Category: "LAMP"

Ibexa 4.6 on Rocky 9 - PHP packages

Apologies for the short post. I had trouble with GD - the issue was that I had php-gd instead of php82-gd


Error messages:

[2024-07-13T20:46:04.111489+00:00] request.CRITICAL: Uncaught PHP Exception Symfony\Component\Validator\Exception\LogicException: "Corrupted images detection requires installed and enabled GD extension."
[2024-07-13T21:54:31.829868+00:00] request.CRITICAL: Gd driver not installed {"exception":"[object] (Imagine\\Exception\\NotSupportedException(code: 0): Gd driver not installed

Rocky Linux 9 - wkhtmltopdf

I kept getting a divide by zero error (Signal 8) with wkhtmltopdf under Rocky Linux

RPM in use: wkhtmltox- (credit to:

This was running under Ibexa, with Symfony.

I stripped it down to test with the output of the application on the command line and isolated the issue to a <link> tag for Bootstrap 4.3 by commenting out tags until I found which one was causing the issue.

I don't care what the issue was - upgrading Bootstrap to 4.6 worked

I hope this helps someone - it was frustrating.


Who is trying to log into my SSH?

Who is trying to log into my SSH?

grep -i 'from invalid user' secure | sed "s/.* invalid user \([^ ]\+ [^ ]\+\) port .*/\1/i" | cut -f1 -d' ' | sort -u

and where are they coming from?

grep -i 'from invalid user' secure | sed "s/.* invalid user \([^ ]\+ [^ ]\+\) port .*/\1/i" | cut -f2 -d' ' | sort -u

CentOS 7 - Fail2Ban with Apache ModSecurity

One of the tools I am using to secure a server is Fail2ban. It was working well for SSH and I wanted to extend it to provide more protection for Apache.

I installed it and enabled it.


enabled = true
backend = auto
port = http,https
filter = apache-modsecurity
logpath = %(apache_error_log)s
bantime = 19200
maxretry = 2
findtime = 3600
ignoreip =


# Fail2Ban apache-modsec filter


# Read common prefixes. If any customizations available -- read them from
# apache-common.local
before = apache-common.conf

failregex = ^%(_apache_error_client)s(?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*\]\s*)*Access denied with code [45]\d\d (?:.*)$
ignoreregex =

# Author: Daniel Black
# Sergey G. Brester aka sebres (review, optimization)

Helpful commands

  • firewall-cmd --permanent --zone=public --add-service=http - allow HTTP through (add https as well)
  • fail2ban-client reload apache-modsecurity - reload the Apache ModSecurity configuration
  • fail2ban-client status apache-modsecurity - check the status of Apache ModSecurity configuration
  • fail2ban-client get apache-modsecurity failregex - get the regex which will cause fail2ban to ban entries (if maxretries)
  • fail2ban-regex /var/log/httpd/error_log '^\[\]\s\[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (?:\[?(?:(?:::f{4,6}:)?(?P(?:\d{1,3}\.){3}\d{1,3})|(?P(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):)))\]?|(?P[\w\-.^_]*\w))(:\d{1,5})?\](?: \[client [\d\.:]+\])? ModSecurity:\s+(?:\[(?:\w+ \"[^\"]*\"|[^\]]*)\]\s*)*Access denied with code [45]\d\d (?:.*)$' - check the regex
  • h-rules | grep http - list the current http (and https) - there's probably a better way to do this

Find the PHP session files that are older than 24 minutes

sudo find /var/lib/php/session -mmin +24 -type f -exec ls -l {} \;

Yes, that's the whole post