psad is great:
http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/
Dienstag, 15. November 2011
Hide Apache version from HEAD response
put
source: http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html
ServerTokens ProductOnlyat the bottom of you apache2.conf and restart
ServerSignature Off
source: http://www.debianadmin.com/apache-tipshide-apache-information-php-software-version.html
Sonntag, 13. November 2011
Spammer / Exploit-Scanner.. Secure your Apache..
Tired of Lines like that in your server-logs?
[Sun Nov 13 15:21:25 2011] [error] [client 174.133.29.34] File does not exist: /var/www/Comments
[Sun Nov 13 15:22:31 2011] [error] [client 174.133.29.34] File does not exist: /var/www/u20944
[Sun Nov 13 15:23:06 2011] [error] [client 174.133.29.34] File does not exist: /var/www/aarticle
[Sun Nov 13 15:23:20 2011] [error] [client 174.133.29.34] File does not exist: /var/www/remaxmi
[Sun Nov 13 15:23:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/author
[Sun Nov 13 15:23:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/category
[Sun Nov 13 15:23:51 2011] [error] [client 174.133.29.34] File does not exist: /var/www/gc
[Sun Nov 13 15:26:44 2011] [error] [client 174.133.29.34] File does not exist: /var/www/medicine
[Sun Nov 13 15:28:00 2011] [error] [client 174.133.29.34] File does not exist: /var/www/tag
Then install fail2ban
ensure you have /etc/fail2ban/filter.d/apache-nohome.conf
open /etc/fail2ban/jail.conf
insert
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 5
because the regexp wont match, you need to edit /etc/fail2ban/filter.d/apache-nohome.conf
and change the wrong regexp: failregex = [[]client <HOST>[]] File does not exist: .*/~.*
to this correct one:
failregex = [[]client (?P<host>\S*)[]] File does not exist:
then restart fail2ban
/etc/init.d/fail2ban restart
ensure the apache jail is running..:
fail2ban-client status
and watch the bastards getting banned:
cat /var/log/fail2ban.log
fail2ban-client status apache-nohome
source of correct regexp:
Rails / Passenger / Apache / proxy_http
If you are using proxy_http to serve some Rails applications,
be sure you dont have ProxyRequests On
and you're restricting the access to localhost
be sure you dont have ProxyRequests On
and you're restricting the access to localhost
<Proxy *>
AddDefaultCharset off
Order deny,allow
Allow from 127.0.0.1
</Proxy>
If you leave ProxyRequests On,
your box will be hijacked by spammers very quickly.
You can test if your server is running as "spammer-friendly" proxy,
connect to your server with telnet and fire GET request.
telnet yourserver.com 80If your server delivers google.com, you did it wrong and your server is an public Proxy and heaven for spammer. If your server responds with your own site, everything is fine.
GET http://www.google.com
Mittwoch, 20. Juli 2011
kill all pids of programm
for i in $(ps -ef | grep tinyproxy | cut -d' ' -f5); do $(kill $i); donewill kill all pids of tinyproxy
Montag, 18. Juli 2011
Samstag, 11. Juni 2011
Freitag, 10. Juni 2011
bash history-search-backward
recht praktisch..
zur ~/.bashrc hinzufügen:
bind '"\e[A"':history-search-backward bind '"\e[B"':history-search-forward
Sonntag, 29. Mai 2011
Samstag, 28. Mai 2011
adding jdk /etc/profiles or ~/.bashrc
export JAVA_HOME=/opt/jdk/jdk1.6.0_25
export PATH=$JAVA_HOME/bin:$PATH
export PATH=$JAVA_HOME/bin:$PATH
Mittwoch, 25. Mai 2011
Freitag, 25. Februar 2011
Donnerstag, 24. Februar 2011
convert ogv to avi
mencoder foo.ogv -o foo.avi -oac mp3lame -lameopts fast:preset=standard -ovc lavc -lavcopts vcodec=mpeg4:vbitrate=4000
Sonntag, 20. Februar 2011
export firefox cookies from sqlite to textfile
sqlite3 -separator ' ' cookies.sqlite 'select * from moz_cookies' > cookies.txt
Abonnieren
Posts (Atom)