Category Archives: Web Hosting

Email alert for SSH logins

It is good idea to get notified when someone logs into your Linux server.

First be sure that your server is able to send email (at least Postfix + valid ptr)

Open /etc/profile and at the bottom add the following:

if [ -n "$SSH_CLIENT" ]; then
TEXT="$(date): ssh login to ${USER}@$(hostname -f)"
TEXT="$TEXT from $(echo $SSH_CLIENT|awk '{print $1}')"
echo $TEXT|mail -s "ssh login $(hostname -f)" EMAIL@DOMAIN.TLD

Replace EMAIL@DOMAIN.TLD with your email

Save file and logout/login again. Check your inbox

Protect wp-login.php with .htaccess

Brute force attack aims at being the simplest kind of method to gain access to a site (wordpress or not). It combines usernames and passwords, over and over again, until it gets in. That is the main reason why you should always use secure passwords and avoid common usernames (admin, siteadmin, etc…)

The simple way to protect your WordPress site from brute force is to lock the access to wp-login.php file with htaccess.

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from x.x.x.x
Allow from y.y.y.y

You can add as much as you want IPs inside the Files block and all other IPs will be blocked with Error 403 (Forbidden error).

Unfortunately this is not the nicest way because IPs you’re accessing from are not always static…

Simple FTP backup script

The first post for this year…

Simple FTP backup script

# nano backup_script

Add next lines and save.

DM=$(date +"%b-%d-%Y")
tar -Pzcf /backup/backup_$DM.tar.gz /backup/some_dir/
cd /backup
ftp -nv <<EOF
user ftp_username ftp_password
put backup_$DM.tar.gz
echo -e  "FTP backup done!"

Make it executable with

# chmod +x backup_script

Of course, you need to replate ftp_username and ftp_password with valid username and password. Also, IP address should be replaced with your ftp server IP address.

Add this script to cron (for example once per day at 4:00AM)