Secure your Linux server with these tools

As much for you as for myself, here is a list of tools you might want to have in mind :


Software you can install to avoid issues

ClamAv (Antivirus)

chkrootkit (Check for Root kits)

Maldet or LMD (Linux Malware Detection)

Ispprotect (commercial 90$ a year)


Commands you can run to check for issues

netstat –an

Displays the network connections and generic statistics


ps –ef

Lists every currently running process


top n 1 b

Displays running processes, their owners, how much memory each process is using, and how long the processes have been running. It also includes system information, such as uptime, number of users, memory usage, and the number of active tasks.



Outputs all kernel messages currently in the ring buffer



Prints information on all current logged in users



Lists all users who logged in or out since a file was created. By default, the file is /var/log/wtmp



Lists information about open files and can indicate which process is used it








CCC – stuff to watch

Making Experts Makers and Makers Experts


Gamified Control?

China’s Social Credit Systems


Demystifying Network Cards

Things you always wanted to know about NIC drivers


Everything you want to know about x86 microcode, but might have been afraid to ask

An introduction into reverse-engineering x86 microcode and writing it yourself


Protecting Your Privacy at the Border

Traveling with Digital Devices in the Golden Age of Surveillance







Decrypting French encryption law


Financial surveillance

Exposing the global banking watchlist



Lets break modern binary code obfuscation

A semantics based approach



Opening Closed Systems with GlitchKit

‘Liberating’ Firmware from Closed Devices with Open Source Hardware



How Alice and Bob meet if they don’t like onions

Survey of Network Anonymisation Techniques



Catch me if you can: Internet Activism in Saudi Arabia



We should share our secrets

Shamir secret sharing: How it works and how to implement it



Regulating Autonomous Weapons

The time travelling android isn’t even our biggest problem



Italy’s surveillance toolbox

Research on Monitoring Italian Government Surveillance Capabilities by means of Transparency tools



History and implications of DRM

From tractors to Web standards



Infosec privacy for a Sunday watch list (tor / bitcoins)

Research notes / Watchlist for later review on infosec and privacy and anonymity – note that these two are different.


#Tor Developer Isis Lovecruft lectures on anonymity systems at Radboud Universiteit


#Browsing with Tor: Online Anonymity to Outsmart the NSA – Tom Lowenthal


#DEFCON 14: How to Create an Anonymous Identity


#DEFCON 20: Can You Track Me Now?

Government And Corporate Surveillance Of Mobile Geo-Location Data




Lecture 6 — Bitcoin and Anonymity




Bitcoin Q&A: Anonymity and confidential transactions



Server security scan #manpage

chkrootkit – Linux rootkit scanner

What it does : Find rootkits
Where to find it : in your distribution – or on

# install whatever way you want
apt-get install chkrootkit
# That's about all you need.

Malware protection

Option 1: ISPProtect – 90 euro / year but worth it.
Where to find it :

Step #1: Get a licence

Step #2: Download and install and run

#/tmp is what's indicated on ISPProtect site as first instruction
#Obviously you won't leave it here forever :)
cd /tmp
tar xzf ispp_scan.tar.gz
#and you're nearly done.

Then indicate your key number or trial if you want a trial version.
Indicate /var/www to start the scan on the web installs.

It will then generate reports as follow:

After the scan is completed, you will find the results also in the following files:
Malware => /usr/local/ispprotect/found_malware_20170228201238.txt
Wordpress => /usr/local/ispprotect/software_wordpress_20170228201238.txt
Joomla => /usr/local/ispprotect/software_joomla_20170228201238.txt
Drupal => /usr/local/ispprotect/software_drupal_20170228201238.txt
Mediawiki => /usr/local/ispprotect/software_mediawiki_20170228201238.txt
Contao => /usr/local/ispprotect/software_contao_20170228201238.txt
Magentocommerce => /usr/local/ispprotect/software_magentocommerce_20170228201238.txt
Woltlab Burning Board => /usr/local/ispprotect/software_woltlab_burning_board_20170228201238.txt
Cms Made Simple => /usr/local/ispprotect/software_cms_made_simple_20170228201238.txt
Phpmyadmin => /usr/local/ispprotect/software_phpmyadmin_20170228201238.txt
Typo3 => /usr/local/ispprotect/software_typo3_20170228201238.txt
Roundcube => /usr/local/ispprotect/software_roundcube_20170228201238.txt
Shopware => /usr/local/ispprotect/software_shopware_20170228201238.txt
Mysqldumper => /usr/local/ispprotect/software_mysqldumper_20170228201238.txt
Starting scan level 1 ...

Step #3: The cron job

0 * * * * root	/usr/local/ispprotect/ispp_scan --update && /usr/local/ispprotect/ispp_scan --path=/var/www --email-results=EMAIL --non-interactive --scan-key=KEY
#crontab -e to get there

Option 2: Maldet – free which you can find at this place

tar -xvf maldetect-current.tar.gz
cd maldetect-1.4.2/
vi /usr/local/maldetect/conf.maldet
#then you have to run more config stuff - go check the doc.

3 Myths about WordPress

Here are three myths about WordPress that really annoy the sh*t out of me because they are just so outrageously outdated and so misinformed that it 100% piss me off to still hear such BS said in meetings – especially when it comes from the IT guy in a company.

However, I know it is counter-productive to shout at people for things they do not know, especially when they act out of lack of knowledge and are just repeating what some other uninformed person told them – so I thought it would be better for me to write about it and email it calmly to people (while pressing that “Send” button with rage…)

#1 WordPress is just a blog

Right, until 2004 WordPress used to be a blog only platform – They have introduce pages in 2005 more than 10 years ago.


Breaking news: Technology is evolving.

Like your phone used to be attached to a wall with a cable and you could barely hear the sound properly when doing oversee call, today you can watch videos on it and literally switch on the air conditioning with it.


This is called progress… Deal with it.

#2 Wordpress does not work with high traffic

(Variant : WordPress does not work with more than XXXX users.)

Nope Nope Nope.

I don’t even know how not to curse on this one, but let’s try to keep cool and explain:

WordPress like any other piece of software on the web is running on a piece of hardware, commonly called a server – usually provided by a hosting company.

Server room

A server room – natural habitat of sysadmins

This server has a certain capacity – defined by its processor and its RAM and its configuration – the more horsepower you put into the thing, the more you can handle traffic/users/hits/etc.

End of story.

Today you will find more and more WordPress websites running with 10 millions hits per month.


Brands working with WordPress include major high-traffic websites like :

  • TED
  • Techcrunch
  • Time magazine
  • CNN espagnol
  • NewYork post
  • USA Today
  • Quartz
  • etc.

You can go and check by yourself the list of VIP sites that are using WordPress here.

Actually, the biggest is probably running a version of WordPress multi-site, with close to 6 millions blogs, and it’s working pretty damn fast.

If your WordPress site doesn’t work fast enough – then what you need a decent server and a sysadmin who knows what he is doing.

#3 – WordPress isn’t secured



Riiiiight… Compared to … what?

See, security is one of these things everyone like to talk about as if they knew anything about it.

WordPress, just like anything in the digital world, has security flaws which are fixed regularly since it benefits from a massive community providing feedback and regular checks and code updates.

Security flaws are a thing since the internet is around, and they are still a thing – and this include other CMS like Drupal, Joomla and others, as well as very secured systems like Unix and Linux and unsurprisingly Windows OS…

I mean, come on ! Yahoo and LinkedIn (just to name these two) were hacked not so long ago… And no, they did not use WordPress.

Security online is like security on the road : there is not such thing as 100% security and car accidents can always happen – so you need to be careful and monitor the road, but it really help to use a recent car that is properly well taken care of.

That’s why proper configuration and implementation of security best practice is what will make your site secure, not your CMS.

It is like saying which car is more secured – BMW or Volkswagen – it makes no sense. It is how you drive and the traffic you will be into much more than the brand of your car.


A CMS job is to help you manage your content online – and WordPress is doing a great job at it.

For everything else, you will need to use the proper tools to get it. Performance and security require to deploy the know-how to keep your stuff safe and fast, and it can be achieved on WordPress or any other piece of software out there.

So next time you hear these things said in a meeting, please forward them this article.