WTF, in only 40min, ssh brute force attack !
Jul 14 17:54:56 server1 sshd[1135]: Server listening on 0.0.0.0 port 22.
…
Jul 14 18:36:16 server1 sshd[2325]: Invalid user center from 70.38.23.166
thank Venema for TCP Wrapper
I believe that this is a security risk for new installations.
Ok, root cant ssh access the server.
But common!
We create a simple user to login and then su to root.
I dont want ssh daemon to be started by default, before i finished with my linux server configuration and add some security measures to prevent issues like that.
And the most significant part is that i had configured my router sshd port to a non known tcp port !!!!
Gateway Interface: eth0
Wireless Interface: wlan0
$ vim /etc/dnsmasq.conf
interface=wlan0
dhcp-range=192.168.1.240,192.168.1.255,3h
/etc/rc.d/dnsmasq stop
ifconfig wlan0 down
iwconfig wlan0 mode ad-hoc
iwconfig wlan0 essid wireless key s:1234567890123
ifconfig wlan0 192.168.1.1 up
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/rc.d/dnsmasq start
pirsyncd stands for: Python Inotify Rsync Daemon.
Description:
This is an attempt of writing a daemon to watch a directory for kernel’s inotify events and then execute an rsync command to synchronize two different directories (local or remote). This is a poor man’s mirroring or an alternative (not so) real data replication mechanism and it is based on Pyinotify.
From ChangeLog:
Plz notice that this is the last version in python2
The next version of piryncd would be only in python3
- Pyinotify.py updated to 0.9.1 (20110405)
- Added ssh port parameter for synchronize of ssh
- Removed trailing slash (/) requirement for source & destination path
- Added Pyinotify.py version3 for pirsyncd.Py3k
plz try ./pirsyncd –help & ./pirsyncd –examples to see more.
Get the latest version of pirsyncd v20110412
It’s super easy to setup a vpn connection over an ssh access.
You dont believe me ?
You can try it by your self in only a few seconds away.
You have to be root on your local machine and you have to ssh as root to your remote machine.
To do that, change your remote /etc/ssh/sshd_config with the below values:
AllowUsers root
PermitRootLogin yes
PermitTunnel = yes
restart your ssh daemon: /etc/init.d/sshd restart
After that, copy the below shell script : ssh.vpn.sh
This is ssh.vpn.sh code:
#!/bin/sh
# Evaggelos Balaskas < ebalaskas _AT_ ebalaskas _DOT_ gr >
# Last change: Mon Feb 21 23:48:53 GMT-2 2011
# If you can spare a dollar, plz donate !
clear
echo "Give me server's name: "
read SERVER
echo "Give me ssh port: "
read PORT
SIP=`host $SERVER|tail -1 | awk '{print $NF}'`
DGW=`ip route show | grep default | awk '{print $3}'`
ssh -fw any:any $SIP -p $PORT 'ifconfig tun0 down;
ifconfig tun0 10.20.30.40 pointopoint 10.20.30.41;
echo 1 > /proc/sys/net/ipv4/ip_forward;
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE;
grep nameserver /etc/resolv.conf ' > /etc/resolv.conf
# Configure Client tun0 --> point-to-point with server tun0
ifconfig tun0 down
ifconfig tun0 10.20.30.41 pointopoint 10.20.30.40
# Configure Routing
route add -host $SIP dev eth0
route add default gw 10.20.30.40 dev tun0
route del default gw $DGW dev eth0
Make this file executable: chmod +x ssh.vpn.sh
and run it # ./ssh.vpn.sh !!!
You should asked to write the server’s name (eg. ssh.example.com) and the ssh port (eg. 22) and of course your root remote password.
Everything else is automate to make your life
Simple as that.
Open whatismyip to see your new ip address!
Ok i have to admit that large urls are un-friendly, difficult to share and sometimes have privacy info.
Url shorteners provide anonymity and a short-friendly url to use and share.
But they are also a security risk! Browser security is something that we take very light, but we shouldn’t!
When someone sends me a url shortener i have to use a web browser to click on it and see the destination page. With simple urls i have to just mouse over (firefox 3) to see the destination.
Sometimes people send me spam or urls that i dont wish to open or see.
I believe that the design of url shorteners is just wrong!
People should be able to see or even test the urls before they click and open on them.
Browser hijacking is one form of malicious code that url shorteners make it extremely easy !
An idea:
Like google’s “Instant is on”, a similar action should be done with url shorteners.
With mouse over (or whatever else you like) the destination domain/url should reveal to the client.
And then if he/she agrees to verify for open the destination url to a new tab/window.
A simple chrome/firefox extension shouldn’t be that hard.
Or you have a different opinion ?
Very Interesting Linux Events & Confs that you should be there:
Fosdem
http://fosdem.org
05 - 06 Feb 2011
Brussels, Belgium
Open Source Days
http://opensourcedays.org
05 Mar 2011
Copenhagen, Denmark
OpenFest
http://openfest.teipir.gr
9th to 10th of April 2011
Piraeus, Greece
Linux Open Administration Days
http://loadays.org
16th - 17th April 2011
Wilrijk, Belgium
Infosecurity
http://www.infosec.co.uk
19th - 21st April 2011
London, England
Fosscomm
http://fosscomm.gr
7th - 8th May 2011
Patra, Greece
Solutions Linux OpenSource
http://www.solutionslinux.fr/?lg=en
10 - 12 May 2011
Paris, France
Linux Tag
http://www.linuxtag.org
11 - 14 May 2011
Berlin, German
Desktop Summit
http://desktopsummit.org
06 - 12th August 2011
Berlin, German
FrOSCon
http://www.froscon.de
20st - 21nd August 2011
Bonn, Germany
FrOSCamp
http://froscamp.org
17 - 18 Sep 2010
Zurich, Switzerland
T-DOSE
http://www.t-dose.org
05 - 06 November 2011
Eindhoven, Netherlands
The picture speaks for it self.
Same tabs - same sites - same resources - same time - same logins.
Firefox is just a memory leak before it crash your linux box! But it is the most extensible browser. You can do almost everything via Addons.
Chrome is the middle & safe solution but i cant use xmarks with a custom server and i cant use different proxies with exclusions but only shell variables (http_proxy).
Midori has the same engine as chrome (webkit, same restrictions as Chrome. Isnt extensible as chrome but uses UserScripts & UserStyles
But midori uses the least memory, its super fast and perfect for your simple needs.
My opinion is NOT to use only one web browser, but choose the browser by the need you want to cover.
A friend/colleague from work, made a keyboard prank.
So today and after 7 hours of work, i finally figured it out!
Damn blind typing.
He had changed U & Y and V & B, but i never looked once on my keyboard.
Sorry Dude, better lack next time :)
hackfest is mainly for sharing opensource ideas. One of this was suggested to me by comzeradd. He told me that he is using ziproxy to compress data through his phone (story here android-ziproxy).
So i am using ziproxy from October 2010, to compress all my internet traffic.
Another proxy i am using (mostly for the chain forward ability) is privoxy. Privoxy can forward traffic through another proxy (http or a socks) but has filtering features too. Privoxy can block ads & flash on the spot. It is a well known opensource proxy to system administrators too, who they use it to bypass firewalls or dmz or complex networks.
I believe that everyone who respect his self has No Script, Ad Block Plus with kargig’s filter Greek Ad Block Plus Filter and Flash Block enabled on his/her browser.
All the above add-ons block Js, Flash & Ads on client browser. That means that already you have download them.
If you need to reduce http traffic the solution is to combine ziproxy and privoxy!
By the way, it’s extremely easy, so you should give it a try.
You simple install privoxy and run it locally and then open ziproxy.conf to add these:
NextProxy=”127.0.0.1”
NextPort=8118
Run ziproxy as normal and voila !
Some benchmarks to show you the truth:
wget -d -p www.otenet.gr/otenet/ –no-proxy –no-cache
No Proxy:
Downloaded: 73 files, 718K
Ziproxy:
Downloaded: 73 files, 479K
Ziproxy - Privoxy:
Downloaded: 70 files, 475K
Another on:
wget -d -p http://www.villagecinemas.gr/
No Proxy:
Downloaded: 92 files, 1,1M
Ziproxy:
Downloaded: 92 files, 527K
Ziproxy - Privoxy:
Downloaded: 80 files, 160K
You all know about identi.ca & twitter
If you dont, then perhaps your are that kind of people that have a life or even free time!
I am a newbie on both of them, but i I am already frustrate about twitter’s microblogging features.
The web layout is too complex, I cant login with my openid account but the most depressing thing is that i cant see my friends timeline via rss!
The main problem is that twitter have changed to oauth and you can use an application with twitter api.
But Why God, Why?
So i singed with gtweetapp to finally have my friend timeline to rss feed.
Then i wanted google reader to subscribe to my rss feeds (identi.ca and twitter) but google reader doesnt merge the rss feeds.
So i used yahoo pipes to merge, sort & unique feature and then subscribed the result of yahoo pipes to google reader.
And finally i can read all my notices & twitts and my “friends” notices & twitts in my RSS reader!
So is this worth it ?
we ‘ll see in near future :)
till then happy tw…. oh get some work done, you lazy bastards!
Ok, everybody loves opensource projects!
An opensource project has many good noticeable features.
It is nice, it is beautiful, it works, it is secure and it is free of charge.
We use every day opensource projects but we always forgot to give our gratitude to people behind our favorite program.
A thank you email is just fine to express our appreciation to the lonely programmer.
But a donation is the best solution for giving our thankfulness.
I have written an opensource project myself too: pirsyncd and i’ve been grateful for all the love i am getting about it.
I have received patches, t-shirts, thank you notes, publicity via blog entries and donations.
All the above are extremely useful for someone like me. I am always trying to balance around zero on my paypal account and give money to other opensource project or services too.
So dont forget to give some money to people, even a small amount is important!
It is a known fact that gmail’s spam filters get the job done.
I am working with spamassassin on local mail setups and i want spamassasin to learn automatically from my gmail Spam folder.
So is it possible?
Of course it is possible.
First we have to get all the mails from our gmail account into a local dummy mail account (easy we’ll use getmail) and then we have to educate spamassasin from our local dummy mail account (sa-learn).
one config file and two commands via cron will do the work.
First the getmailrc (i shall not bother with the getmail & spamassassin installation or setup).
/root/.getmail/getmailrc
[options]
delete = false
message_log = /var/log/getmail.log
verbose = 0
read_all = false
[retriever]
type = SimpleIMAPSSLRetriever
server = imap.gmail.com
mailboxes = ("[Gmail]/Spam",)
username = username@example.com
password = XXXXXXXXXXXXXXX
[destination]
type = Mboxrd
path = /var/spool/mail/gmail_spam
user = nobody
So now when we execute: getmail
every new mail is gmail spam folder will be downloaded into /var/spool/mail/gmail_spam
Next we need to execute sa-learn
sa-learn --spam --mbox /var/spool/mail/gmail_spam
Thats it!
Simple as that!
Dont forget to add the below cron entries:
@daily getmail &> /dev/null
@daily sa-learn --spam --mbox /var/spool/mail/gmail_spam &> /dev/null
I am supporting a greek company with two linux servers.
These two linux boxes have a lot of services,
including a mail server and they are set upped as active/passive.
In the past week they lost their internet adsl connection.
This is a true and horrible story, but for that i’ll write another post in near future.
So without an internet connection there werent a lot of things i’ve could do.
Thanks to Santa Claus i had predict this problem and i have installed a linux vps server outside of the company as a backup mx/mail server to queue all the undelivered mail.
From the company, i ‘ve been asked if i could keep all the mails in queue and also provide a copy to a gmail account. After google searching about postfix rewrite and re-queue i ‘ve came to automatic recipient bcc.
In my /etc/postfix/main.cf (or you can use postconf) i added this line:
recipient_bcc_maps = regexp:/etc/postfix/recipient_bcc_maps
If you are a careful reader then you have noticed that i wrote regexp for my recipient map file.
And the reason is that i wanted to combine all the mails that came to the backup mx server.
This is my /etc/postfix/recipient_bcc_maps:
/@example.com/ example.com@gmail.com
Of course i had to reload postfix in the vps and send a test email to verify that the blind copy for all the domain is working.
If you want to re-queue all the mails then you have to do something like this:
postsuper -r ALL
PS: As the Journey have said: Don’t Stop Believing …. in Santa Claus
Have a nice holiday :)
This time, only code and no comments:
installation
git clone git://git.berlios.de/iat iat.git
cd iat.git
./autogen.sh
./configure
make
sudo make install
Usage
$ /usr/local/bin/iat -i image.mdf --iso
RAW Block :2352
100% [:=====================:]
Verification
$ file image.iso
image.iso: ISO 9660 CD-ROM filesystem data 'image'
A long time ago, i had created an account on a site to use their online service
(the site/company and the service is irrelevant to this story).
This evening i had to use this service again, but i couldnt remember my password!
Thats not a problem, i hit “You forgot your password” button and i followed their instructions.
Just a few clicks and some seconds ago, i was reseting my password to something new.
So i ‘ve tried the login page on the site.
Email or password incorrect.
My first thought was, that i had misspelled my password on the reset form.
I did the reset procedure once again.
This time i wrote the password to an empty text file (just to be sure) and i copied the password from the text file to password & rewrite password text field on the reset page.
After that and one more time:
Email or password incorrect.
So i clicked “support & help, follow this link”.
Thats nice …..
To use their support & help & faq & whatever else they have, i must logon to their site!
HELLLOOOOOO guys
i have problem with your fuc@#$@#$ login page,
how on earth i can login to your help page to open o fuc@#$@# ticket when
my problem is your login page !!!
The Horror! The Horror!
why people are so stupid ?
No so long ago, i’ve noticed that pirsyncd published (not by me) in download.famouswhy.com . I have to say that i didnt know about this site. But the people behind it, have found me and asked me a few questions. So here is my first interview about me & pirsyncd.
When i want to setup a simple http server, i use python with SimpleHTTPServer module.
But in python3 this module is been merged with http.server.
So if you are using python 3, then you should use something like this:
python -m http.serverIf you want to use a high port (perhaps you are a simple user) then type something like this:
python -m http.server 8888If your internal lan is: 192.168.0.0/27
First create a new access-list:
access-list 123 permit ip 192.168.0.0 0.0.0.31 anyand then add this to your line configuration:
access-class 103 inIf you want more help:
€ ssh ROUTER_IP password: router>en Password: router#conf t Enter configuration commands, one per line. End with CNTL/Z. router(config)# access-list 123 permit ip 192.168.0.0 0.0.0.31 any router(config)# line vty 0 4 router(config-line)# access-class 103 in router(config-line)# end router# write mem
This post is just a suggestion! Not real data or benchmarks are been provided !
I was reading the manual page of resolv.conf. Yeap thats true, i am that kind of people that are reading manual pages before bed time.
man 5 resolv.confor alternative read this: resolv.conf.
I only use nameserver, domain and search configuration options on my resolv.conf, but reading the manual page,i ‘ve read about rotate option.
With this option our machine run queries with a round robin mechanism on our nameserver declarations.
That means that if you are using two dns cache servers in a big infrastructure, we can query both dns servers equally improving the load average on our dns machines.
If you have more, even better.
So give it a try