Author: MC
-
What not to do when you’ve installed sshdfilter
sshdfilter is a great tool which monitors system logs for repetitive failed login attempts and actively updates iptables to block offending ip addresses. However, there is a slight shortfall it its design as there are no exceptions to its blocking rules as I found this morning: Subject: sshdfilter event for 127.0.0.1, Too many password guesses,…
-
Fedora Core 5 yum.conf
Just a quick snippet of my /etc/yum.conf file which includes the ATrpms and FreshRpms repositories. [main] cachedir=/var/cache/yum keepcache=0 debuglevel=2 logfile=/var/log/yum.log pkgpolicy=newest distroverpkg=redhat-release tolerant=1 exactarch=1 obsoletes=1 gpgcheck=1 plugins=1 metadata_expire=1800 [atrpms] name=Fedora Core $releasever – $basearch – ATrpms baseurl=http://dl.atrpms.net/fc$releasever-$basearch/atrpms/stable [freshrpms] name=Fedora Linux $releasever – $basearch – freshrpms baseurl=http://ayo.freshrpms.net/fedora/linux/$releasever/$basearch/freshrpms
-
Trac – Emptying a Wiki database
A quick bit of shell magic to empty a Trac wiki database in a freshly installed Trac environment. In this example /var/www/html/trac is assumed to be the Trac environment you created with trac-admin. $ for page in `trac-admin /var/www/html/trac wiki list | cut -d’ ‘ -f1 | grep “^[A-Z]” | grep -v “Title”`; do trac-admin…
-
Patch to mod_evasive to enhance reporting
This morning I took the opportunity to install mod_evasive on my Apache Web Server after being hammered by zombies last night. Quote from [www.nuclearelephant.com]: mod_evasive is an evasive maneuvers module for Apache to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to…
-
Fedora Core 5 on VMWare 5.5
Fedora Core 5 was released yesterday, I attempted to upgrade my existing Fedora Core 4 installation in VMWare Workstation 5.5.0 and encountered a problem. Fedora isn’t automatically detecting the VMWare SCSI device, it presents a warning that there were no hard drives were detected. I found you can resolve this by manually adding the BusLogic…
-
Analysis of Spamming Zombie Botnets
Since writing my SpamKit Plugin I have been keeping a keen eye on the comment/trackback spam subject and have guinea pig’d my ideas on my own blog. Recently I noticed a distinct change in the sophistication of comment-spammers. The early comment-spammers were using very basic HTTP clients, mostly without thinking about what’s going on ‘under…
-
RC4/ARCFOUR Implementation in PHP
I wrote this RC4/ARCFOUR implementation in PHP – based on the original C source code posted on usenet in 1994. The rc4() call itself is completely self-contained, two other methods rc4_test() and rc4_benchmark() have been provided for testing and are optional. My motivation for writing it was to replace the dependency on MCrypt in my…
-
Update: TI 7×21 FlashMedia/SD Host Controller (104C:8033 & 104C:8034)
Bit of an update, my previous post is now getting a significant amount of traffic; in fact it’s my hottest post yet! Progress over at http://tifmxx.berlios.de/ – I downloaded the latest revision of this driver and it appears to be going through re-structuring, still not-functional I am afraid. However, a month since contacting TI I…
-
GoogleBot Experiment Success!
A month has past since I made a change to my WordPress templates to experiment with Google bot (see previous post) and I can proudly report that it works like a charm. My original problem was that Google was returning search results pointing to index-style pages on my Blog instead of the post’s themselves. These…
-
Using sshdfilter to secure an SSH server
Since moving my OpenSSH server down to its standard port number I have been hit daily by service scanning software and brute force password attacks. Gerry pointed out that sshdfilter can help. sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output and generating iptables…
-
Brute force password attacks on Linux over SSH
This is one of the main reasons I hate running SSH on the standard port numbers, every day I get log-alerts like these. As per usual I notify the originating ISP, at least I have an email template for it. Failed logins from these: invalid user abdul (password) from 203.98.XXX.XXX: 2 Time(s) invalid user abort…
-
Sitecom CN-502 USB Bluetooth Dongle works on Linux
To my absolute surprise, the Sitecom CN-502 USB Bluetooth Dongle works perfectly with out-of-the-box Fedora Core 4 x86_64. The lsusb output shows it’s a Cambridge Silicon Radio chip (0a12:0001) which is very widely used and well supported. I bought this thing some time ago because of its protruding aerial; my original intention was to dismantle…
-
TI 7×21 FlashMedia/SD Host Controller (104C:8033 & 104C:8034)
Update: TI 7×21 FlashMedia/SD Host Controller (104C:8033 & 104C:8034) The Compaq R4100 series of laptops feature a 6-in-1 memory card reader based on the widely used Texas Instruments 7×21 chips. Although TI provides Windows drivers there is very little information available to assist in development of a free Linux device driver for it. It appears…
-
Broadcom BCM4318 PCI id 14E4:4318 Wireless Adapter
In my previous post I mentioned that I got the wireless adapter in my Compaq R4100 series laptop working with ndiswrapper. It appears this was a total fluke, others have had to add “noapic” kernel parameters to get it working correctly. I found if I set this kernel parameter the wireless adapter wouldn’t work at…
-
Fedora Core 4 x86_64 Linux on Compaq R4000 Laptop
The majority of the hardware worked out of the box, the WXGA (1280 x 800) screen needs to be manually frigged into the X configuration. Only the wireless adapter and the memory-card reader are unsupported by the base install. I got the wireless adapter (Broadcom BCM4318 PCI id 14E4:4318) working using ndiswrapper 1.8 from ndiswrapper.sourceforge.net,…