Blogs

Etherape - Check your Network Traffic

A nice GUI interface to see where your network traffic is going to or coming from.

Screenshots - http://etherape.sourceforge.net/images/index.html

Website - http://etherape.sourceforge.net/

Have fun

Random Js Virus

In late 2009 and early 2010 i have seen a new kind of Attack on websites which Security Companies Named as Random Js Virus. It used to insert a java script code to redirect the page on a rogue website inside tag. Lately they have started putting encrypted code to make it look like a genuine code.

I am still seeing its happening to lost of websites. The main reason are : -

1) Week FTP Passwords

2) FTP traffic in plain text

3) Sql Injection

GNU/Linux Server Security - The Initial Steps

Below are the Steps and the links to the tools which you can use on your GNU/Linux server to make it secure.

Server Security:-

1) If you are not having cpanel / webmin and not good with iptables rules as well you can use APF http://www.rfxn.com/projects/advanced-policy-firewall/ however if you are having cpanel then go for http://configserver.com/cp/csf.html. Both the utilities provides easy to use interface to configure the firewall rules

2) You can use more tools from this page http://www.rfxn.com/projects/

3) On server where you are not using cpanel you can use.

Securty Wiki

System Monitoring

A very good article about it at

http://www.serverwatch.com/tutorials/article.php/3937996/Try-collectl-fo...

its a good tool for system monitoring

and the tool link is at

http://collectl.sourceforge.net/

Enjoy

Bleh

Green Sql - A great Mysql firewall

Green Sql - it acts as proxy in between your database and request from outside world . It blocks the attempts for sql injection.

Great tool to add more for your Mysql security for more information visit below link

http://www.greensql.net/

Bleh

How to Do a little with Linux Commands

Some of the useful commands on Linux if you are facing a sudden DDOS attack

Count the number of HTTP processes (it helps to know what your normal count is for comparison):

ps -aux|grep -i HTTP|wc -l

Executing the following command will show the IPs arranged in order of established connections

netstat -lpn|grep :80|awk '{print $5}'|sort

It will show a list of the current active connections by IP address and the offending IP is usually the one with a high number of connections:

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Unhide - Hidden Process finder

Good to check hidden processes on your server

http://www.unhide-forensics.info/

Unhide is a forensic tool to find hidden processes and TCP/UDP ports by rootkits / LKMs or by another hidden technique.

WinAUTOPWN

great tool to use on winblows

http://winautopwn.co.nr/

An old post at security focus

http://www.securityfocus.com/comments/articles/11501/34954/threaded#34954

and the issue is still there i can still see people putting questions about it

sigh