http://www.ryangreenier.org/blog http://www.ryangreenier.org Tue, 04 Nov 2008 22:01:42 +0000 http://backend.userland.com/rss092 en Line 1: <?php Line 2: if ($_SERVER['REQUEST_URI'] == $_SERVER['PHP_SELF']) Line 3: exit(); http://www.ryangreenier.org/blog/posts/2008/11/04/protect-your-php-includes/ What is it with people leaving default installations public facing? They must think I don't have enough work to do. Inevitably, the server is compromised and used to host phishing attacks against clients of my employer. Default Apache Install: Plus PHPInfo page: Equals phishing attack. Nice equation. http://www.ryangreenier.org/blog/posts/2008/10/24/default-installations/ Some pretty basic functions are missing from most of the *-nix systems by default. One of these is account lockout. In comes PAM Tally (pam_tally.so). This module maintains a count of attempted accesses, can reset count on success, and can deny access if too many attempts fail in succession. pam_tally comes ... http://www.ryangreenier.org/blog/posts/2008/10/09/account-lockout-in-linux-pam-tally/ The squid access.log file is useful for determing where your users are going when using http/80. These log files are generally rotated daily and each contain a LOT of data. In my organization, this is in the realm of 2 GB per day. So how do you find what you ... http://www.ryangreenier.org/blog/posts/2008/10/08/squid-log-parsing/ On a recent post to a mailing list I subscribe to, a user indicated that they made an inadvertent blunder to a Linux machine they operated (they were an RHCE to boot). The email was as follows: There are some things you can do like rpm -qlv <name_of_package> but you're going ... http://www.ryangreenier.org/blog/posts/2008/10/08/oops-bring-out-the-backup/ Welp, I signed up for CISSP training which starts on October 13th (company is paying). I don't really have an idea of a cert test date yet. I'm thinking late winter-spring, but I should have a better idea after training completes. I'm looking forward to it either way. An employee ... http://www.ryangreenier.org/blog/posts/2008/09/05/cissp-begins/ It was brought to my attention that xobni was getting rave reviews, so I figured I'd give it a chance. I've been using Google Desktop. I keep almost everything (except alerts), so my PST file in Outlook (well, the combination of quarter year PST's) is around 14GB currently. I'll put ... http://www.ryangreenier.org/blog/posts/2008/08/26/outlook-organization/ Getting away a little bit from computer security rants and into personal security for a moment. Mostly because it hits me close to home. As some of you know (basically anyone that reads my about page), I like to ride motorcycles. Never do I wear my helmet. I think it ... http://www.ryangreenier.org/blog/posts/2008/08/22/motorcycle-helmet-laws/ http://www.ryangreenier.org/blog/posts/2008/08/13/america-needs-more-people-like-this-asap/ I was perusing www.americanmusical.com the past couple days looking for a new instrument as I have done many times in the past. AMS is top-notch when it comes to customer support, shipping, quality, price, the whole nine yards. However when I tried to log in I realized I forgot my ... http://www.ryangreenier.org/blog/posts/2008/07/08/american-musical-what-you-should-not-do/