When a production server shows unexpected high CPU usage and unknown login activity, this guide walks Linux ops engineers through confirming intrusion, stopping the attacker, tracing the attack path, removing backdoors, restoring system integrity, and applying hardening measures to prevent future breaches.
This step‑by‑step guide shows how to install the GeoIP2 library, compile NGINX 1.18 with the ngx_http_geoip2 module, download the latest MaxMind GeoLite2 database, configure geoip2 directives, and verify that foreign IP requests are blocked with a 404 response.
This guide walks operations engineers through recognizing intrusion indicators, executing rapid detection scripts, following a structured 24‑hour response workflow, performing comprehensive digital forensics, and applying cleanup and hardening measures to secure compromised servers and prevent future attacks.
This comprehensive guide walks you through real‑world intrusion analysis and a multi‑layered hardening strategy for Linux servers, covering SSH security, Fail2Ban, firewalls, iptables, IDS, file integrity monitoring, automated alerts, emergency response, and advanced techniques to create a robust defense.
SafeLine, an open‑source web application firewall, offers zero‑configuration, multi‑scenario protection against SQL injection, XSS, malicious crawlers, and brute‑force attacks, delivering 99% interception accuracy with minimal resource usage and a simple three‑step Docker deployment for small‑to‑medium sites.
This article provides a comprehensive step‑by‑step process for detecting server compromises, collecting system, memory, and network evidence, analyzing logs, isolating the affected host, removing malicious artifacts, and hardening the environment to prevent future attacks.
This comprehensive guide walks you through real‑world intrusion case analysis, multi‑layer defense strategies—including SSH hardening, Fail2Ban, firewall rules, IDS deployment, file integrity monitoring, advanced techniques like port knocking and honeypots—and incident response procedures, providing concrete commands and scripts to secure a Linux server from end to end.
This comprehensive guide walks you through real‑world intrusion analysis, multi‑layer SSH hardening, Fail2Ban, firewall and iptables rules, intrusion detection with OSSEC, automated monitoring scripts, advanced techniques like port knocking and honeypots, and a complete incident‑response playbook to secure any Linux server.
This comprehensive guide walks you through a real intrusion case, then presents a multi‑layer defense strategy—including SSH hardening, Fail2Ban, firewall rules, IDS, file integrity monitoring, advanced techniques like port knocking and honeypots, plus monitoring, alerting, and emergency response—to dramatically improve Linux server security.
This guide explains how to configure Nginx access control using allow/deny directives, external whitelist files, the ngx_http_geo_module for IP range rules, and the ngx_http_geoip_module for country and city based restrictions, including installation steps and example configurations.
This article details a real‑world Linux server breach, describing the symptoms, investigative commands, log analysis, malicious script removal, file attribute unlocking, and practical remediation steps, while highlighting key lessons and preventive measures for future security.
This article walks through a real-world intrusion on an Alibaba Cloud CentOS server, detailing how a disguised gpg-agentd process was used to install backdoors, hijack SSH keys, exploit Redis, and launch mass scanning, and provides concrete hardening recommendations to prevent similar attacks.
This guide explains step‑by‑step how to modify source files and configuration settings in Nginx, Apache, and Tomcat to replace version strings with custom placeholders, then recompile or repack the binaries, effectively hiding server version details from clients.
This guide explains step‑by‑step how to install the GeoIP2 library, compile Nginx with the ngx_http_geoip2 module, download the MaxMind GeoLite2 database, configure Nginx to map country codes, and block non‑Chinese visitors by returning a 404 response.
This article reviews several leading cross‑platform antivirus products—Avast, ESET NOD32, F‑PROT, ClamAV, Comodo, and Sophos—highlighting their features, Linux compatibility, and considerations for securing servers while noting that proper security practices may reduce the need for constant antivirus deployment.
This article details a real‑world Linux server intrusion, describing the observed symptoms, the forensic investigation using commands like ps, top, last, and grep, the removal of malicious cron jobs and backdoors, and the lessons learned for securing SSH, file attributes, and cloud security groups.
This guide walks you through practical Linux server hardening techniques—including SSH configuration tweaks, disabling ICMP ping responses, managing system users and groups, protecting critical account files, and safely granting root privileges—so you can reduce attack surface and improve overall security.
This guide walks you through practical Linux server hardening techniques—including SSH configuration changes, disabling ping responses, managing users and groups, and safely granting root privileges—to significantly reduce the risk of unauthorized access.
This guide walks through practical steps to secure a Linux server, including modifying SSH settings, disabling ping responses, managing users and groups, protecting critical account files, creating new users, and configuring sudo or UID changes to control root access.
This guide walks you through practical Linux server hardening techniques—including SSH configuration, disabling ping replies, user and group management, sudoers tweaks, and granting root privileges—to significantly reduce the risk of unauthorized access.
This guide walks you through practical steps to secure a newly purchased Linux server, covering SSH configuration changes, disabling ping responses, thorough user and group management, creating new accounts, and three reliable methods to grant root privileges safely.
Learn practical steps to harden a Linux server—including changing the SSH port, disabling root login, blocking ping, managing users and groups, securing critical system files, and configuring sudo—so you can protect your machine from common attacks and unauthorized access.
A detailed walkthrough of a recent Linux server breach shows how attackers hijacked system utilities, inserted hidden scripts, and leveraged LD_PRELOAD, while the remediation steps cover log analysis, SSH hardening, file attribute restoration, cron cleanup, and key lessons for future hardening.
This article details a recent server intrusion case, describing the observed symptoms, possible causes, step‑by‑step forensic investigation using commands like ps, top, grep and crontab, and comprehensive remediation actions such as tightening SSH security, unlocking and restoring system binaries, removing malicious scripts, and key lessons for future protection.
This step‑by‑step guide shows how to install the GeoIP2 library, upgrade Nginx, compile the ngx_http_geoip2 module, download the MaxMind GeoLite2 database, configure nginx.conf to detect non‑Chinese IPs, and return a 404 response to block foreign visitors.
This article documents a real‑world Linux server compromise, detailing the observed symptoms, forensic commands, malicious scripts, file‑locking tricks, and a step‑by‑step remediation process including SSH hardening, cron cleanup, chattr usage, and preventive security recommendations.
This article details a real‑world Linux server compromise, describing the symptoms, possible causes, investigative commands, hidden malicious scripts, file attribute locks, and practical remediation steps to restore the system and improve future security.
Facing constant port scans and malicious login attempts on a public server, the author outlines a self‑developed IP filtering solution that automatically adds trusted IPs to a whitelist, featuring multi‑process support, concurrency, daemon mode, a web management panel, traffic statistics, and interception logging.
This guide explains how to install the ngx_http_geoip2 module, upgrade Nginx, download the MaxMind GeoIP2 database, configure geoip2 directives and map rules, and finally block non‑Chinese IP addresses by returning a 404 response.
This article chronicles the discovery of a server breach used for cryptocurrency mining, detailing the malicious code, forensic analysis of the trojan's actions and artifacts, and the step‑by‑step remediation measures taken to secure the system.
This article chronicles the discovery of a server breach used for cryptocurrency mining, analyzes the malicious Python payload and its system modifications, and provides concrete remediation steps such as system reinstall, non‑root deployment, firewall hardening, and Nginx authentication.
Learn to protect your server from malicious crawlers by creating a dynamic IP blacklist using Nginx, Lua, and Redis, covering architecture choices, installation steps, configuration snippets, and how to share and update the blacklist across multiple machines.
This guide explains how to build a dynamic IP blacklist using Nginx, Lua scripts, and Redis to block malicious or unwanted requests at the server level, covering architecture choices, installation steps, configuration details, and the benefits of a lightweight, shared, and easily updatable solution.
This article outlines the key features of Windows Server 2022 LTSC—including enhanced security with TPM 2.0 and VBS, default HTTPS/TLS 1.3, SMB AES‑256 encryption, network stack improvements, Hyper‑V virtualization upgrades, and the switch to Chromium Edge as the default browser—while noting Microsoft’s new multi‑year support model.
This guide explains how to install the ngx_http_geoip2 module, upgrade Nginx, configure GeoIP2 databases, and modify the Nginx configuration to block requests from foreign IP addresses, providing step‑by‑step commands and example code for a Linux server.
This guide outlines twelve practical steps—including keeping Nginx up‑to‑date, removing unused modules, disabling version disclosure, blocking malicious user agents, limiting HTTP methods, setting buffer limits, and configuring TLS—to harden Nginx servers against common attacks.
This guide walks you through practical steps to secure a Linux server, covering SSH configuration changes, disabling ping replies, managing users and groups, protecting critical files, creating new accounts, and safely granting root privileges.
After my small 1‑CPU, 2 GB server was compromised by a crypto‑mining virus that hijacked SSH access, I used VNC to investigate, identified malicious processes, traced infected files, removed cron jobs, restored system utilities, repaired SELinux, and closed the Redis vulnerability to fully recover the machine.
A production server running Tomcat, MySQL, MongoDB and ActiveMQ was taken down by a malicious cron job that executed a cryptomining script, and the article walks through the investigation, removal, and hardening steps to fully recover and secure the system.
This guide walks you through essential steps to secure a Linux server, including regular system updates, automatic security patches, creating restricted user accounts, hardening SSH with key authentication and daemon options, deploying Fail2Ban, removing unused services, and configuring firewalls for robust protection.
This guide explains how to secure Linux servers against common attacks by configuring SELinux, iptables, SSH public‑key authentication, and immutable file attributes, while also showing real‑world scan results and practical hardening steps.
This guide walks through comprehensive Linux server hardening techniques, covering user account management, service minimization, file permission tightening, virtual memory tuning, log handling, and firewall configuration with iptables and ipchains, providing step‑by‑step commands and screenshots to enhance system security and stability.
When a production server is compromised, abrupt actions like pulling the plug can disrupt services, so this guide outlines an eight‑stage, evidence‑driven response process—including verification, on‑site preservation, containment, impact assessment, online analysis, backup, deep forensics, and reporting—plus real‑world case studies and concrete command examples.
This guide explains how to identify a compromised Linux server caused by hidden cryptocurrency mining malware, kill the malicious processes, clean infected files, and harden the system by reviewing scheduled tasks, startup scripts, user accounts, and SSH configurations.
This step‑by‑step guide shows how to harden a freshly installed Ubuntu 12.04 LTS server by creating a non‑root user, disabling root SSH access, configuring SSH keys, applying system updates, setting up iptables firewall rules, and installing Fail2Ban to automatically block malicious login attempts.
A Linux admin recounts responding to a bandwidth‑saturation incident, discovering a suspicious sbin process hidden in /var/cache, using ifconfig, top, and netstat to reveal PPTP connections, and outlining the steps taken to identify and remove the malicious scripts.
This article details a real‑world Linux server intrusion, showing how a rootkit exploited an Awstats script vulnerability, the forensic steps to identify malicious processes, hidden files, and compromised accounts, and the recommended remediation actions to restore a secure environment.
This guide outlines practical Linux server hardening steps—including disabling root SSH login, changing the default SSH port, using SCP over FTP, installing denyhosts, managing file permissions, employing dedicated service accounts, and safely obtaining tools like PuTTY—to significantly improve system security.
