Search found 83 matches

by Copperhead
Fri Oct 02, 2009 11:49 pm
Forum: Ubuntu/Debian
Topic: Ubuntu Karmic BETA first look
Replies: 3
Views: 6545

Ubuntu Karmic BETA first look

Ubuntu's servers have been jammed the last few days, but I was able to get an x64 copy running on VMWare Fusion on a dual core Mac host machine. I gave it a 60 GB drive with 2 GB RAM with 2 processors. First of all, it is FAST! Load time from the VMWare BIOS screen to desktop was about 15 seconds. I...
by Copperhead
Fri Sep 04, 2009 10:03 am
Forum: Ubuntu/Debian
Topic: How to disable TRACK/TRACE lighttpd 1.4.23
Replies: 6
Views: 9920

They were facing a similar fine. It passed, though. So long as you have a certificate from a certified PCI compliance authority, you are good to go.
by Copperhead
Fri Sep 04, 2009 9:51 am
Forum: Fedora/Red Hat
Topic: Error in YUM or?
Replies: 6
Views: 10546

You can always use the exclude flag with yum as well:

$ yum -x <package_name> update/upgrade

I ran into a similar problem with conflicts between lua and mod_security.
by Copperhead
Wed Sep 02, 2009 6:14 pm
Forum: Ubuntu/Debian
Topic: How to disable TRACK/TRACE lighttpd 1.4.23
Replies: 6
Views: 9920

Yeah, sorry about that. I typed in "PC compliance." I forgot the "I" :D PCI compliance, while should be practiced, is kind of a joke because it is not very standardized. The service my client used (I forget what it was), and obtained a compliance certification, was completely different than the one ...
by Copperhead
Fri Aug 28, 2009 12:40 pm
Forum: Ubuntu/Debian
Topic: How to disable TRACK/TRACE lighttpd 1.4.23
Replies: 6
Views: 9920

Thanks Void. I actually found that page and went through the process with my client. After I did some searching, TRACK/TRACE is enabled by default in older versions of lighttpd >1.4.23. Since this guy was updating via apt, it didn't overwrite the old config file because he had virtual hosts defined,...
by Copperhead
Tue Aug 25, 2009 12:43 pm
Forum: Ubuntu/Debian
Topic: How to disable TRACK/TRACE lighttpd 1.4.23
Replies: 6
Views: 9920

How to disable TRACK/TRACE lighttpd 1.4.23

Anyone familiar with this? We are trying to pass a PC compliance test and the TRACK/TRACE method is enabled. Scan gave us the code for Apache, but not lighttpd, of which my knowledge is limited.

lighttpd -1.4.23
Ubuntu 8.10 Intrepid
by Copperhead
Mon Aug 17, 2009 6:58 pm
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

That site is funny :D That person might just be trying to break out of the Great Firewall of China.

In Shorewall, do I just write the rule like I had above, but with the IP instead of the FQDN?
by Copperhead
Mon Aug 17, 2009 6:46 pm
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

This has been going on for the past week. Here are the enteries from 61.160.216.63 access_log:61.160.216.63 - - [16/Aug/2009:12:24:18 -0700] "GET http:/??hash=CEC7D7F3C316BE4A182B80520050AAFEDE8BC06A138E HTTP/1.0" 404 287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" access_log.1:61.160.2...
by Copperhead
Mon Aug 17, 2009 6:25 pm
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

Maybe I am reading the log entry wrong then: access.log: 61.160.216.63 - - [11/Aug/2009:12:04:51 -0700] "GET http://www.wantsfly.com/prx.php?hash=CEC7D7F3C316BE4A182B80520050AAFEDE8BC06A138E HTTP/1.0" 404 287 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" That line is in there quite a few ...
by Copperhead
Mon Aug 17, 2009 6:15 pm
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

After some grepping, this one is coming from wantsfly.com: 61.160.216.63 and these seem to be running the malicious bot: 60.13.126.151 -- China 61.160.216.63 -- China 88.80.7.248 -- Sweden 91.199.207.60 -- Czech Republic whois returned this on 74.95.238.213 [Querying whois.arin.net] [whois.arin.net]...
by Copperhead
Mon Aug 17, 2009 4:23 pm
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

That is exactly what it is. I found some odd entries in my log files and Googled them only to find this: http://johannburkard.de/blog/www/spam/morfeus-fucking-scanner-revolt-other-vulnerability-scanners.html Sorry about the language, but it was in my log file. That page has a bunch of other scanners...
by Copperhead
Mon Aug 17, 2009 11:21 am
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

Thanks. I will give those a look.

I don't have phpmyadmin, or anything like that installed, so no harm no foul, I guess. This has been going on for the past two weeks from the same range of addresses, so I am guessing it is some script kiddies trying to have some fun.
by Copperhead
Mon Aug 17, 2009 10:44 am
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

It's really not that big of a deal since there is no real security breach, but I would like to just block both of these domains. He is my logwatch file with the pertinent entries: wantsfly.com: Requests with error response codes 400 Bad Request /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 403 Forbidden ...
by Copperhead
Mon Aug 17, 2009 10:11 am
Forum: Fedora/Red Hat
Topic: Block a domain in shorewall or host.deny?
Replies: 15
Views: 20595

Block a domain in shorewall or host.deny?

I am trying to block a domain that keeps trying to access my apache server through shorewall, but I keep getting errors on restart. I have the following entry in /etc/hosts.deny, but these clowns still seem to make it into my logfile: $ grep -v '#' /etc/hosts.deny: ALL: wantsfly.com ALL: hinet.net I...
by Copperhead
Sat Sep 13, 2008 5:42 pm
Forum: Networking
Topic: Weirdness going on with Shorewall????
Replies: 0
Views: 4526

Weirdness going on with Shorewall????

I've set up a router/firewall system with Shorewall on Debian, and it has been working fine until about five minutes ago. It seems that I can no longer access the internet from the Shorewall machine. I tried running apt-get update, and traceroute, ping, etc. and they all have failed. The weird thing...