Protect Your PHP Includes

Posted by Ryan in Tuesday, November 4th 2008   
Topics: Infosec, PHP, Scripts    Tags: , ,
No Comment

Line 1: <?php
Line 2: if ($_SERVER['REQUEST_URI'] == $_SERVER['PHP_SELF'])
Line 3: exit();

Default Installations

Posted by Ryan in Friday, October 24th 2008   
Topics: Infosec    Tags: , ,
No Comment

What is it with people leaving default installations public facing? They must think I don’t have enough work to do. Inevitably, the server is compromised and used to host phishing attacks against clients of my employer.
Default Apache Install:

Plus PHPInfo page:

Equals phishing attack.

Nice equation.

Account Lockout in Linux - PAM Tally

Posted by Ryan in Thursday, October 9th 2008   
Topics: Infosec, Linux    Tags: ,
No Comment

Some pretty basic functions are missing from most of the *-nix systems by default. One of these is account lockout. In comes PAM Tally (pam_tally.so). This module maintains a count of attempted accesses, can reset count on success, and can deny access if too many attempts fail in succession.
pam_tally comes in two parts: pam_tally.so and [...]

Squid Log Parsing

Posted by Ryan in Wednesday, October 8th 2008   
Topics: Perl, Scripts    Tags: ,
No Comment

The squid access.log file is useful for determing where your users are going when using http/80. These log files are generally rotated daily and each contain a LOT of data. In my organization, this is in the realm of 2 GB per day. So how do you find what you are looking for? I use [...]

Oops… Bring out the backup.

Posted by Ryan in Wednesday, October 8th 2008   
Topics: Infosec    Tags: ,
No Comment

On a recent post to a mailing list I subscribe to, a user indicated that they made an inadvertent blunder to a Linux machine they operated (they were an RHCE to boot). The email was as follows:

There are some things you can do like rpm -qlv <name_of_package> but you’re going to be troubleshooting broken items [...]

« Older Entries