disable-BitLocker -MountPoint "<drive letter>:".
  6. Substitute <drive letter> with the actual drive letter of the drive you want to decrypt. For example: Disable-BitLocker -MountPoint "D:".Bitlocker Turn Off In Power Shell

 

You are done!

Source: https://winaero.com/blog/turn-on-bitlocker-for-fixed-drives-in-windows-10/

PDF

Saturday, 25 January 2020 19:17

Convert XML to CSV with PHP

Written by

I'm using the following code to convert my XML file to a CSV format. Unfortunately, it seems to not be recognizing each entry in the XML and so the XML file ends up being blank.

<?php
$filexml='test.xml';
if (file_exists($filexml)) {
  echo 'File Exists';
$xml = simplexml_load_file($filexml);
  $f = fopen('test.csv', 'w');
  foreach ($xml->Item as $item) {
        fputcsv($f, get_object_vars($item),',','"');
  }
  fclose($f);
}
?>

An example of my XML file is below...

<Item MaintenanceType="C">
  <HazardousMaterialCode>N</HazardousMaterialCode>
  <ItemLevelGTIN GTINQualifier="UP">090127000380</ItemLevelGTIN>
  <PartNumber>0-1848-1</PartNumber>
  <BrandAAIAID>BBVL</BrandAAIAID>
  <BrandLabel>Holley</BrandLabel>
  <PartTerminologyID>5904</PartTerminologyID>
  <Descriptions>
    <Description MaintenanceType="C" DescriptionCode="DES" LanguageCode="EN">Street Carburetor</Description>
    <Description MaintenanceType="C" DescriptionCode="SHO" LanguageCode="EN">Crb</Description>
  </Descriptions>
  <Prices>
    <Pricing MaintenanceType="C" PriceType="JBR">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">462.4600</Price>
    </Pricing>
    <Pricing MaintenanceType="C" PriceType="RET">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">380.5500</Price>
    </Pricing>
    <Pricing MaintenanceType="C" PriceType="WD1">
      <PriceSheetNumber>L30779-13</PriceSheetNumber>
      <CurrencyCode>USD</CurrencyCode>
      <EffectiveDate>2013-01-01</EffectiveDate>
      <Price UOM="PE">314.4700</Price>
    </Pricing>
  </Prices>
  <ExtendedInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="CTO" LanguageCode="EN">US</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="NPC" LanguageCode="EN">A</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="HTS" LanguageCode="EN">8409914000</ExtendedProductInformation>
    <ExtendedProductInformation MaintenanceType="C" EXPICode="NAF" LanguageCode="EN">B</ExtendedProductInformation>
  </ExtendedInformation>
  <ProductAttributes>
    <ProductAttribute MaintenanceType="C" AttributeID="SKU" LanguageCode="EN">BBVL0-1848-1</ProductAttribute>
    <ProductAttribute MaintenanceType="C" AttributeID="ModDate" LanguageCode="EN">2012-12-31</ProductAttribute>
  </ProductAttributes>
  <Packages>
    <Package MaintenanceType="C">
      <PackageLevelGTIN>00090127000380</PackageLevelGTIN>
      <PackageUOM>EA</PackageUOM>
      <QuantityofEaches>1</QuantityofEaches>
      <Dimensions UOM="IN">
        <Height>7.5000</Height>
        <Width>11.0000</Width>
        <Length>12.2500</Length>
      </Dimensions>
      <Weights UOM="PG">
        <Weight>13.500</Weight>
        <DimensionalWeight>6.09</DimensionalWeight>
      </Weights>
    </Package>
  </Packages>
</Item>
$filexml='test.xml';

    if (file_exists($filexml)) 
           {
       $xml = simplexml_load_file($filexml);
       $f = fopen('test.csv', 'w');
       createCsv($xml, $f);
       fclose($f);
    }

    function createCsv($xml,$f)
    {

        foreach ($xml->children() as $item) 
        {

           $hasChild = (count($item->children()) > 0)?true:false;

        if( ! $hasChild)
        {
           $put_arr = array($item->getName(),$item); 
           fputcsv($f, $put_arr ,',','"');

        }
        else
        {
         createCsv($item, $f);
        }
     }

    }

This guide discusses how to Install and Use WPScan WordPress Vulnerability Scanner Ubuntu 18.04. WPScan, which is an acronym for WordPress Security Scanner, is a free black box vulnerability scanner written on Ruby programming language to help security professionals and blog maintainers to test the vulnerabilities on their WordPress sites. It helps unearth any vulnerability associated with WordPress themes, plugins, or any other security threat harbored on a WordPress site.

Installing WPScan Ubuntu 18.04

Prerequisites

Before you can install WordPress Security Scanner (WPScan), ensure that the following dependencies are installed.Also ensure that your system is up-to-date. This can be done by running the commands below;

sudo apt update
sudo apt upgrade
sudo apt install curl git libcurl4-openssl-dev make zlib1g-dev gawk g++ gcc libreadline6-dev libssl-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake libtool bison pkg-config ruby ruby-bundler ruby-dev -y

WPScan can either be installed fron RubyGem repositories or from sources. The former is simpler as it involves a one line command.

 

Install from RubyGem

To install WPScan from RubyGem repositories, run the command below;

gem install wpscan

You can at the same time uninstall WPScan by running the command;

gem uninstall wpscan

Install WPScan Sources

To install WPScan from sources, you first need to its Github repository.

git clone https:gem//github.com/wpscanteam/wpscan.git

Once the cloning is done, navigate to WPScan directory and run the commands below to do the installation.

cd wpscan/
bundle install
sudo rake install

Do you have patience? If you don’t, this is where might have to learn to have a little since it may take some few mins to complete the installation. If the installation is successful, you should see such an output.

...
  48) WPScan::Vulnerability behaves like WPScan::References references when references provided as array 
     # Temporarily skipped with xit
     # ./spec/shared_examples/references.rb:45


Finished in 8 minutes 54 seconds (files took 15.12 seconds to load)
17914 examples, 0 failures, 48 pending

Coverage report generated for RSpec to $HOME/wpscan/coverage. 1709 / 2006 LOC (85.19%) covered.
wpscan 3.4.0 built to pkg/wpscan-3.4.0.gem.
wpscan (3.4.0) installed.

Well, WPScan is successfully installed on Ubuntu 18.04. To obtain a description of various command line options used with WPScan, run wpscan command with -h/--help option;

wpscan -h
_______________________________________________________________
        __          _______   _____
        \ \        / /  __ \ / ____|
         \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team
                       Version 3.4.0
          Sponsored by Sucuri - https://sucuri.net
      @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
_______________________________________________________________

Usage: wpscan [options]
        --url URL                                 The URL of the blog to scan
                                                  Allowed Protocols: http, https
                                                  Default Protocol if none provided: http
                                                  This option is mandatory unless update or help or hh or version is/are supplied
    -h, --help                                    Display the simple help and exit
        --hh                                      Display the full help and exit
        --version                                 Display the version and exit
    -v, --verbose                                 Verbose mode
        --[no-]banner                             Whether or not to display the banner
                                                  Default: true
    -o, --output FILE                             Output to FILE
    -f, --format FORMAT                           Output results in the format supplied
                                                  Available choices: cli-no-color, json, cli, cli-no-colour
        --detection-mode MODE                     Default: mixed
                                                  Available choices: mixed, passive, aggressive
        --user-agent, --ua VALUE
        --random-user-agent, --rua                Use a random user-agent for each scan
        --http-auth login:password
<output cut>

Go through the whole output to see various options that can be used with wpscancommand.

Scanning for Vulnerabilities

In this guide, we are going to show you a few examples on how to perform WordPress blog vulnerability scanning. Ensure that you run the examples below against your OWN blog. It is illegal to scan other people’s sites.

Scan the whole WordPress blog

wpscan --url wordpress.example.com

WPScan can scan both http and https protocols. If not specified, it will scan http by default.

If you want to save the scanner output results in a file, use the -o/--output option.

wpscan --url http://wordpress.example.com -o scan-test

There are three detection modes in which wpscan can run against a WordPress site; passiveaggressivemixed(default).

  • The passive mode runs a non-intrusive detection i.e it sents a few requests to the server. It commonly scans the home page for any vulnerability. The passive mode is less likely to be detected by IDS/IPS solutions.
  • The aggressive mode on the other hand performs a more intrusive scan as it sents a thousand request to the server. It tries all the possible plugins even if the plugin has no known vulnerabilities linked to it. This may result in an increased load on the target server.
  • The mixed(default) mode uses a mixture of both aggressive and passive.

To specify detection mode;

wpscan --url wordpress.example.com -o test --detection-mode aggressive

Check for Vulnerable Plugins

To scan for vulnerable plugins on your WordPress blog, pass the -e/--enumerate [OPTS]option to the wpscan command where [OPTS] can be; vp (vulnerable plugins)ap(all plugins)(plugins). For example to scan for every plugin which has vulnerabilities linked to it,

wpscan --url wordpress.example.com -e vp

Check for Vulnerable Themes

Just like we used the -e/--enumerate [OPTS] option to check for vulnerable plugins, the same can be done when checking for vulnerable themes with the [OPTS] being any of the following; vt (Vulnerable themes)at (All themes)(Themes). For example to scan for themes with known vulnerabilities;

wpscan --url wordpress.example.com -e vt

Enumerate WordPress Users

To find out the users that can login to WordPress site, you would pass the -e/--enumerate u option to wpscan where u basically means the user IDs.

wpscan --url wordpress.example.com -e u

Test for Password Strength/Bruteforce Attack against a WordPress User

Once you have enumerated the usernames, you can try to perform a brute-force attack again them as shown below. This process may be a bit slower depending on the number of passwords specified in the password file (-P, --passwords FILE-PATH) and number of threads (-t, --max-threads VALUE) you are using. For example to brute-force an admin,

wpscan --url wordpress.example.com -P password-file.txt -U admin -t 50

To test for password strength for multiple users, you would use the same command above this time round without the specific username specified.

wpscan --url wordpress.example.com -P password-file.txt -t 50

Run WordPress scan in undetectable mode

To run wpscan in a stealthy mode which basically means (--random-user-agent --detection-mode passive --plugins-version-detection passive), specify the --stealthyoption.

wpscan --url wordpress.example.com --stealthy

That is all about WPScan. Feel free to explore this useful tool.  We hope this article was helpful.

SOURCE: https://kifarunix.com/install-use-wpscan-wordpress-vulnerability-scanner-ubuntu-18-04/

ClamAV, an open source antivirus engine for detecting and removing trojans, viruses, malware and other threats can easily be installed on Ubuntu to help protect your systems… You don’t usually hear antivirus and Linux in the same sentence… however, in today’s environments, viruses and malicious threats can live anywhere…

 

This brief tutorial shows students and new users how to install ClamAV on Ubuntu 16.04 / 17.10 and 18.04 systems…

 

ClamAV is by design, versatile…. it supports multiple file formats and multiple signature languages that most viruses use to exploit systems… It performs multi-threaded scans, and include a command-line utility for on demand file scanning and signatures updates..

 

When you’re ready to install ClamAV, continue with the steps below

 

On Uubntu desktop, open your terminal by press the Ctrl — Alt — T keys on your keyboard… this should open the terminal…

 

When the terminal opens, type the commands below to install ClamAV

 

sudo apt install clamav clamav-daemon

 

Now that ClamAV is installed, you can use the command line terminal to scan for viruses and malware…. to test out, run the commands below to scan your home folder…

 

clamscan --infected --remove --recursive /home

 

You should get a summary after a successful scan…

 

----------- SCAN SUMMARY -----------

Known viruses: 6541075

Engine version: 0.99.4

Scanned directories: 136

Scanned files: 401

Infected files: 0

Data scanned: 63.20 MB

Data read: 43.88 MB (ratio 1.44:1)

Time: 23.938 sec (0 m 23 s)

To scan for infected files and folder on the entire sysstem, you can run the commands below

 

sudo clamscan --infected --remove --recursive /

 

For downloading Clamav virus definitions..

sudo freshclam

The PassivePorts directive is used in the file /etc/proftpd.conf to specify a passive ports range.

  1. Connect to the Plesk server via SSH.

  2. Create /etc/proftpd.d/55-passive-ports.conf file using the following command:

    # touch /etc/proftpd.d/55-passive-ports.conf

  3. Edit file /etc/proftpd.d/55-passive-ports.conf in any text editor and place the content below as follows:

    <Global>
    PassivePorts 49152 65535 
    </Global>

    Note: Remove PassivePorts directive from /etc/proftpd.conf file if the directive is defined inside.

  4. Specify ports in /etc/proftpd.d/* files as well, if needed. See the ProFTPd documentation for more information regarding the PassivePorts directive.

  5. Next, the nf_conntrack_ftp module should be loaded into the system:

    # /sbin/modprobe nf_conntrack_ftp

    # lsmod | grep conntrack_ftp 
    nf_conntrack_ftp 13696 0 
    nf_conntrack 61684 1 nf_conntrack_ftp

  6. If Plesk Firewall is installed and enabled, specify the port range according to the KB article Unable to connect to FTP in passive mode.

    If another firewall is used to manage iptables rules, use it to allow the passive ports range.

    Otherwise, make sure that the following line exists in the iptables settings:

    # iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

  7. If a server is behind the NAT, the nf_nat_ftp module should be loaded:

    # /sbin/modprobe nf_nat_ftp

    In case if FirewallD on CentOS 7 is installed, NAT modules should be added into /etc/modules-load.d/iptables.conf

    # echo nf_nat_ftp >> /etc/modules-load.d/iptables.conf
    # echo nf_conntrack_ftp >> /etc/modules-load.d/iptables.conf

    Note: the action which involves kenel modules configuration should be performed on the barebone hardware or in the virtual machine with full hardware emuation.
    It the container is used, the same actions should be performed on a hardware node side.

  8. To keep the changes after a system reboot, the modules should be added to the IPTABLES_MODULES line in the file /etc/sysconfig/iptables-config as follows:

    # cat /etc/sysconfig/iptables-config | grep IPTABLES_MODULES
    IPTABLES_MODULES="nf_conntrack_ftp nf_conntrack ip_nat_ftp"

    Note: Because the FTP helper modules must read and modify commands being sent over the command channel, they will not work when the command channel is encrypted through use of TLS/SSL.

  9. If it is required to use TLS/SSL for FTP, the only way is to open required ports. Use Plesk Firewall extension for this, or add the rules using iptables:

    # iptables -I INPUT 2 -p tcp --match multiport --dports 49152:65535 -j ACCEPT
    # service iptables save

    Note: Ports should be opened on all firewalls in the network.

  10. Restart the xinetd service to apply changes:

    # service xinetd restart

From: https://support.plesk.com/hc/en-us/articles/213902285

 

Page 1 of 2