:::: MENU ::::
Monthly Archives: March 2015

Secure your website forms with fail2ban

So you waked up this morning and found a lot of spam content being sent to your website forms even though you have some kind of basic Captcha protection; so some idiot spammers are spamming your forms with the hope that they are able to send spam emails throw your website.  

To add another layer of security for your website you can use fail2ban to detect unusual form posts behaviour, for example if there are too many posts in a short period of time to your website contact form,  most probably to be an indicator for a spamming attempt.

In one of my websites I had a lot of posts to a feedback form URL, with spam contents, so I use fail2ban to fully block IP’s with suspicious activity. Once you have fail2ban installed you need to do 2 steps:

P.S: This is done with Fail2Ban v0.9.1 and CentOS6

Step 1:
Create a filter to detect POST actions of your form, in my case the POST action of the form targets 2 URL’s depending on the language.

/en/feedback/process_new_feedback
/fr/feedback/process_new_feedback

So the filter usually located at /etc/fail2ban/filter.d and have the extension .conf have the next content:

[Definition]
failregex = ^ -.*"POST .*?feedback/process_new_feedback
ignoreregex =

?=n Matches any string that is followed by a specific string n, this is to apply my filter to posts independently of the language part of the URL

Step 2
Create the jail rule in the file /etc/fail2ban/jain.conf  (append the new rule to the end of the file)
The jail rule is where you specify when to block an IP address and for how long.

[feedback-post]
enabled = true
filter = feedback-post
logpath = /var/log/nginx/nbc_pro_access.log
findtime = 50
bantime = 3600
maxretry = 7
banaction = iptables-allports

In this case if in an interval of 50 seconds I have 7 posts actions from the same IP address I ban the IP address by blocking any access for 3600 seconds.


Puppet Failed to find facts from PuppetDB at 8081 Connection refused

The Environment
Centos 6.5, puppet master, puppet 3.3.2

The Problem
When trying to run from an agent

#puppet agent --test

It fails with the next error:
Error 400 on SERVER: Could not retrieve facts for server.example.com: Failed to find facts from PuppetDB at foreman.server.com:8081: Connection refused – connect(2)

The Solution

In the puppet master restart the puppetdb and make sure its running

#  /etc/init.d/puppetdb restart
#  /etc/init.d/puppetdb status

Install Symantec certificate in AWS Elastic Load Balancer

After ordering you web server certificate from Symantec you will receive 3 files, below you can see an example of the received three files:

Intermediate certificate: Symantec_Class_3_Secure_Server_CA_-_G4.cer

Root Certificate:  VeriSign_Class_3_Public_Primary_Certification_Authority_G5.cer

Server Certificate: server.example.com.cer

To install the certificate in the Amazon Web Services Elastic Load Balancer you have to fill the next fields :

AWS Elastic Load Balancer ssl certificate install

 

The format of the certificates to be added is pem, you don’t have to convert your cer files to pem format, cer files are actually pem encoded just with another extension.

 .cert .cer .crt are .pem (or rarely .der) formatted file with a different extension, one that is recognized by Windows Explorer as a certificate, which .pem is not. 

The fields to fill in the AWS ELB new certificate form are:

 Private key: The private Key you have used to generate the csr file (Certificate Signing Request) you sent to semantic .

Public Key Certificate: This is the server.example.com.cer contents in the above example.

Certificate Chain: This is the combination of the intermediate certificate and a root certificate, you can create a file with the contents (from top to button) of the intermediate certificate and a root certificate and use the contents of that file to fill the Certificate chain field.

For example in bash, for the example files mentioned above, you can do:

cat Symantec_Class_3_Secure_Server_CA_-_G4.pem VeriSign_Class_3_Public_Primary_Certification_Authority_G5.pem > chain_file.pem