Архив рубрики: Публикации

Antidetect 2018 Pro OpenSource

¯_(ツ)_/¯

Примечание: Информация для исследования, обучения или проведения аудита. Применение в корыстных целях карается законодательством РФ.


Что такое XML-RPC и как остановить атаку на WordPress

XML-RPC — это протокол удаленных процедур, который позволяет удаленно взаимодействовать с вашим сайтом WordPress. Другими словами, это способ управлять сайтом без необходимости входа в систему вручную через стандартную страницу «wp-login.php». Он широко используется плагинами, наиболее известным из собственного плагина Jetpack от Automattic. Однако в эти дни слово «XML-RPC» получило плохое имя. В этой статьи мы объясним, что такое XML-RPC в WordPress и как остановить атаку XML-RPC на вашем веб-сайте WordPress

Включен ли XML-RPC на вашем веб-сайте на WordPress?

Быстрый способ проверить, является ли ваш сайт уязвимым, — это посетить следующий URL-адрес из браузера:

yoursite.ru/xmlrpc.php

 

Если он включен, вы должны получить ответ, в котором говорится, что «сервер XML-RPC принимает только запросы POST».

Опасности и преимущества XML-RPC

В сообществе безопасности WordPress было много вопросов о XML-RPC. В основном есть две проблемы:

  1. XML-RPC можно использовать для DDoS-атаки

  2. Его можно использовать для повторного использования комбинаций имени пользователя и пароля

По крайней мере, это было возможно. С тех пор WordPress подключил лазейки (https://core.trac.wordpress.org/ticket/34336) , которые позволили людям одновременно попробовать сотни имен пользователей и паролей. Начиная с версии 4.4, она была улучшена. Теперь WordPress будет молча выполнять все последующие попытки входа в систему, как только один вызов XML-RPC завершился неудачно. Большой!

Тем не менее, есть те, кто по-прежнему обеспокоен легкостью, в то время как удаленные вызовы процедур, подобные этому, могут быть сделаны. Итак, вот несколько способов защитить ваш сайт от XML-RPC — начиная с самого легкого способа, до самого тяжелого.

Метод 1: Отключение Pingbacks

Это процесс, который использует ваш сервер в качестве невольного участника в атаке на другой сервер. В основном, кто-то говорит вашему сайту «Эй, этот URL-адрес, связанный с вашим блогом!», А затем ваш сайт отвечает «pingback» на этот URL. Кроме того,  нет никакой проверки, что URL на самом деле сделал ссылку на вас. Сделайте это с сотнями уязвимых сайтов WordPress, и у вас есть DDoS-атака на ваших руках! Самый простой способ запретить использование вашего сайта таким образом — добавить следующий код в функции functions.php вашей темы:

function stop_pings ($vectors) {

unset( $vectors['pingback.ping'] );

return $vectors;

}

add_filter( 'xmlrpc_methods', 'stop_pings');

Способ 2. Предотвращение всех запросов на аутентификацию через XML-RPC

Этот второй метод определяет, хотите ли вы разрешать методы XML-RPC, которые аутентифицируют пользователей. Возьмем, к примеру, публикацию блога по электронной почте. Сайт получит ваше электронное письмо, проверит вас через XML-RPC, а затем опубликует его, если совпадают учетные данные.

Многим людям неудобно, когда XML-RPC может просто принимать случайные вызовы, подобные этому. Это привело к попыткам сотен или тысяч попыток аутентификации. Несмотря на то, что WordPress с тех пор обращался к этой конкретной форме взлома, есть те, кто рекомендует просто отключить ее.

Для этого введите этот код в functions.php:

add_filter('xmlrpc_enabled','__return_false');

 

Важно отметить, что это не то же самое, что и первый метод. Этот код только отключает методы проверки подлинности и оставляет все остальные нетронутыми — например, pingbacks.

Способ 3: Отключить доступ к xmlrpc.php

Это самый экстремальный метод, который полностью отключает все функции XML-RPC. Он требует, чтобы вы редактировали файл .htaccess в корневом каталоге вашего WordPress. Добавьте следующий код вверху:

<files xmlrpc.php>

Order allow,deny

Deny from all

</files>

 

Примечание
Если вы обнаружите, что ваша версия WordPress не имеет файла .htaccess в корневой папке, просто создайте файл со следующим кодом по умолчанию.

 

# BEGIN WordPress

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^index.php$ - [L]

RewriteCond %{REQUEST_FILENAME} !-f

RewriteCond %{REQUEST_FILENAME} !-d

RewriteRule . /index.php [L]

</IfModule>

# END WordPress

 

Теперь, когда действуют выше правила отказа, попытка доступа к xmlrpc.php будет выполняться со следующей страницей:

Что такое XML-RPC и как остановить атаку на WordPress

И это все, что нужно. Вы успешно отключили XML-RPC на своем сайте WordPress.



2018-07-07T06:43:36
Лучшие учебники по Wodpress

MikroTik Dual WAN PCC Load Balancing with PPPoE Server

Hi geek, you are here because you are finding a complete MikroTik Dual WAN PCC Load balancing and Link Redundancy solution with PPPoE Server because you have managed two ISP connections and want to provide an uninterrupted internet connection to your clients. You also want to manage your LAN clients with PPPoE Server because it provides a hassle free network administration.




MikroTik PCC provides 100% reliable Load Balancing and Link Redundancy network and in my previous article I discussed how MikroTik PCC work and how to configure a basic MikroTik PCC Load Balancing and Link Redundancy network. In this article I will show how to configure a complete Dual WAN PCC Load Balancing and Link Redundancy network with MikroTik PPPoE Server.




Core Devices and IP Information




To configure a PCC load balancing and link redundancy network with PPPoE Server, I am using MikroTik RouterOS v6.38.1 which has two ISP connections available. IP information that I am using for this network configuration are given below.




  • ISP1 IP 192.168.30.2/30 and Gateway IP 192.168.30.1
  • ISP2 IP 192.168.60.2/30 and Gateway IP 192.168.60.1
  • LAN network: 10.10.70.0/24 and LAN Gateway IP 10.10.70.1/24
  • DNS IP: 8.8.8.8 and 8.8.4.4




This IP information is just for my RND purpose. Change this information according to your network requirements.




Network Diagram




To configure a Load Balancing and Link Redundancy network with MikroTik RouterOS, I am following a network diagram like below image.




MikroTik PCC Load Balancing with PPPoE Server Network
MikroTik PCC Load Balancing with PPPoE Server Network




In this network, MikroTik Router’s 1st Interface (ether1) is connected to ISP1 having IP Address 192.168.30.2/30 and 2nd Interface (ether2) is connected to ISP2 having IP Address 192.168.60.2/30. In real network these IP Addresses should replace with your ISP given public IP Address.  Again, 3rd Interface (ether3) is our LAN interface where PPPoE server will be installed and PPPoE network will be 10.10.70.0/24.




We will configure Dual WAN PCC Load Balancing and Link Redundancy in this MikroTik Router and after PCC configuration MikroTik will pass LAN traffic through both ISP equally and if any ISP is disconnected, other ISP will be used to pass all traffic until the disconnected ISP becomes alive. If disconnected ISP becomes alive, both ISP will be used to pass LAN traffic again automatically.




MikroTik PCC Load Balancing Configuration with PPPoE Server




We will now configure PCC Load Balancing network with PPPoE Server according to our above network diagram. Complete configuration can be divided into two parts.




  • MikroTik PCC load balancing configuration over DUAL WAN
  • PPPoE server configuration for LAN




Part 1: MikroTik PCC Load Balancing Configuration over DUAL WAN




In first part, we will do PCC Load Balancing and Link Redundancy configuration. Complete PCC load balancing configuration includes assigning WAN IP, creating mangle rule, policy based routing configuration and NAT configuration. We will now perform these tasks in our MikroTik Router.




Assigning WAN IP 




We have two WAN IPs given from ISP1 and ISP2. We will now assign this WAN IPs in our MikroTik Router’s WAN interface. The following steps will show how to assign WAN IP in your MikroTik Router.






  • Login to MikroTik Router with winbox (with admin privilege credential).
  • Click on Interfaces menu item. Interface List window will appear.
  • Double click on ether1 interface and rename it as ISP1 and then click Apply and OK button. Similarly, click on ether2 interface and rename it as ISP2 and then click Apply and OK button. Again, click on ether3 interface and rename it as LAN and then click Apply and OK button.
  • Go to IP > Addresses menu item and click on PLUS SIGN (+). In New Address window, put ISP1 IP address (192.168.30.2/30) in Address input field and choose ISP1 from Interface dropdown menu and then click on Apply and OK button.
  • Similarly, click on PLUS SIGN (+). In New Address window, put ISP2 IP address (192.168.60.2/30) in Address input field and choose ISP2 from Interface dropdown menu and then click on Apply and OK button.




Alternatively, you can run below command from MikroTik CLI.




/interfaceset “ether1″ name=”ISP1”

set “ether2″ name=”ISP2”

set “ether3″ name=”LAN”

/ ip address

add address=192.168.30.2/30 interface=ISP1

add address=192.168.60.2/30 interface=ISP2




Assigning WAN IP in MikroTik Router has been completed. Now we will create Mangle rule to mark connection and routing.




Creating Mangle Rule




Mangle rule is used to mark packet for proper routing. In this part we will create various mangle rules that will help to mark connection and routing and pass different network traffics to different WAN connections. Go to IP > Firewall menu item and click on Mangle tab and create the following 10 rules as indicated.




  1. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and put ISP1 network address (192.168.30.0/30) in Dst. Address input and then choose LAN from In. Interface dropdown menu. Now click on Action tab and choose accept from Action dropdown menu and then click on Apply and OK button.
  2. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and put ISP2 network address (192.168.60.0/30) in Dst. Address input and then choose LAN from In. Interface dropdown menu. Now click on Action tab and choose accept from Action dropdown menu and then click on Apply and OK button.
  3. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose ISP1 from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Now click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP1_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  4. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose ISP2 from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Now click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP2_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  5. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Click on Advanced tab and choose both addresses from Per Connection Classifier dropdown menu and put 2 in next 1st input field and 0 in 2nd input field. Click on Extra tab and click on Dst. Address Type option and choose local from Address Type dropdown menu and then click on Invert checkbox. Click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP1_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  6. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose no-mark from Connection Mark dropdown menu. Click on Advanced tab and choose both addresses from Per Connection Classifier dropdown menu and put 2 in next 1st input field and 1 in 2nd input field. Click on Extra tab and click on Dst. Address Type option and choose local from Address Type dropdown menu and then click on Invert checkbox. Click on Action tab and choose mark connection from Action dropdown menu and put a connection mark name (ISP2_conn) in New Connection Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  7. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose ISP1_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP1) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  8. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose prerouting from Chain dropdown menu and choose LAN from In. Interface dropdown menu and then choose ISP2_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP2) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  9. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose output from Chain dropdown menu and then choose ISP1_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP1) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.
  10. Click on PLUS SIGN (+). New Mangle Rule window will appear. Click on General tab and choose output from Chain dropdown menu and then choose ISP2_conn from Connection Mark dropdown menu. Now click on Action tab and choose mark routing from Action dropdown menu and put a routing mark name (to_ISP2) in New Routing Mark input field. Uncheck Passthrough checkbox if it is checked. Click on Apply and OK button.




Alternatively, you can run below command from MikroTik CLI.




/ ip firewall mangleadd chain=prerouting dst-address=192.168.30.0/30  action=accept in-interface=LAN

add chain=prerouting dst-address=192.168.60.0/30  action=accept in-interface=LAN

add chain=prerouting in-interface=ISP1 connection-mark=no-mark action=mark-connection

new-connection-mark=ISP1_conn

add chain=prerouting in-interface=ISP2 connection-mark=no-mark action=mark-connection

new-connection-mark=ISP2_conn

add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local

per-connection-classifier=both-addresses:2/0 action=mark-connection new-connection-mark=ISP1_conn

add chain=prerouting  in-interface=LAN connection-mark=no-mark dst-address-type=!local

per-connection-classifier=both-addresses:2/1 action=mark-connection new-connection-mark=ISP2_conn

add chain=prerouting connection-mark=ISP1_conn in-interface=LAN action=mark-routing

new-routing-mark=to_ISP1

add chain=prerouting connection-mark=ISP2_conn in-interface=LAN action=mark-routing

new-routing-mark=to_ISP2

add chain=output connection-mark=ISP1_conn action=mark-routing new-routing-mark=to_ISP1

add chain=output connection-mark=ISP2_conn action=mark-routing new-routing-mark=to_ISP2




Your Mangle list window looks like below image.




PCC Load Balancing Mangle Rules
PCC Load Balancing Mangle Rules




Mangle rules for matching and marking packets has been created successfully. Now we will configure policy based routing so that marked packet can be routed properly through appropriate ISP connection.




Policy Based Routing Configuration




Mangle rules that we have created will mark connection but do not do anything in routing. To pass marked connection to appropriate ISP connection, we need to configure policy based routing. The following steps will show how to configure policy based routing for the marked connection.




  • Go to IP > Routes menu item. Route List window will appear.
  • Click on PLUS SIGN (+). New Route window will appear. Put ISP1 gateway address (192.168.30.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Choose ISP1 routing mark (to_ISP1) from Routing Mark dropdown menu. Click Apply and OK button.
  • Click on PLUS SIGN (+). New Route window will appear. Put ISP2 gateway address (192.168.60.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Choose ISP2 routing mark (to_ISP2) from Routing Mark dropdown menu. Click Apply and OK button.
  • Click on PLUS SIGN (+). New Route window will appear. Put ISP1 gateway address (192.168.30.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Put 1 in Distance input field and Click Apply and OK button.
  • Click on PLUS SIGN (+). New Route window will appear. Put ISP2 gateway address (192.168.60.1) in Gateway input field. Choose ping from Check Gateway dropdown menu. Put 2 in Distance input field and Click Apply and OK button.






Alternatively, you can run below command from MikroTik CLI.




/ ip routeadd dst-address=0.0.0.0/0 gateway=192.168.30.1 routing-mark=to_ISP1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.60.1 routing-mark=to_ISP2 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.30.1 distance=1 check-gateway=ping

add dst-address=0.0.0.0/0 gateway=192.168.60.1 distance=2 check-gateway=ping




Your Routes window looks like the below image.




PCC Load Balancing Routes
PCC Load Balancing Routes




Routing configuration for selecting proper ISP has been completed. Now we need to configure NATing so that LAN traffic can reach to internet.




NAT Configuration




We will now configure NATing so that LAN user can reach to internet through MikroTik Router. The following steps will guide how to configure NAT in MikroTik Router for a specific ISP connection.




  • Go to IP > Firewall menu item and click on NAT tab.
  • Click on PLUS SIGN (+). New NAT Rule window will appear. In General tab, choose srcnat from Chain dropdown menu and choose ISP1 from Out. Interface dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and click Apply and OK button.
  • Similarly, click on PLUS SIGN (+) again. New NAT Rule window will appear. In General tab, choose srcnat from Chain dropdown menu and choose ISP2 from Out. Interface dropdown menu. Click on Action tab and choose masquerade from Action dropdown menu and click Apply and OK button.




Alternatively, you can run below command from MikroTik CLI.




/ ip firewall natadd chain=srcnat out-interface=ISP1 action=masquerade

add chain=srcnat out-interface=ISP2 action=masquerade




NAT configuration as well as PCC Load Balancing and Link Redundancy configuration has been completed. Now we will configure PPPoE server in MikroTik Router to manage our LAN users easily.




Part 2: PPPoE Server Configuration for LAN




PPPoE provides extensive user management and network management benefits to network administrators. So it is always better to use PPPoE server for managing LAN user. Complete PPPoE Server configuration can be divided into the following four steps.




  • IP Pool Configuration
  • Enabling PPPoE Server
  • User Profile Configuration and
  • User Secrets (username and password) Configuration




IP Pool Configuration




IP Pool is IP range from where IP will be assigned to user computer after user authentication. The following steps will show how to create IP Pool in your MikroTik Router.




  • Go to IP > Poolmenu item and click on PLUS SIGN (+). New IP Pool window will appear now. Put a pool name (LAN_Pool) in Name input field and address range (172.16.0.2-172.16.0.254) in Addresses input field.
  • Click Applyand OK
  • You can create as many IP Pools as you want following the above steps properly.




IP Pool configuration has been completed. Now we will enable PPPoE Server in MikroTik Router.




Enabling PPPoE Server  




We will now enable PPPoE Server in our MikroTik Router. The following steps will show how to enable PPPoE Server in MikroTik Router.




  • Click on PPPmenu item and click on PPPoE Servers tab and then click on PLUS SIGN (+). New PPPoE Service window will appear now.  Put your PPPoE Server name (LAN_PPPoE_Server) in Service Name input box.
  • Now choose your LAN interface (LAN) where PPPoE Server will be enabled from Interfacedrop-down menu.
  • Click on One Session Per Hostif you don’t want to allow multiple session from one computer.
  • At the bottom of this window, you can see four authentication methods. Select only PAP, and unselect all other options. Now click Applyand OK button.




PPPoE Server configuration in MikroTik router has been completed. Now we will create user profile so that we can apply user limitation and other user settings easily.




User Profile Configuration




User profile gives benefits to apply user settings and user limitation such as user bandwidth and number of user connection limitation. User profile also gives facility to categorize your LAN users. The following steps will show how to create user profile for your PPPoE users.




  • Click on Profiles tab. You will see two default profiles are already created by MikroTik RouterOS. We will do nothing with the default profiles. Rather we will create a new profile. Click on PLUS SIGN (+). New PPP Profile window will appear now.
  • Put your profile name (LAN_User_Profile) in Name input field. Now put LAN Gateway (10.10.70.1) in Local Address input field and choose your IP Pool (LAN_Pool) from Remote Address drop-down menu. Note that Local Address is the gateway address of this IP block which not included in LAN_Pool. So, when a user will be connected to this profile, he/she will get an IP from LAN_Pool and his/her gateway will be 10.10.70.1.
  • At the bottom of this window, put your DNS server IP that you have got from your ISP or put Google’s public DNS 8.8.8.8 in DNS Server input box.
  • Optionally, you can set bandwidth limit and number of connection limit for this profile user from Limits To set bandwidth limit, click on Limits tab and put download and upload speed in Rate Limit (rx/tx)input box in bit. For example, type  512000/512000 for this profile if you want all users of this profile get 512kbps upload and download speed. Also click on yes radio button from Only One panel. If you keep it default or no, multiple computers can be connected with same username and password. Obviously, you don’t want it.
  • Now click Apply and OK button.
  • You can create as many user profiles as you want following the above steps properly.




User profile configuration has been completed. Now we will create user secret (username and password) so that they can connect to our PPPoE server with this secret.




User Secret Configuration




Now we will create user secret that will be used to connect to PPPoE Server. The following steps will show how to create user secret in your MikroTik Router.




  • From PPP window, click on Secretstab and then click on PLUS SIGN (+). New PPP Secret window will appear now.
  • Put client username in the Nameinput box and password in Password input box. Note that username and password is necessary when any client will be connected from his workstation (PC, Laptop, Router and so on). Also, it is case-sensitive. So, be careful to put these fields.
  • Now choose pppoefrom Service drop-down list and choose profile for this user (LAN_User_Profile) from Profile drop-down list.
  • Optionally, you can bind any device with this username and password providing MAC address. Put MAC address of any device in Caller IDinput box. If you put MAC address of any device in Caller ID, only this device can be connected with this secret (username and password).
  • You can create as many secrets as you want following the above steps.






User secret configuration has been completed as well as all the steps for configuring a PPPoE service in MikroTik router has been completed. Now it is time to show how to configure PPPoE client in any operating system.




PPPoE Client Configuration




We have completely configured PPPoE Server in MikroTik Router. Now your MikroTik is ready to accept PPPoE client. A number of PPPoE clients are present now a day. Among them, now I will show how to configure PPPoE client in windows 7 operating system. All other versions of windows operating system follow almost the same procedure. So, you don’t face any difficulty, I think. However, if you feel any problem to configure PPPoE client of any operating platform, I recommend you to go Google and search how to configure PPPoE client of that specific operating platform.




Steps to Create PPPoE dial Up Connection in Windows 7




Microsoft PC dialer is used to connect remote PPPoE Server in window 7 to get access to the internet. So, you have to configure Microsoft PC dialer in windows 7 PC to get access to the internet through your MikroTik Router. Follow my bellow steps to create PPPoE connection in windows 7 with built in PPPoE wizard.




  1. Connect an Ethernet cable to windows 7 PC from your network switch.
  2. Open Network and Sharing Centerfrom Control Panel.
  3. Now click on Setup a new connection or networklink under Change your networking settings area.Set Up a Connection or Network window will appear.
  4. In this window, click on Connect to the internetoption and click the Next Connect to the Internet window will appear.
  5. Click on Broadband (PPPoE)option from this window and put username and password that you have created in PPP secret configuration step in User name and Password input field accordingly. Optionally, you can change connection name in Connection name input field and you can also click on Remember this password option otherwise you have to provide password every time you start your PC. Now click on Connect If you provide correct username and password, The connection to the Internet is ready to use message will be shown. Now click on Close A dialer will be created in your windows 7 PC and you can enter your credential anytime to connect Internet with this dialer.




You are now connected to the internet with PPPoE dialer. Browse any site. I hope, you will be successful to browse any site now.




If you face any confusion to follow above steps properly, follow my video tutorial about PCC Load Balancing configuration with PPPoE Server. I hope, it will reduce your any confusion.