Tag Archives: Audit Trail

SSH brute force connection attempts #fail

Collected these over the past few months, reverse chronological order. Seeing different machines attempting to connect hundreds of times a day each is just, wow.

Some might say that a SSH blacklist daemon might help, but it only increases the time taken for a brute force attempt, and is of no use against a botnet trying to brute force the ssh login.

There are plenty of things that can be done to lock down the ssh server, and restricting it to only publickey is by far one of the most effective, counting that the resource (the server) you’re protecting is pretty important.
Continue reading SSH brute force connection attempts #fail

Monitoring WordPress using syslog and OSSEC

This has got to be one of the unconventional (yet interesting) ideas I’ve come across.

It involves the use of a plugin (currently maintained at OSSEC) to get WordPress to send syslog events for OSSEC to parse.  It is a good idea since it is good to monitor any web applications running for anomalies, but WordPress doesn’t seem to provide any kind of audit logging.

Looking at its capabilities, the first use for this that comes to mind is to monitor sites that run WordPress with multiple user logons.  As for those with insufficient access to your web server (you’re on a shared webhost), you’re probably better off using the tips given at wpbeginner.

I won’t know yet, but perhaps I’ll have a better idea on what it is good for after I try it out.

Do YOU use OSSEC to monitor your WordPress installations?  Any comments on it?