Tags

android (7) anonymity (9) ant (10) apache (60) apple (9) atv (18) australia (8) bernardet (7) bombardier (7) book (7) browser (11) business (8) caliber30 (61) canon (9) captcha (8) cedricwalter (7) checklist (9) chrome (6) collection (8) comcontent (7) continuousbuild (28) design (13) designpattern (23) desktop (8) development (31) DIY (9) draganflyer5 (9) dslr (14) eclipse (30) ek4 (8) electronic (18) enfrancais (66) event (8) figures (14) firefox (20) firmware (8) flash (9) flickr (6) framework (12) fud (9) game (19) gaming (6) google (70) gpl (8) gps (9) hacking (25) hdtv (7) hollidays (15) homecinema (14) homepage (20) howto (75) innoveo (7) iphone (7) italy (10) itsatrap (8) java (80) javascript (11) joke (12) joomla (223) joomla15 (39) joomlacloud (7) junit (9) kde (11) kyosho (62) links (17) linux (127) LittleBigPlanet (16) mambo (18) manual (8) manurhin (9) maven (42) mediacenter (10) microsoft (53) modding (10) module (21) morespeed (16) motor (8) motorcycle (13) myhomepage (14) mysql (14) nas (14) neogeo (20) opencomment (27) opensource (63) opensuse (10) oss (8) p2p (7) panasonic (6) patch (32) pc (12) pdf (8) php (28) picasa (7) plugin (67) privacy (9) projector (11) protection (7) ps3 (43) publicity (9) quad (18) raptor30 (7) rchelicopter (161) release (7) review (32) robot (9) robotic (7) rss (8) safety (8) scooter (29) security (62) securityimage (8) securityimage3 (6) securityimage4 (21) securityimage5 (19) securityimages (19) securityimages5 (6) server (17) simulator (8) smugmug (13) snk (16) software (31) sony (39) spammer (7) statistics (13) storage (7) subversion (7) suse (12) switzerland (7) teamcity (16) testing (9) thundertiger (20) tips (31) tomcat (7) tomtom (7) translatetofrench (8) trip (17) troubleshooting (7) tutorial (9) twitter (7) upgrade (15) vespa (10) video (17) vintage (9) watercooling (9) web2.0 (28) windows (15) xbmc (7) xbox (10) zurich (18) zürich (11)

Pop. Tags

Latest Comments

Popular Post

items tagged with security

FaF File Anomaly Finder
Written By: Administrator
Section: Internet www
Category: security
2007-07-21 20:10:55
FaF (File Anomaly Finder) is a wrapper for the *nix 'find' utility. It generates audit reports for data matching specific characteristics; such data as setgid/setuid, unowned, and more. The objectives are simply to create a simple anomaly finder that identifies common flawed permissions or otherwise suspicious file system characteristics.

The main features of FaF are:
  • simplistic and to the point audit reports
  • easy setup and configuration
  • audits emailed to customizable address or user
  • ideal for web servers or general purpose workstations
  • audits of setgid/setuid, hidden, unowned, & world writable data
  • very portable
 http://www.r-fx.org/faf.php
Read More About FaF File Anomaly Finder...

1 week of mod_evasive some nasty bots get blacklisted
Written By: Administrator
Section: Internet www
Category: security
2006-08-30 23:19:26
This are my mod_evasive settings:
 
LoadModule evasive20_module     /usr/lib/apache2/mod_evasive20.so
<IfModule mod_evasive20.c>
  DOSHashTableSize 3097
  DOSPageCount 5
  DOSSiteCount 100
  DOSPageInterval 2
  DOSSiteInterval 2
  DOSBlockingPeriod 600
  DOSEmailNotify This e-mail address is being protected from spambots. You need JavaScript enabled to view it
</IfModule>

And this is a small documentation I've forget to add in the previous article:

  • DOSHashTableSize: is the size of the table of URL and IP combined. The greater this setting, the more memory is required for the look up table, but also the faster the look ups are processed. This option will automatically round up to the nearest prime number.
  • DOSPageCount: is the number of same page requests from the same IP during an interval that will cause that IP to be added to the block list.
  • DOSSiteCount: is the number of pages requested of a site by the same IP during an interval which will cause the IP to be added to the block list.
  • DOSPageInterval:  Interval for the 'DOSPageCount' threshold in second intervals.
  • DOSSiteInterval:Interval for the 'DOSSiteCount' threshold in second intervals.
  • DOSBlockingPeriod: is the time the IP is blacked (in seconds
  • DOSEmailNotify: can be used to notify by sending an email everytime an IP is blocked
  • DOSSystemCommand: is the command used to execute a command when an IP is blocked. It can be used to add a block the user from a firewall or router.
  • DOSWhiteList: can be used to whitelist IPs such as 127.0.0.1

Read More About 1 Week Of Mod_evasive Some Nasty Bots Get Blacklisted...

Adding mod_security to better protect your webserver
Written By: Administrator
Section: Internet www
Category: security
2006-08-21 19:32:50
ModSecurityTM is an open source intrusion detection and prevention engine for web applications (or a web application firewall). Operating as an Apache Web server module or standalone, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks. from http://www.modsecurity.org/
 
Installing mod_security as DSO is easier, and the procedure is the same for both Apache branches. First unpack the distribution somewhere (anywhere will do, I copy the .c files in my home),

# cd
# wget http://www.modsecurity.org/download/mod_security-1.9.4.tar.gz
# tar -zxfv mod_security-1.9.4.tar.gz
# cd mod_security-1.9.4/apache2

and compile the module with:

apache1apache2
/usr/local/psa/admin/bin/apxs  -cia ~/mod_security.c/usr/sbin/apxs2  -cia ~/mod_security.c


Read More About Adding Mod_security To Better Protect Your Webserver...

Auditing Joomla security
Written By: Administrator
Section: Mambo
Category: News
2005-11-17 23:37:38

 I will start the auditing of a copy of my website running locally in order to find design and security flaws in Joomla. I have found a quite impressive list of tools to achieve that goal:


In May of 2003, I conducted a survey of Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondent could list up to 8. This was a followup to the highly successful June 2000 Top 50 list. An astounding 1854 people responded in '03, and their recommendations were so impressive that I have expanded the list to 75 tools! Anyone in the security field would be well advised to go over the list and investigate tools they are unfamiliar with. I discovered several powerful new tools this way.
I also plan to point newbies to this page whenever they write me saying "I do not know where to start". Respondents were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below. Many of the descriptions were taken from the application home page or the Debian or Freshmeat package descriptions. I removed marketing fluff like "revolutionary" and "next generation". No votes for the Nmap Security Scanner were counted because the survey was taken on an Nmap mailing list. This audience also means that the list is slightly biased toward "attack" tools rather than defensive ones. from insecure.org

And that only because I've seing too much hacker trying to penetrate my homepage...eh guy I am also looking at You (logs)I hope You're smart enought to use windows zombie od hiding Your real internet adress! Moreover my finding will help the joomla community....



Web Site Test Tools and Site Management Tools: More than 290 tools listed in 12 categories




Avoid Hotlinking or so called bandwidth stealing
Written By: Administrator
Section: Internet www
Category: Apache
2009-01-01 13:28:57

From WikiPedia

Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs and bandwidth theft) is the use of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located.

This is not just Bandwidth Stealing, as

  • It cost CPU and bandwidth which means less performance for your visitors,
  • It cost a lot of money as you still pay the server cost, and loose ad revenues,
  • It drive people away from your reputable homepage since they will find your picture or files on any mirrors,
  • It may be a security threat at least for distributable software, anybody may alter (backdoor,ads, privacy information stealing) any of my open source component without my consent.

The mod_rewrite module is able to intercept incoming URLs and modify them according to a set of rules that you specify. The basic idea is use the mod_rewrite module to inspect the incoming HTTP header. The field we're looking for is the Referer field - or basically the URL that the current request originated from.

Referer

This optional header field allows the client to specify, for the server's benefit, the address ( URI ) of the document (or element within the document) from which the URI in the request was obtained.
This allows a server to generate lists of back-links to documents, for interest, logging, etc. It allows bad links to be traced for maintenance.

So create a file .htaccess at the root of your site with the following content:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?wiki.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?forums.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?bugs.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?demo2.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?mirror.waltercedric.com(/)?.*$     [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?images.google.com(/)?.*$     [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|zip|css)$ http://www.waltercedric.com/bandwidthStealing.html [R,NC]

Notes:

  • I want to allow cross linking between all my Subdomains wiki,demo, bugs, forums ... so I have a bigger list of allowed Referer than usual to enter...
  • I do not allow hotlinking of the following resources for obvious reasons: jpg|jpeg|gif|png|bmp|zip|css
  • I redirect any bad people to a fix files on disk http://www.waltercedric.com/bandwidthStealing.html
  • You are allowed to copy the templates http://www.waltercedric.com/bandwidthStealing.html as long as you keep the bottom link.
  • Note the latest RewriteCond: I always allow Google to references my images

There is a useful online generator with a lot more explanation online at the bottom of this page http://www.htmlbasix.com/disablehotlinking.shtml . This is active on my server since 2 weeks, and I've see a performance in response time.

More tips 

  • To have an insight on resources stealing in nearly real time, simply put a statistics marker with for example Google Analytics to see how many people are landing on that page per week or months!
  • To generate money (better than nothing), dot forget also to put advertisements publicity on your redirect hot linking page





There are 62 items tagged with security. You can view all our tags in the Tag Cloud

<< Start < Previous 1 2 3 4 5 6 7 8 9 10 Next > End >>
Page 1 Of 13

Support

My status

Download

You can download all my Joomla! extensions and a lot more HERE

Donations

Thank You for supporting my work
Click Here to make a donation