4 Nov
2019
4 Nov
'19
5:51 p.m.
Hi All,
I have had a user complain they got no response from a website on my
VPN. It appears that from about 9:07 until after 9:44 my front-end
(nginx) could not talk to the back-end (php). It cleared before I became
aware of the problem.
I can find nothing in the logs, other than the failed reads, so I am at
a loss to diagnose things.
Environment - The O/S is Ubuntu 18.04 LTS.
nginx is version 1.16.1 compiled to include a couple of extra
modules...standard stuff plus...
--with-pcre=../pcre-8.42 \
--with-zlib=../zlib-1.2.11 \
--add-module=../nchan-1.2.6
nginx talks to php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
Any ideas gratefully received!
Regards
Ian
--
Ian Hobson
--
This email has been checked for viruses by AVG.
https://www.avg.com
4 Nov
4 Nov
6:12 p.m.
On 2019-11-04 17:51+0000, Ian Hobson wrote:
I have had a user complain they got no response from a
website
on my VPN.
Is the website on your VPS, or is this a website on another network
outside of 85.119.80.0/21?
It appears that from about 9:07 until after 9:44 my
front-end (nginx)
could not talk to the back-end (php). It cleared before I became aware
of the problem.
Is this today? Looking at my VPS graph there were no slumps in the main
service that it runs. Did something crawl your web server and it spawned
a mass of PHP processes or similar?
I can find nothing in the logs, other than the failed
reads, so I am
at a loss to diagnose things.
Is there anything in /var/log/* around this time?
nginx talks to php7.2-fpm using fastcgi-pass to
127.0.0.1:9000.
I'm not familiar with fastcgi-pass - I'll look into it over the coming
weeks though as I'm generally a fan of FCGI :)
--
Best regards,
Ed http://www.s5h.net/
7:04 p.m.
Hi,
Thanks for the response.
On 04/11/2019 18:12, ed-bitfolk(a)s5h.net wrote:
There were a large number of POSTS to /xmlrpc.php which is part of
wordpress. I thought nothing of it, until I googled it.
Seemingly xmlrpc.php is used to post remotely to your site. Curently it
is more used for DDOS attacks. The IP was from china.
So xmlrpc will be disabled on all my wordpress sites.
It works great.
Regards
Ian
--
Ian Hobson
Tel (+351) 910 418 473
--
This email has been checked for viruses by AVG.
https://www.avg.com
On 2019-11-04 17:51+0000, Ian Hobson wrote:
The website is hosted on the VPS, however it was being
accessed via an
SSH link. The website appears to be on localhost:8080 to those with the
SSH link open.
I have had a user complain they got no response
from a website
on my VPN.
Is the website on your VPS, or is this a website on another network
outside of 85.119.80.0/21? It appears that from about 9:07 until after 9:44
my front-end (nginx)
could not talk to the back-end (php). It cleared before I became aware
of the problem.
Is this today? Looking at my VPS graph there were no slumps in the main
service that it runs. Did something crawl your web server and it spawned
a mass of PHP processes or similar? I can find nothing in the logs, other than the
failed reads, so I am
at a loss to diagnose things.
Is there anything in /var/log/* around this time?
nginx talks to
php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
I'm not familiar with fastcgi-pass - I'll look into it over the coming
weeks though as I'm generally a fan of FCGI :)
7:50 p.m.
Rather than disabling XMLRPC, there's a plugin called "*Disable XML-RPC
Pingback*" which might be better. XML-RPC is primarily used by Wordpress
client applications (like the Mobile App), and Jetpack (the wordpress.com
plugin pack).
--
Jon "The Nice Guy" Spriggs
@jontheniceguy everywhere...
https://jon.sprig.gs
On Mon, 4 Nov 2019 at 19:05, Ian Hobson <hobson42(a)gmail.com> wrote:
Hi,
Thanks for the response.
On 04/11/2019 18:12, ed-bitfolk(a)s5h.net wrote:
There were a large number of POSTS to /xmlrpc.php which is part of
wordpress. I thought nothing of it, until I googled it.
Seemingly xmlrpc.php is used to post remotely to your site. Curently it
is more used for DDOS attacks. The IP was from china.
So xmlrpc will be disabled on all my wordpress sites.
It works great.
Regards
Ian
--
Ian Hobson
Tel (+351) 910 418 473
--
This email has been checked for viruses by AVG.
https://www.avg.com
_______________________________________________
users mailing list
users(a)lists.bitfolk.com
https://lists.bitfolk.com/mailman/listinfo/users
On 2019-11-04 17:51+0000, Ian Hobson wrote:
The website is hosted on the VPS, however it was being
accessed via an
SSH link. The website appears to be on localhost:8080 to those with the
SSH link open.
I have had a user complain they got no response
from a website
on my VPN.
Is the website on your VPS, or is this a website on another network
outside of 85.119.80.0/21? It appears that from about 9:07 until after 9:44
my front-end (nginx)
could not talk to the back-end (php). It cleared before I became aware
of the problem.
Is this today? Looking at my VPS graph there were no slumps in the main
service that it runs. Did something crawl your web server and it spawned
a mass of PHP processes or similar? I can find nothing in the logs, other than the
failed reads, so I am
at a loss to diagnose things.
Is there anything in /var/log/* around this time?
nginx
talks to php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
I'm not familiar with fastcgi-pass - I'll look into it over the coming
weeks though as I'm generally a fan of FCGI :)
5 Nov
5 Nov
12:38 p.m.
** Jon Spriggs <jon(a)sprig.gs> [2019-11-04 19:51]:
On Mon, 4 Nov 2019 at 19:05, Ian Hobson
<hobson42(a)gmail.com> wrote:
<snip>
> There were a large number of POSTS to /xmlrpc.php
which is part of
> wordpress. I thought nothing of it, until I googled it.
>
> Seemingly xmlrpc.php is used to post remotely to your site. Curently it
> is more used for DDOS attacks. The IP was from china.
>
> So xmlrpc will be disabled on all my wordpress sites.
>
> >> nginx talks to php7.2-fpm using fastcgi-pass to 127.0.0.1:9000.
> >
> > I'm not familiar with fastcgi-pass - I'll look into it over the coming
> > weeks though as I'm generally a fan of FCGI :)
> >
> It works great.
Rather than disabling XMLRPC, there's a plugin
called "*Disable XML-RPC
Pingback*" which might be better. XML-RPC is primarily used by Wordpress
client applications (like the Mobile App), and Jetpack (the wordpress.com
plugin pack).
** end quote [Jon Spriggs]
I have had issues with RPC and WordPress, and still get regular
probes/connections. I did have the Disable XML-RPC Pingback plugin for a while,
but I've removed it now as I have Fail2ban doing the job. It seems to be kept
quite busy, but is clearly doing its job, and has the benefit of allowing
Jetpack to function if you want to connect with that.
--
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
4:11 p.m.
On 05/11/2019 12:38, Paul Tansom wrote:
** Jon Spriggs <jon(a)sprig.gs> [2019-11-04
19:51]:
Would you mind sharing the rule you use for this? As a Wordpress and
fail2ban user myself it does sound a better solution to me.
Thanks
Gavin
Rather than disabling XMLRPC, there's a
plugin called "*Disable XML-RPC
Pingback*" which might be better. XML-RPC is primarily used by Wordpress
client applications (like the Mobile App), and Jetpack (the wordpress.com
plugin pack).
** end quote [Jon Spriggs]
I have had issues with RPC and WordPress, and still get regular
probes/connections. I did have the Disable XML-RPC Pingback plugin for a while,
but I've removed it now as I have Fail2ban doing the job. It seems to be kept
quite busy, but is clearly doing its job, and has the benefit of allowing
Jetpack to function if you want to connect with that.
6:10 p.m.
** Gavin Westwood <bitfolk-lists-2015(a)gavinwestwood.uk> [2019-11-05 16:11]:
On 05/11/2019 12:38, Paul Tansom wrote:
** end quote [Gavin
Westwood]
I set this up in 2014 by the looks of it. I can't remember where I got the
reference info from, but I've got a file I ended up calling wp-xmlrpc.conf in
the /etc/fail2ban/filter.d directory (Ubuntu 18.04). That may be unecessary
detail.
The content is:
--
# Fail2Ban configuration file
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
_daemon = wp-xmlrpc
# Option: failregex
# Notes.: regex to match repeated xmlrpc attacks. The
# host must be matched by a group named "host". The tag "" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values: TEXT
#
failregex = \s.*\s.POST /xmlrpc.php HTTP/1.1"*.\s.*
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
and /etc/fail2ban/jail.local
[wp-xmlrpc]
enabled = true
filter = wp-xmlrpc
action = iptables-multiport[name=wp-xmlrpc, port="80,443", protocol=tcp]
sendmail-whois[name=wp-xmlrpc, dest=email(a)domain.net]
logpath = /home/*/logs/access_log
maxretry = 10
findtime = 60
bantime = 3600
--
I am no expecting somebody to point out an error :-)
--
Paul Tansom | Aptanet Ltd. | https://www.aptanet.com/ | 023 9238 0001
=============================================================================
Registered in England | Company No: 4905028 | Registered Office: Ralls House,
Parklands Business Park, Forrest Road, Denmead, Waterlooville, Hants, PO7 6XP
** Jon Spriggs <jon(a)sprig.gs> [2019-11-04
19:51]:
Would you mind sharing the rule you use for this? As a Wordpress and
fail2ban user myself it does sound a better solution to me. Rather than disabling XMLRPC, there's a
plugin called "*Disable XML-RPC
Pingback*" which might be better. XML-RPC is primarily used by Wordpress
client applications (like the Mobile App), and Jetpack (the wordpress.com
plugin pack).
** end quote [Jon Spriggs]
I have had issues with RPC and WordPress, and still get regular
probes/connections. I did have the Disable XML-RPC Pingback plugin for a while,
but I've removed it now as I have Fail2ban doing the job. It seems to be kept
quite busy, but is clearly doing its job, and has the benefit of allowing
Jetpack to function if you want to connect with that.
4 Nov
4 Nov
7:52 p.m.
On 2019-11-04 19:04+0000, Ian Hobson wrote:
There were a large number of POSTS to /xmlrpc.php
which is part of
wordpress. I thought nothing of it, until I googled it.
Seemingly xmlrpc.php is used to post remotely to your site. Curently
it is more used for DDOS attacks. The IP was from china.
So xmlrpc will be disabled on all my wordpress sites.
I've been bitten by wordpress, in a very bad way. Static site generation
is the only type of blog for me now.
--
Best regards,
Ed http://www.s5h.net/
5 Nov
5 Nov
11:52 a.m.
New subject: Static web site generators (Was: Re: Networking? problem)
Hello,
On Mon, Nov 04, 2019 at 07:52:39PM +0000, ed-bitfolk(a)s5h.net wrote:
I've been bitten by wordpress, in a very bad way.
Static site generation
is the only type of blog for me now.
Which static site generator do you like? Which have you tried?
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
5:57 p.m.
New subject: Static web site generators (Was: Re: Networking? problem)
On 2019-11-05 11:52+0000, Andy Smith wrote:
Which static site generator do you like? Which have
you tried?
I've used a few. Some better than others. For one site I use jbake:
<https://jbake.org/>
It is quite good, it can process markdown and asciidoc.
For another site I use my own python, which is mostly just 'import
markdown' and reads a list of files to process on stdin. This doesn't
allow for fancy things like sitemaps or RSS that you would get from the
vast majority of what's on the market.
I did use PubTal in the past, it didn't use MarkDown, but it was fun at
the time to have absolute control of the output. That isn't what I want
these days though.
<https://www.owlfish.com/software/PubTal/>
Here's a good list of static python generators.
<https://www.fullstackpython.com/static-site-generator.html>
At a previous job the customer used Movable Type, which although gets
some negative feedback, it does have dynamic and static generation. I
don't use it personally, though.
There's good reason to use static generators. At the previous company,
plenty of times I'd get paged because IP sources in China had found
something on the site that took a little longer to respond than other
content. They'd then send the full weight of their bot nets upon it.
The small hassle upfront is worth it. Plus it's pretty simple to store
in git.
--
Best regards,
Ed http://www.s5h.net/
6 Nov
6 Nov
12:24 p.m.
New subject: Static web site generators (Was: Re: Networking? problem)
If people want the advantages of WordPress with the speed and security
of a static site, there are at least a couple of plugins that will
create a static site from a WordPress one.
I am responsible for a string of event sites - after the thing is over,
they get transformed into static site archives in about a minute.
Ian
1:01 p.m.
New subject: Static web site generators (Was: Re: Networking? problem)
To add another data point...
I've been using Jekyll for about a year now. Back when I started looking at
static side generators, I looked at various options and Jekyll looked to be
the best supported and most extensible one. That said, I've had to
modify/write several plugins to make it do things I wanted, so you probably
need to be willing to get your hands dirty.
Cheers,
Alun.
8:01 a.m.
New subject: Static web site generators (Was: Re: Networking? problem)
On Tue, 5 Nov 2019 at 11:52, Andy Smith <andy(a)bitfolk.com> wrote:
Which static site generator do you like? Which have
you tried?
I've used a lot of Jekyll (and not much else!)
I ported lug.org.uk from Drupal to Jekyll. It's hosted on a Bitfolk VPS,
but the code that creates it is here:
https://github.com/lugorguk/lug.org.uk-website
I also ported oggcamp.org to the same host:
https://github.com/oggcamp/oggcamp.github.io
I have a simple cron job that fires on lug.org.uk to poll the git repo.
That's here:
https://github.com/jontheniceguy/git-autoupdate
For sites which are not hosted at lug.org.uk, I've been a part of the team
who host technw.uk, who use github pages to host their site:
https://github.com/manchester-tech-events/manchester-tech-events.github.io
And, a while ago, I was part of the team who updated vagrantbox.es,
although this has seen very little love since Hashicorp started running
their own index:
https://github.com/garethr/vagrantboxes-heroku
All the best,
--
Jon "The Nice Guy" Spriggs
@jontheniceguy everywhere...
https://jon.sprig.gs
10:25 a.m.
New subject: Static web site generators (Was: Re: Networking? problem)
On Tue, 5 Nov 2019, at 11:52, Andy Smith wrote:
Which static site generator do you like? Which have you tried?
I use cryogen: http://cryogenweb.org/
Initially picked it as I thought it would be good excuse to play with some more clojure,
but I haven't actually found anything that I want to modify.
It has a mode where it can run a local webserver that regenerates on source file changes
that I find really useful when I'm editing stuff.
Robert
________________________________________________________
Robert McWilliam rmcw(a)allmail.net argh.technology
What do you consider to be your median achievement?
11:36 a.m.
New subject: Static web site generators (Was: Re: Networking? problem)
On 5 Nov 2019, at 11:52, Andy Smith
<andy(a)bitfolk.com> wrote:
Hello,
On Mon, Nov 04, 2019 at 07:52:39PM +0000, ed-bitfolk(a)s5h.net wrote:
I use Hugo (https://gohugo.io/). Seems to do what I need, and doesn’t require java or
anything much else installed for it to run.
cheers,
David
I've been bitten by wordpress, in a very bad
way. Static site generation
is the only type of blog for me now.
Which static site generator do you like? Which have you tried?
Cheers,
Andy 
12:31 p.m.
New subject: Static web site generators (Was: Re: Networking? problem)
On Wed, Nov 06, 2019 at 11:36:04AM +0000, Dr David Mills wrote:
I've used Hugo for my site as well (naturally), but I've found the
docs really hard to follow.
Hugo.
--
Hugo Mills | UNIX: Spanish manufacturer of fire extinguishers
hugo@... carfax.org.uk |
http://carfax.org.uk/ |
PGP: E2AB1DE4 |
On 5 Nov 2019, at 11:52, Andy Smith
<andy(a)bitfolk.com> wrote:
Hello,
On Mon, Nov 04, 2019 at 07:52:39PM +0000, ed-bitfolk(a)s5h.net wrote:
I use Hugo (https://gohugo.io/). Seems to do what I need, and doesn’t require java or
anything much else installed for it to run. I've been bitten by wordpress, in a very bad
way. Static site generation
is the only type of blog for me now.
Which static site generator do you like? Which have you tried?
Cheers,
Andy
1872
days inactive
1874
days old
15 comments
11 participants
participants (11)
-
Alun -
Andy Smith -
Dr David Mills -
ed-bitfolk@s5h.net -
Gavin Westwood -
Hugo Mills -
Ian -
Ian Hobson -
Jon Spriggs -
Paul Tansom -
Robert McWilliam