Linux – how to avoid running an alias command in shell
In some cases, you might have multiple binaries, scripts or aliases with the same name in your system. Under certain circumstances you want to run only a built-in shell command, but no an alias of the command. Here are some ways to do it.
The “ls” command is usually aliased to color the output, for instance –
While running a performance test on a local web service, I encountered below error –
$ ab -n 600000 -c 10000 http://localhost:8080/test
...
Benchmarking localhost (be patient)
Test aborted after 10 failures
apr_socket_connect(): Cannot assign requested address (99)
Clearly the number of concurrent requests(-n) and concurrent connections(-c) is high. But would it be possible to tweak my system so that it can handle this? Apparently yes. Doing some reading no Ephemeral port range. For a typical TCP connection, a 4-tuple of source IP/port and destination IP/port is required. In our case, the source and destination IP is fixed (127.0.0.1) as well as the destination port (8080). How many source port range do we have?
How to disable or block XML-RPC in wordpress served by apache server.
Per the official documentation – XML-RPC on WordPress is actually an API or “application program interface“. It gives developers who make mobile apps, desktop apps and other services the ability to talk to your WordPress site. The XML-RPC API that WordPress provides gives developers a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface
Unfortunately XML-RPC has drawbacks too, to mention some –
DDoS via XML-RPC pingbacks
Brute force attacks via XML-RPC
While looking at the access logs of my web servers, there were so many xmlrpc.php calls that looked suspicious.
Searching the abuse IP database – https://www.abuseipdb.com/check/121.42.52.27 – the remote client hitting my server has been reported several times. Time to block this IP. After some googling, I came across a way to block it with .htaccess. We can either completely block the xmlrpc.php for all external IPs or for a specific blacklisted IPs.
In my .htaccess file, I added below line to block all IPs –
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
We can also block a specific IP address which is showing suspicious activity from our access logs –
<Files xmlrpc.php>
Order Deny,Allow
Allow from all
Deny from 121.42.52.27
</Files>
Post reloading apache, we can see that the remote client is getting 403s –
One of the most frequent interview question for tech professionals, especially system administrators and developers is – “tell us what happens when you type a URL in a browser?”. Skipping the DNS resolution part, we can understand the client to server HTTP communication with telnet. The simplest case is a GET request to a path with a HOST header.As an example, let us make an http request to an AWS service which responds back with our public IP address –
daniel@hidmo:~$ telnet checkip.amazonaws.com 80
Trying 18.214.132.216...
Connected to checkip.us-east-1.prod.check-ip.aws.a2z.com.
Escape character is '^]'.
GET / HTTP/1.1
Host: checkip.amazonaws.com
HTTP/1.1 200 OK
Date: Sat, 14 Sep 2019 12:51:55 GMT
Server: lighttpd/1.4.41
Content-Length: 14
Connection: keep-alive
162.247.79.245
Connection closed by foreign host.
Notice how the server closes the connection after waiting for a few seconds, that is because the keep-alive is enabled on the server side as shown from the server response – “Connection: keep-alive“. With keep-alive we can make additional http calls with out going through the whole 3-way TCP handshake.
Disable keep-alive on client side
If for some reason, we want to close the connection on the client side immediately we can pass “Connection: Close” as part of the http header in the request.
In Linux, the find command is most commonly used to search files using different criteria such as file name, size and modified time. Did you know that you can search files using inode number as well? Here is how to do it?