Aina za wadukuzi na motive zao
Mbinu wanazotumia (TTPs)
Dalili za kushambuliwa (Indicators of Compromise)
Tools na code za kuzuia mashambulizi (PHP scripts, log analysis, fail2ban, iptables)
Njia za kujilinda na kufuatilia website yako
Sehemu 1 — Aina za Wadukuzi na Motive
Script kiddies: wanatumia zana zilizotengenezwa, motive: entertainment/experiment.
Cybercriminals: motive: pesa, phishing, ransomware.
Hacktivists: motive: siasa/maadili.
Insiders: watu wa ndani, motive: uchunguzi au hasira.
State-sponsored: motive: espionage, data theft.
Kuelewa motive kunasaidia kupanga defenses bora zaidi.
Sehemu 2 — Mbinu Wanazotumia (TTPs)
Reconnaissance: scanning (nmap), directory discovery
Credential attacks: brute force, credential stuffing
Exploitation: SQLi, XSS, insecure file upload
Post-exploitation: lateral movement, persistence, data exfiltration
Covering tracks: proxies, VPN, log tampering
Sehemu 3 — Dalili za Kushambuliwa
Spike ya failed login attempts
IP zisizo za kawaida zinapiga requests nyingi
Files zinabadilika bila deploy
CPU/network spikes zisizo za kawaida
Files mpya zenye extensions hatari (.php kwenye uploads)
Sehemu 4 — Practical Defensive Code / Commands
A) Python script: detect suspicious IPs (failed login attempts)
#!/usr/bin/env python3
import re, sys
from collections import defaultdict
logfile = sys.argv[1]
threshold = int(sys.argv[2]) if len(sys.argv) > 2 else 30
ip_counts = defaultdict(int)
pattern = re.compile(r'(?P<ip>\d+\.\d+\.\d+\.\d+) - - .*" .*" (?P<status>\d{3})')
with open(logfile) as f:
for line in f:
m = pattern.search(line)
if m:
status = int(m.group('status'))
ip = m.group('ip')
if status in (401,403):
ip_counts[ip] += 1
bad_ips = {ip:c for ip,c in ip_counts.items() if c>=threshold}
for ip,c in bad_ips.items():
print(f"{ip} -> {c} failed attempts")
print(f"iptables -I INPUT -s {ip} -j DROP")
Usage:
python3 detect_bad_ips.py /var/log/nginx/access.log 50
B) PHP Rate Limiter for Login Attempts
<?php
session_start();
$ip = $_SERVER['REMOTE_ADDR'];
$limit = 5; $blockTime = 3600;
$storage = __DIR__.'/tmp/login_attempts.json';
$data = file_exists($storage) ? json_decode(file_get_contents($storage), true) : [];
$now = time();
foreach ($data as $k=>$v) {
if(isset($v['blocked_until']) && $v['blocked_until'] <= $now) unset($data[$k]);
}
$entry = $data[$ip] ?? ['count'=>0,'first'=>$now];
if(isset($entry['blocked_until']) && $entry['blocked_until']>$now) die('Too many attempts');
function record_failed($ip){
global $data, $storage, $limit, $blockTime, $now;
$entry = $data[$ip] ?? ['count'=>0,'first'=>$now];
$entry['count'] = ($entry['count']??0)+1;
if($entry['count']>$limit) $entry['blocked_until']=$now+$blockTime;
$data[$ip]=$entry;
file_put_contents($storage,json_encode($data));
}
?>
C) Bash: block IP manually
sudo iptables -I INPUT -s 203.0.113.45 -j DROP
sudo apt install iptables-persistent
sudo netfilter-persistent save
D) fail2ban Sample Jail
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables[name=NGINX-AUTH, port=http, protocol=tcp]
logpath = /var/log/nginx/error.log
maxretry = 5
bantime = 3600
Sehemu 5 — Best Practices / Tips
Monitor access logs na failed attempts daily
Block suspicious IPs automatically (iptables/fail2ban)
Enforce strong passwords & 2FA
Keep software up-to-date
Scan uploaded files for malware
Keep backups & incident response plan ready
Sehemu 6 — Useful Links
WhatsApp Contact: https://wa.me/0693118509
YouTube Video Tutorial:
Website / Services: https://www.faulink.com
Share WhatsApp example:
https://wa.me/255693118509?text=Naomba%20msaada%20wa%20website%20security%20(Understanding Attackers)
Sehemu 7 — Call-to-Action
Kujua mbinu za wadukuzi ni hatua ya kwanza. Ikiwa unataka audit, defensive scripts, au kuimarisha security ya website yako, tuma ujumbe sasa:
WhatsApp: https://wa.me/255693118509
Website: https://www.faulink.com
Video Tutorial: