Finding and blocking an abusive host from your Apache log

Finding and blocking an abusive host from your Apache log

My web site slowed to a crawl last night, my CPU usage soared to 100%, and my built-in security measures weren’t helping. I ended up having to do some old-school Linux sysadmin work to stop them.

I haven’t been an everyday sysadmin since 2009. But every once in a while I can still come off the bench and do this stuff.

Read more

Reliable power supply brands

Reliable power supply brands

If you’ve built a few PCs, or repaired a few PCs, you have some idea how important the power supply is. If you buy any old tin box that fits, you can probably expect to run into some problems. Here’s some advice on buying power supplies, including reliable power supply brands.

Read more

Using the DD-WRT firewall

Using the DD-WRT firewall

I get a lot of questions about the DD-WRT firewall. There’s a lot of talk out there that goes deep into theory and advanced firewall usage, but what if you just want to know how to set up your firewall to protect your network and open up a few ports?

Here’s how to set that up.

Note: If you have multiple DD-WRT boxes running as access points like I do, only the one directly plugged into the Internet needs to be configured this way. Disable the SPI firewall on your internal access points.

Read more

What is vltov1?

On the afternoon of July 5, 2016, a mysterious directory called vltov1 appeared in the filesystem of my web server. A few files on my site changed, and soon my blog crashed, due to changes I’d made in the database structure.

Something connected to this vltov1 was trying to hack my site further, but had made some assumptions based on me running WordPress that happened to be wrong.

Read more

I got hacked. I did it to teach you a lesson, and I’m sure you believe it.

The other day, this showed up in my e-mail:

A file change was detected on your system for site URL https://dfarq.homeip.net. Scan was generated on Tuesday, November 3rd, 2015 at 5:25 am

A summary of the scan results is shown below:

The following files were removed from your host:

/var/www/wordpress/wp-content/cache/supercache/dfarq.homeip.net/wordpress/index.html (modified on: 2015-11-03 03:23:52)
======================================

The following files were changed on your host:

/var/www/wp-content/themes/twentyfourteen/functions.php (modified on: 2015-08-19 22:24:04)
/var/www/wp-content/themes/twentyfourteen/header.php (modified on: 2015-08-19 22:24:04)
======================================

Login to your site to view the scan details.

I didn’t make those changes. Fortunately fixing it when changes appear in functions.php and header.php that you didn’t make is pretty easy.

Read more

All-in-One WP Security and Firewall plugin can be spectacular, but be careful

Over the weekend I installed the All-in-One WP Security and Firewall plugin to fix another issue–more on that tomorrow–and I ended up breaking my site. Hopefully I fixed it to a better state than it started in.

The lesson, as with many security tools, is to proceed with caution.

Read more

How to use the lock in your web browser’s location bar

How to use the lock in your web browser’s location bar

A commenter asked me last week if I really believe the lock in a web browser means something.

I’ve configured and tested and reviewed hundreds of web servers over the years, so I certainly hope it does. I spend a lot more time looking at these connections from the server side, but it means I understand what I’m seeing when I look at it from the web browser too.

So here’s how to use it to verify your web connections are secure, if you want to go beyond the lock-good, broken-lock-bad mantra.

Read more

Port 2381: What it is and how to manage it

I was doing some scanning with a new vulnerability scanner at work. It found something listening on a lot of servers, described only as Apache and OpenSSL listening on TCP port 2381. The versions varied.

Luckily I also had Qualys at my disposal, and scanning with Qualys solved the mystery for me quickly. It turned out to be the HP System Management Homepage, a remote administration/diagnostic tool that, as the title says, lets you manage HP server hardware. It runs on Windows, Linux, and HP-UX. Read more

CMD.EXE and its shellshock-like qualities

“So did you know there’s a Windows version of Shellshock?” a coworker asked the other day.

“What, Cygwin’s bash?” I asked.

“No, in CMD.EXE.”

I thought for a second, back to some really nasty batch files I’ve seen that do goofy stuff with variables and parenthesis and other reserved characters. Suddenly it made sense. Those cryptic batch files are exploiting the command interpreter to do things that shouldn’t be done. Then I smiled.

Read more

Macs aren’t the only computers that last forever

In the midst of Microsoft reminding everyone that Windows XP’s doomsday is less than a month away, Apple quietly announced that Mac OS 10.6’s doomsday was sometime last year, and no more security updates would be forthcoming for Snow Leopard.

That led to this piece about why anyone would still want to run Snow Leopard. Well, there are reasons for it–and for that matter, there are reasons why they would want/need to step back to 10.5 (Leopard). I don’t disagree with that part at all, but I do disagree with the point at the end, where he says that if you want a computer that lasts a long time, you have to buy a Mac.

Let me remind you that Microsoft is sending out reminders to people that it’s time to migrate off an operating system that hasn’t been generally available on new consumer PCs since 2007. Read more

WordPress Appliance - Powered by TurnKey Linux