As the recored by Linode, the site server was first lauched on Apr 1, 2014. It was running Ubuntu 12.04. Later I setup wordpress and moved my blog here from blogspot on Aug 16, 2024. Spurious Wakeups was my first post. Now, the server is running Ubuntu 24.04, and is using catch box theme with css customization:
CSS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
@media screen and (width > 960px) {
div#page.site {
width:1400px;
}
div#primary {
width:calc(100%-280px);
}
aside#secondary {
width:260px;
}
}
.entry-content p {
margin-bottom:20px;
}
code {
background-color:#f0f0f0;
border-radius:4px;
padding:4px6px;
}
Just updated all plugins and found 3 problems.
1. Google Analytics 4
Google fully replaced Universal Analytics with Google Analytics 4 on July 1, 2024. Just noticed that, all visiting history are lost 🙁
2. Fail2ban not working
Fail2ban is not working anymore, due to the switch from iptables to nftables in Ubuntu 21.10. So it has broken for about 2 years, since my last upgrade to Ubuntu 22.04. Found the issue by running fail2ban-client -d. Simply revert the change in config sudo vi /etc/fail2ban/jail.d/defaults-debian.conf.
1
2
3
4
5
6
[DEFAULT]
#banaction = nftables
#banaction_allports = nftables[type=allports]
banaction=iptables-multiport
banaction_allports=iptables-allports
backend=systemd
Since Fail2ban also updated its default backend from pyinotify to systemd(see above), backend should be also reverted in wordpress config sudo vi /etc/fail2ban/jail.d/wordpress.conf.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[wordpress-hard]
backend=pyinotify
enabled=true
filter=wordpress-hard
logpath=/var/log/auth.log
bantime=86400
maxretry=1
port=http,https
[wordpress-soft]
backend=pyinotify
enabled=true
filter=wordpress-soft
logpath=/var/log/auth.log
bantime=3600
maxretry=3
port=http,https
Make sure package python3-pyinotify and python3-system are installed. Restart Fail2ban.
3. Akismet not working
Akismet is reporting 500 errors. Details are found in logs: .../plugins/akismet/.htaccess: Require not allowed here. This is sloved by adding config to apache server to allow AuthConfig, in both http and https config files.
Hundreds lines of log in wordpress show that, attackers are just trying passwords via xmlrpc.php. Add protection using the WP fail2ban plugin, inspired by the post here.
Well.. long time no see. Just have some time to optimize the site for better analysis.
According to the official tutorial:
1. Enable mod_rewrite in apache2.
1
# sudo a2enmod rewrite
2. Enable FollowSymLinks option, which is default.
3. Enable FileInfo directives. Edit /etc/apache2/sites-available/yoursite.com.conf, add:
Apache
1
2
3
4
<Directory/home/yourname/yoursite/>
Requireallgranted
AllowOverrideFileInfo
</Directory>
4. Restart apache:
1
# sudo service apache2 restart
Updated Dec 31, 2015:
Enabling mod_rewrite rewrites all requests including the one used by mod_status. To disable this, add a rule to the .htaccess file.
Apache
1
RewriteCond%{REQUEST_URI}!=/server-status
Then, change its user & group attributes to prevent overwriting from apache.