Syndicate content

Pages with category Security

  • If you are running a webserver, you should use a webserver firewall. This prevents many attacks from being perpetrated on to your servers without the need to make your own applications more complex than necessary.

    The idea is very simple, if you have a few people who can edit your data from the Internet and those have a static IP address, you can check that the editor pages are only accessible to those IP addresses. Any other access can simply be blocked.

    [toc hidden:1]
  • Error about a local certificate?!

    The other day, I got a new certificate from godaddy.com. I installed the certificate by replacing the files and simply restarting Apache. I then checked in Sea Monkey and it worked great. Checking the certificate it told me "valid for another 3 years."

  • I work with Apache a lot. It is a really good web server that has many options and features. Unfortunately, maybe it has too many of them!

    I ran in a problem where a notification from one server to another would fail with the following error:

    [Fri Oct 11 19:43:50 2013] [error] [client 162.226.130.121] client denied by server configuration: <path to file>
    

    Looking at the error, I was first thinking that my script was generating the error. The fact is that my script does not generate error 403. It has a 400 and 500 but not 403.

    So looking at the error I thought, maybe that's an ...

  • How it works

    The at command is often used to start a process at a later time. It can run any script at a specified date and time.

    For instance, if you want the computer to send you a signal in one hour, use something like:

    cat signal | at -q z now + 60 minutes

    Assuming that the file named signal contains the commands necessary to generate the signal. Then in 60 minutes, the script will be execute and the signal will be heard or shown.

  • Since the ZmEu attack, I've been watching my logs a little closer. I also found a page that I could not read (but Google could and was kind enough to provide a cached version.) That page listed many bots that are not nice bots. So? I decided to block some of them, especially those that use very bad URLs or load many pages too quickly.

    The result is that I'm getting more and IP addresses in my firewall. Although they get removed in a schedule that I will not state here, I can tell you that each time I block tenth when not hundredth of useless hits (worst than that at times those could be

  • Who is ZmEu?

    An image showing ZmeuThe name Zmeu (no capital E) is the name of a fantastic creature of Romania. There are so many stories that there isn't a clear understanding of what it is... but it is human like, can spit fire and wants to marry young women.

    If you're wondering, it is generally a bad guy.

    ZmEu Attack

    Today, I noticed a lot of traffic on one of my servers. Looking into what was happening, I immediately found out that an attacker was looking for a loophole in that system. That attack was being performed from China.

  • Since my last upgrade, I had many small things that went awry on my computer. From tsearch2 in a Postgres database to ownership of files to the following authentication problem:

    root@mycomputer:~# su - www-data
    su: Authentication service cannot retrieve authentication info
    (Ignored)
    www-data@mycomputer:~$
    

    Note that with su it ignores the fact. With cron it was not being ignored, so I'd get no work done!

  • Today I wasted another hour or so in trying to get samba to work for one of my Windows computer so I could connect to one of my Linux computer. I knew that the installation was correct since I could log in with another computer/user that had worked for a long time. So... why would this one fail?

    Two things, for of all, I could see NOTHING happening in the logs. Really wondering why the default is to log close to nothing with such a non-secure piece of software, but that's a different question. I added the following to actually get about enough logs to understand what was happening:

    log ...
  • You can check that all the packages currently installed on a Debian system (i.e. Debian, Ubuntu, etc.) with many different tools.

    Root Kits

    I run rkhunter to verify for root kits.

    Some hackers replace a well known command such as ls or cat with a version that takes over your computer by becoming root without your consent and then hacking your system in all sorts of ways. In most cases, just the feat of installing such a tool requires the hacker to already have root access, so it generally doesn't happen, but better safe than sorry!

    File Changes

    I use tripwire to verify that ...

  • Network connections

    This morning I was attacked by a robot. I quickly noticed that my websites were slow and saw a pretty large amount of traffic on port 80: 208 connections!

    tcp        0      0 192.168.1.1:80          109.230.213.100:65413   ESTABLISHED
    tcp      441      0 192.168.1.1:80          109.230.213.100:65445   ESTABLISHED
    tcp        0      0 192.168.1.1:80          109.230.213.100:65071   TIME_WAIT 
    tcp        0      0 192.168.1.1:80          109.230.213.100:65279   TIME_WAIT 
    tcp      497      0 192.168.1.1:80          109.230.213.100:49326   ESTABLISHED
    tcp ...
Syndicate content