Skip to main content

Protect CentOS from unwanted SSH failed login attempts with Fail2Ban

SSH is most likely the most secure way to remotely connect to a LINUX-based server machine. However, the fact that the SSH daemon service needs to be reached from the Internet and is usually configured to listen to a well-known TCP port has always been a major security flaw: it allows attackers to relentlessly spam it with a huge number login attempts, hoping to find a hole in your UAC setup.

To better understand what we’re talking about, let’s take a look at the following screenshot:

These 150 failed login attempts have been attempted on one of our CentOS7 servers in a fifteen-minute range: we’re easily talking about thousands of them every single day, which would eventually break any non-strong password, other than flooding our beloved port 22.

It would be a good thing if we could do something about this nasty problem, for example issuing some throttling rules that could force these login attempts to respect a time limit each time they issue a wrong password. Luckily enough, there’s an handy service that does just that.

Read More

PHP – How to fix the “Warning: preg_replace(): The /e modifier is no longer supported” error in PHP7

Here’s one of the most common issues when upgrading from PHP5.x to PHP7:

Warning: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead

Despite being a well-documented issue in PHP manual (deprecated since v5.5 and then unsupported since v7.0.0), the above warning is easily one of the most annoying backward-incompatible changes a developer could face when performing the upgrade: adopting the suggested fix – reimplement the code using the newer and more robust preg_replace_callback function – is not always easy, because the preg_replace usage together with the /e modifier was quite commong among PHP-based scripts, apps and interfaces until few years ago.

In the following post we’re sharing three methods we can use to work around the problem: feel free to pick the one that is most suited for your specific scenario.

Read More

How to fix the “No rules defined for… in the context of InstantArticle” errors in Facebook Instant Articles WordPress Plugin

If you stumbled upon this post, you most likely know what Facebook Istant Articles are and how to properly implement them in your WordPress blog. In the unlikely case you don’t, we strongly suggest to visit this page first, read the informative stuff, follow the Sign up link to enable the feature on your Facebook page, then install this WP plugin and configure it.

If you already did this and you ended up here, chances are that you’re facing a warning similar to the following one:

This post will not be submitted to Instant Articles because the transformation raised some warnings.

This post was transformed into an Instant Article with some warnings:

No rules defined for <div class=”shareaholic-canvas”> in the context of InstantArticle

The warning gets raised near the bottom of the Edit Post page within the WP-Admin interface, just like the screenshot below:

Read More

PasswordCheck – A small C# class to calculate password strength and implement custom password policies in ASP.NET

If you’re looking for a decent password strength control implementation for ASP.NET C# you could find this class I made a while ago useful enough. After all these years I’m still using it in a number of projects, from the good-old ASP.NET ASPX Forms to the new ASP.NET Core MVC applications.

The class can be used to perform basically all the required checks in a very customizable way: minimum length, maximum length, digit/numbers, special characters and so on. It features a PasswordStrength enum (and a GetPasswordStrength method) which you can use to calculate the average strength of any given password: it can be handy for general-purpose scenarios, when you don’t have to implement a given password policy. In case you have to do that, you can use the helper methods instead and combine them to suit your needs as shown in the sample implementation provided within the IsStrongPassword method – which is the one I’m still using in most cases.

The methods are quite self-explanatory, so there isn’t much more to say: if you like the class, feel free to leave a feedback in the comment section below!

Read More