Stop xmlrpc.php Attacks

Summary: how to diagnose and eliminate the xmlrpc.php WordPress exploit when it’s clobbering your web server. You’ve been running a public Ubuntu 12+ and Apache/LAMP web server for a while now. Until recently everything has worked fine, but suddenly your server is struggling to display even static pages. Sometimes content takes forever to load, and […]

Read More

SpamAssassin on Ubuntu

——————–Note: This article pertains to Ubuntu 12, and it applies to versions of Ubuntu or Debian that use init rather than systemd. To install SpamAssassin on Ubuntu 15+, see the instructions here.——————– In our previous installment, we set up a Postfix and Dovecot mail server with virtual domains and users on Ubuntu 12.04. It works […]

Read More

Ubuntu Email Server with Postfix, Dovecot, and MySQL

————— Update November 2021: Added instructions for using Dovecot and Postfix with Let’s Encrypt. Also adjusted Postfix config to block auth attempts over port 25. This setup will get you 90%+ on mail server security tests. ————— ————— Update November 2020: If you’re on Ubuntu 20.04, these instructions still mostly work as written. There is […]

Read More