Finding and blocking an abusive host from your Apache log

Finding and blocking an abusive host from your Apache log

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Read more

Convert a list of hostnames to a list of IP addresses

I had a client with a huge list of hostnames that they needed to convert to IP addresses so they could scan them. That’s common. I used to have a Windows batch file to convert a list of hostnames to a list of IP addresses, so I dug it out of my archives. This isn’t like a ping sweep; they knew the machine names but their tool needed IPs.

I used the file to resolve lists of machines so I could load them into a centralized logging or vulnerability management system. This client had the same need and nobody there had a similar tool. So I shared mine with them. And I present it here so I won’t lose it again, and if you need it, you can use it too.

Read more

How to set up and optimize an Asus RT-AC66U

Consumer routers drive security professionals like me crazy. I’m happy to say I finally found a router that doesn’t drive me nuts. I want you to buy an Asus RT-AC66U. I’m going to tell you why, and I’m going to tell you how to configure it. Here’s how to set up an Asus RT-AC66U and how to optimize an Asus RT-AC66U.

Read more

Using the DD-WRT firewall

Using the DD-WRT firewall

I get a lot of questions about the DD-WRT firewall. There’s a lot of talk out there that goes deep into theory and advanced firewall usage, but what if you just want to know how to set up your firewall to protect your network and open up a few ports?

Here’s how to set that up.

Note: If you have multiple DD-WRT boxes running as access points like I do, only the one directly plugged into the Internet needs to be configured this way. Disable the SPI firewall on your internal access points.

Read more

Reversing some WordPress malware

Reversing some WordPress malware

Aug 2016 update: Back in 2015, some kind of spam bot wormed its way into my site. I quickly cleaned it up, then decoded the attack and posted details here. Not long after, the spambot started directing traffic to this post, because it contains enough of the magic words, I guess. Only instead of serving up spam, it’s serving up my analysis. I’d rather you read this than spam, so I’ve left this page up.

On to the original post…

A few minutes ago I received an alert that some files had changed on my site (thanks to All-In-One WP Security). But I hadn’t changed anything and WordPress hadn’t updated itself.

Here’s what I found, and how I fixed it.

Read more

Minor-League hacking in the MLB

So, about a year ago, the Houston Astros announced their internal player database had been breached. This week, more details emerged, pointing right at the St. Louis Cardinals.

It wasn’t a terribly sophisticated attack. You knew I’d write about this, but I’ll explore it from an IT security perspective more than from a baseball perspective.

Read more

The way home security ought to be

Last week, the show formerly known as Pauldotcom featured the creator of Iguardian, a dead-simple Internet security device. It’s a tiny computer a little larger than a pack of gum that you can plug inline between your router and your modem for extra protection. Basically it does what most people think a router does.

If you want to know what it actually does, read on. Read more

DoSing your cubicle neighbor

My baby at work is a centralized logging tool. That means my system has to touch every other system in this large company’s large network, which is kind of cool. Not many projects deal with that many different things, and I’m seeing some things I haven’t seen since college–and never expected to see in the real world, actually.

A week or two ago, we had some trouble pulling the logs in from a highly specialized system. That happens. Unix is easy, Windows is almost as easy–yes, the world of logging is a little bit upside down–but the one-off systems that don’t fit into neat categories take a lot longer to bring into the fold.

The problem was that the user account my tool uses kept getting locked out. Read more

Have a busload of servers? Need to know what version of Windows they’re all running?

Every once in a great while, I have to answer a question like what version of Windows a range of servers is running. If the number of servers is very small, you can just connect to them with a Terminal Services client and note what comes up. But sometimes that’s impractical. Right now I’m working someplace that has 8,000 servers, more or less. I’m not going to check 8,000 servers manually. I’m just not.

Here’s a more elegant, much faster way to go about getting that information.

Read more

Linksys isn’t the only company building insecure routers

I warned a few days ago about Linksys routers being trivially easy to hack; unfortunately many other popular routers have security vulnerabilities too.

The experts cited in the article have a few recommendations, which I will repeat and elaborate on. Read more

WordPress Appliance - Powered by TurnKey Linux