Jump to content

Nytro

Administrators
 View Profile  See their activity

  • Posts

    18753

  • Joined

  • Last visited

  • Days Won

    726

 Content Type 

Everything posted by Nytro

  1. Nytro
    Top 10 cele mai bune browsere din 2011 De-a lungul timpului au existat nenum?rate dezbateri privind cele mai eficiente browsere de pe pia??. Pentru c? de la an la an apar noi versiuni, dar ?i noi produse de navigat pe internet, iat? cel mai recent top al celor mai bune 10 browsere din 2011. Clasamentul este realizat de cei de la Axleration. 1. Mozilla Firefox Mozilla a lansat aceast? versiune pe data de 22 martie. Interfa?a îmbun?t??it?, viteza crescut?, dar ?i accelerarea hardware fac din cea mai nou? versiune a Firefox cel mai bun browser. Specifica?ii: Butonul Firefox – un substitut pentru meniuri Îmbun?t??ire serioas? a butonului Bookmark Navigare Offline Zoom De 3 ori mai rapid decât versiunea 3.6 Grafic? 3D Integrare Anti-virus Anti-phishing Update Automat Teme (Personas) 10.000 de modalitati de a-l personaliza Suport Multi touch Traducere în 75 de limbi Implementarea standardelor HTML5 Fonturi speciale Auto Complete îmbun?t??it Session restore 2. Google Chrome 11 Google Chrome este de altfel ?i al doilea cel mai utilizat browser. Dup? succesul variantei 10 , Google a decis lansarea versiunii beta a Google Chrome 11. De?i nu se ?tie pân? acum data de lansare a versiunii oficiale, Chrome 11 se bucura deja de un succes r?sun?tor. Specifica?ii: Sc?derea utilizarii CPU cu 80% Search box mai eficient Download mai u?or Crestere spectaculoa?a a vitezei Java Script Update-uri automate Session restore Cu 68% mai rapid decat varianta anterioara Implementarea standardelor HTML5 Anti malware Anti Phishing Grafica 3D Recuno?terea vocii Teme Auto Complete mult îmbun?t??it 3. Internet Explorer 9 Chiar dac? este cel mai bun browser de pân? acum al celor de la Microsoft, înc? nu poate concura cu cele dou? men?ionate mai sus. Specifica?ii: Integrare cu Windows 7 Interfa?? nou? Design nou pentru pagina New Tab Bara de notificare Integrare a barei de adrese ?i cea a c?utarilor Mult mai rapid decat variantele anterioare Implementare a standardelor HTML5 Update-uri automate Îmbun?t??ire a caracteristicilor Add-on Filtru smart screen Caracteristici de securitate ?i confiden?ialitate îmbun?t??ite 4. Opera 11 Opera 11 este un browser restilizat cu multe facilit??i ?i mult mai sigur chiar ?i decât Mozilla Firefox 4. Specifica?ii: Buton Opera Visual Mouse Gestures Standarde HTML 5 Caracteristici CSS3 Panou de mail ce poate fi drag-uit Skins si Layout uri Widget-uri Torrent download rapid Foarte bine securizat pentru download-uri Cel mai rapid motor JavaScript 5. Safari Apple a lansat cea mai recent? versiune a Safari, numit? de altfel Safari 5.0.4, acum câteva s?pt?mâni. Browser-ul americanilor de la Apple poate fi folosit atât pe Windows 7, cât ?i pe Mac 10. Specifica?ii: Suport HTML5 Safari Reader De 2 ori mai rapid decat Firefox 3.6 Casu?? de adrese inteligent? Accelerare Hardware Tastatura de navigare îmbun?t??it? Suport de îmbun?t??ire a clarit??ii imaginilor (ICC) Motorul de cautare WebKit Motoare Nitro ?i JavaScript mai rapide 6. Maxthon Acest browser este cunoscut datorit? setului bogat de caracteristici pe care îl de?ine. De asemenea, acesta face navigarea foarte placut? prin plug-in-urile speciale ?i prin solicitarea sc?zut? a memoriei. Specifica?ii: Butonul Maxthon Ad hunter-ul Dual Display Engine Visual Mouse Gesture Magic Fill Skin-uri Drag and drop foarte bun 7. Flock Flock este un web browser specializat în furnizarea de re?ele sociale ?i facilit??i Web 2.0. Este perfect pentru dependen?ii de MySpace, Facebook, YouTube, Twitter, Flickr, Blogger, Gmail ?i Yahoo! Mail. Specifica?ii: Schimbul nativ de text, link-uri, fotografii ?i clipuri video Media Bar-ul – previzualizare a clipurilor video online ?i a fotografiilor Feed Reader Blog Editor – permite postarea directa în orice blog desemnat 8. Avant 2011 alpha 1 Acesta este cunoscut si sub numele de Avant 11.7. Aspectul s?u profesional i-a adus numero?i utilizatori, îns? nu atât de mul?i încât s? poat? concura cu gigan?ii Mozilla ?i Chrome. Specifica?ii: Zoom de 500% Foarte simplu de folosit Blocheaz? doar Pop-up-urile Viteza asemanatoare cu IE8 9. Deepnet Explorer 1.5 Deepnet Explorer nu reu?e?te s? impresioneze prin nimic special, însa ofer? câteva facilit??i aparte. Se concentreaz? în principal pe fluxurile RSS si re?eaua P2P. Specifica?ii: Buton de securitate pe fiecare tab Sandbox Interfa?? customizabil? Suport online ?i email Vitez? destul de bun? 10. Phaseout 5 Este un browser bazat pe Flash si este foarte apeciat pentru skin-urile sale speciale. Specifica?ii: Navigare u?oar? Sandboxing Design futuristic Viteza slab? fa?? de toate celelalte brosere men?ionate Sursa: » Top 10 cele mai bune browsere din 2011 via money.ro
  2. Nytro
    Malware Analyser 3.0 Malware Analyser is freeware tool to perform static and dynamic analysis on malwares. This is a stepping release since for the first time the Dynamic Analysis has been included for file creations ( will be improved for other network/registry indicators sooner) along with process dumping feature. It can be useful for: 1. String based analysis for registry , API calls , IRC Commands , DLL's called and VM Aware. 2. Display detailed headers of PE with all its section details, import and export symbols etc. 3.On Distro , can perform an ascii dump of the PE along with other options ( check --help argument). 4. For windows , it can generate various section of a PE : DOS Header , DOS Stub, PE File Header , Image Optional Header , Section Table , Data Directories , Sections 5. ASCII dump on windows machine. 6. Code Analysis ( disassembling ) 7. Online malware checking ( VirusTotal - Free Online Virus, Malware and URL Scanner ) 8. Check for Packer from the Database. 9. Tracer functionality : Can be used to identify Anti-debugging Calls tricks , File system manipulations Calls, Rootkit Hooks, Keyboard Hooks , DEP Setting Change,Network Identification traces, Privilege escalation traces , Hardware Breakpoint traces 10. Signature Creation: Allows to create signature of malware 11. CRC and Timestamp verification. 12. Entropy based scan to identify malicious sections. 13. Dump a process memory 14. Dynamic Analysis (Still in beginning Stage ) for file creations. Download: https://sourceforge.net/projects/malwareanalyser/files/malware_analyser%203.0.zip/download http://dl.packetstormsecurity.net/forensics/malware_analyser-3.0.zip Sursa: http://www.malwareanalyser.com/home/index.php/2-uncategorised/1-malware-analyser
  3. Nytro
    Linux Hardening & Security (cP/WHM + Apache) ======================================= |-----------:[iNFO]:------------------| |-------------------------------------| | Title: "Linux Hardening & Security" | | Author: Krun!x | QK | | E-Mail: only4lul@gmail.com | | Home: madspot.org | ljuska.org | | Date: 2009-06-20 | ======================================= Content: 1) Intruduction 2) cP/WHM Installation and cP/WHM Configuration 3) The server and it's services | PHP Installation, Optimization & Security 4) Kernel Hardening | Linux Kernel + Grsecurity Patch 5) SSH 6) Firewall | DDoS Protection 7) Mod_Security 8) Anti-Virus - ClamAV 9) Rootkit 10) The Rest of Shits ======================================= |-----------:[INFO]:------------------| |-------------------------------------| | Title: "Linux Hardening & Security" | | Author: Krun!x | QK | | E-Mail: only4lul@gmail.com | | Home: madspot.org | ljuska.org | | Date: 2009-06-20 | ======================================= Content: 1) Intruduction 2) cP/WHM Installation and cP/WHM Configuration 3) The server and it's services | PHP Installation, Optimization & Security 4) Kernel Hardening | Linux Kernel + Grsecurity Patch 5) SSH 6) Firewall | DDoS Protection 7) Mod_Security 8) Anti-Virus - ClamAV 9) Rootkit 10) The Rest of Shits =================== | 1) Intruduction | =================== I wrote a step by step paper how to secure linux server with cP/WHM and Apache installed. By default, linux is not secured enough but you have to understand there is no such thing as "totally secured server/system". The purpose of this paper is to understand how to at least provide some kind of security to the server. I prefer lsws web-server without any Control Panel at all but for this paper I have used CentOS 5 with cP/WHM and Apache web-server installed since a lot of hosting companies and individuals out there are using it. Let's start So, you bought the server with CentOS 5 installed. If you ordered cP/WHM together with the server you can skip 2.1 step ============================================ | 2) cP/WHM installation and configuration | ============================================ 2.1) cP/WHM Installation To begin your installation, use the following commands into SSH: root@server [~]# cd /home root@server [/home]# wget http://layer1.cpanel.net/latest root@server [/home]# ./latest ----------------------------------------------------------------------------------------------------- cd /home - Opens /home directory wget http://layer1.cpanel.net/latest - Fetches the latest installation file from the cPanel servers. ./latest - Opens and runs the installation files. ------------------------------------------------------------------------------------------------------ cP/WHM should be installed now. You should be able to access cP via http://serverip:2082(SSL-2083) or http://serverip/cpanel and WHM via http://serverip:2086(SSL-2087) or http://serverip/whm. Let's configure it now. 2.2) cP/WHM Configuration Login to WHM using root username/passwd http://serverip:2086 or http://serverip/whm WHM - Server setup - Tweak Security: ------------------------------------- Enable open_basedir protection Disable Compilers for all accounts(except root) Enable Shell Bomb/memory Protection Enable cPHulk Brute Force Protection WHM - Account Functions: ------------------------- Disable cPanel Demo Mode Disable shell access for all accounts(except root) WHM - Service Configuration - FTP Configuration: ------------------------------------------------- Disable anonymous FTP access WHM - MySQL: ------------- Set some MySQL password(Don't set the same password like for the root access) -If you didn't set MySQL password someone will be able to login into the DB with username "root" without password and delete/edit/download any db on the server. WHM - Service Configuration - Apache Configuration - PHP and SuExec Configuration -------------------- Enable suEXEC - suEXEC = On When PHP runs as an Apache Module it executes as the user/group of the webserver which is usually "nobody" or "apache". suEXEC changes this so scripts are run as a CGI. Than means scripts are executed as the user that created them. With suEXEC script permissions can't be set to 777(read/write/execute at user/group/world level) =============================================================================== | 3) The server and it's services | PHP Installation, Optimization & Security | =============================================================================== 3.1) Keep all services and scripts up to date and make sure that you running the latest secured version. On CentOS type this into SSH to upgrade/update services on the server. [root@server ~]# yum upgrade or [root@server ~]# yum update 3.2) PHP installation/update, configuration and optimization + Suhosin patch First download what you need, type the following into SSH: root@server [~]# cd /root root@server [~]# wget http://www.php.net/get/php-5.2.9.tar.bz2/from/this/mirror root@server [~]# wget http://download.suhosin.org/suhosin-patch-5.2.8-0.9.6.3.patch.gz root@server [~]# wget http://download.suhosin.org/suhosin-0.9.27.tgz Untar PHP: root@server [~]# tar xvjf php-5.2.9.tar.bz2 Patch the source: root@server [~]# gunzip < suhosin-patch-5.2.8-0.9.6.3.patch.gz | patch -p0 Configure the source. If you want to use the same config as you used for the last php build it's not a problem but you will have to add: enable-suhosin to old config. To get an old config type this into SSH: root@server [~]# php -i | grep ./configure root@server [~]# cd php-5.2.9 root@server [~/php-5.2.9]# ./configure --enable-suhosin + old config(add old config you got from "php -i | grep ./configure" here) root@server [~/php-5.2.9]# make root@server [~/php-5.2.9]# make install Note: If you get an error like make: command not found or patch: Command not found, you will have to install "make" and "patch". It can be done easly. Just type this into SSH: root@server [~]# yum install make root@server [~]# yum install patch Now check is everything as you want. Upload php script like this on the server: <?php phpinfo(); ?> And open it via your browser and you will see your PHP configuration there. 3.3) Suhosin We will install Suhosin now, it's an advanced protection system for PHP. root@server [~]# tar zxvf suhosin-0.9.27.tgz root@server [~]# cd suhosin-0.9.27 root@server [~/suhosin-0.9.27]# phpize root@server [~/suhosin-0.9.27]# ./configure root@server [~/suhosin-0.9.27]# make root@server [~/suhosin-0.9.27]# make install After you installed suhosin you will get something like this: It's installed to /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ Now edit your php.ini. If you don't know where php.ini located is, type this into SSH. root@server [~]# php -i | grep php.ini Configuration File (php.ini) Path => /usr/local/lib Loaded Configuration File => /usr/local/lib/php.ini It means you have to edit /usr/local/lib/php.ini Type into SHH: root@server [~]# nano /usr/local/lib/php.ini If you get an error, nano: Command not found, then: root@server [~]# yum install nano Find "extension_dir =" and add: extension_dir = /usr/local/lib/php/extensions/no-debug-non-zts-20060613/ To save it, CTRL + O and press the enter button on your keyboard. 3.4) Zend Optimizer: Download Zend Optimizer from http://www.zend.com/store/products/zend-optimizer.php root@server [~]# tar -zxvf ZendOptimizer-3.3.3-linux-glibc23-i386.tar.gz root@server [~]# cd ZendOptimizer-3.3.3-linux-glibc23-i386 root@server [~/ZendOptimizer-3.3.3-linux-glibc23-i386]# ./install.sh Welcome to Zend Optimizer installation..... - Press Enter button Zend licence agreement... - Press Enter button Do you accept the terms of this licence... - Yes, press Enter button Location of Zend Optimizer... - /usr/local/Zend, press Enter button Confirm the location of your php.ini file...- /usr/local/lib, press Enter button Are you using Apache web-server.. - Yes, press Enter button Specify the full path to the Apache control utility(apachectl)...-/usr/local/apache/bin/apachectl, press Enter button The installation has completed seccessfully...- Press Enter button Now restart apache, type this into SSH: root@server [~]# service httpd restart 3.5) php.ini & disabled functions Edit php.ini like this: root@server [~]# nano /usr/local/lib/php.ini ------------------------------------------------------------ safe_mode = On expose_php = Off Enable_dl= Off magic_quotes = On register_globals = off display errors = off disable_functions = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg,escapeshellcmd ------------------------------------------------------------- root@server [~]# service httpd restart Or you can edit php.ini via WHM: WHM - Service Configuration - PHP Configuration Editor ========================================================= | 4) Kernel Hardening | Linux Kernel + Grsecurity Patch | ========================================================= Description : grsecurity is an innovative approach to security utilizing a multi-layered detection, prevention, and containment model. It is licensed under the GPL. It offers among many other features: -An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration -Change root (chroot) hardening -/tmp race prevention -Extensive auditing -Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc) -Prevention of arbitrary code execution in the kernel -Randomization of the stack, library, and heap bases -Kernel stack base randomization -Protection against exploitable null-pointer dereference bugs in the kernel -Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs -A restriction that allows a user to only view his/her processes -Security alerts and audits that contain the IP address of the person causing the alert Downloading and patching kernel with grsecurity root@server [~]# cd /root root@server [~]# wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.26.5.tar.gz root@server [~]# wget http://www.grsecurity.com/test/grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# tar xzvf linux-2.6.26.5.tar.gz root@server [~]# patch -p0 < grsecurity-2.1.12-2.6.26.5-200809141715.patch root@server [~]# mv linux-2.6.26.5 linux-2.6.26.5-grsec root@server [~]# ln -s linux-2.6.26.5-grsec/ linux root@server [~/linux]# cd linux root@server [~/linux]# cp /boot/config-`uname -r` .config root@server [~/linux]# make oldconfig Compile the Kernel: root@server [~/linux]# make bzImage root@server [~/linux]# make modules root@server [~/linux]# make modules_install root@server [~/linux]# make install Check your grub loader config, and make sure default is 0 root@server [~/linux]# nano /boot/grub/grub.conf Reboot the server root@server [~/linux]# reboot ========== | 5) SSH | ========== In order to change SSH port and protocol you will have to edit sshd_config root@server [~]# nano /etc/ssh/sshd_config Change Protocol 2,1 to Protocol 2 Change #Port 22 to some other port and uncomment it Like, Port 1337 There is a lot of script kiddiez with brute forcers and they will try to crack our ssh pass because they know username is root, port is 22 But we were smarter, we have changed SSH port Also, their "brute forcing" can increase server load, which means our sites(hosted on that server) will be slower. SSH Legal Message edit /etc/motd, write in motd something like this: "ALERT! That is a secured area. Your IP is logged. Administrator has been notified" When someone logins into SSH he will see that message: ALERT! That is a secured area. Your IP is logged. Administrator has been notified If you want to recieve an email every time when someone logins into SSH as root, edit .bash_profile(It's located in /root directory) and put this at the end of file: echo 'ALERT - Root Shell Access on:' `date` `who` | mail -s "Alert: Root Access from `who | awk '{print $6}'`" mail@something.com And at the end restart SSH, type "service sshd restart" into SSH ================================= | 6) Firewall | DDoS Protection | ================================= 6.1) Firewall, CSF Installation root@server [~]# wget http://www.configserver.com/free/csf.tgz root@server [~]# tar -xzf csf.tgz root@server [~]# cd csf In order to install csf your server needs to have some ipt modules enabled. csftest is a perl script and it comes with csf. You can check those mudules with it. root@server [~/csf]# ./csftest.pl The output should be like this: root@server [~/csf]# ./csftest.pl Testing ip_tables/iptable_filter...OK Testing ipt_LOG...OK Testing ipt_multiport/xt_multiport...OK Testing ipt_REJECT...OK Testing ipt_state/xt_state...OK Testing ipt_limit/xt_limit...OK Testing ipt_recent...OK Testing ipt_owner...OK Testing iptable_nat/ipt_REDIRECT...OK Don't worry if you don't have all those mudules enabled, csf will work if you didn't get any FATAL errors at the end of the output. Now, get to installation root@server [~/csf]# ./install.sh You will have to edit csf.conf file. It's located here: /etc/csf/csf.conf You need to edit it like this: Testing = "0" And you need to configure open ports in csf.conf or you won't be able to access these ports. In most cases it should be configured like this if you are using cP/WHM. If you are running something on some other port you will have to enable it here. If you changed SSH port you will have to add a new port here: # Allow incoming TCP ports TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096" # Allow outgoing TCP ports TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703" 6.2) CSF Connection Limit There is in csf.conf CT option, configure it like this CT_LIMIT = "200" It means every IP with more than 200 connections is going to be blocked. CT_PERMANENT = "1" IP will blocked permanenty CT_BLOCK_TIME = "1800" IP will be blocked 1800 secs(1800 secs = 30 mins) CT_INTERVAL = "60" Set this to the the number of seconds between connection tracking scans. After csf.conf editing you need to restart csf root@server [~# service csf restart 6.3) SYN Cookies Edit the /etc/sysctl.conf file and add the following line in order to enable SYN cookies protection: ----------------------------------- # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 ----------------------------------- root@server [~/]# service network restart 6.4) CSF as security testing tool CSF has an option "Server Security Check". Go to WHM - Plugins - CSF - Test Server Security. You will see additional steps how to secure the server even more. I'm writing only about most important things here and I covered most of them in the paper but if you want you can follow steps provided by CSF to get the server even more secured. 6.5) Mod_Evasive ModEvasive module for apache offers protection against DDoS (denial of service attacks) on your server. To install it login into SSH and type: --------------------------------------------------------------------------------- root@server [~]# cd /root/ root@server [~]# wget http://www.zdziarski.com/projects/mod_evasive/mod_evasive_1.10.1.tar.gz root@server [~]# tar zxf mode_evasive-1.10.1.tar.gz root@server [~]# cd mod_evasive then type... root@server [~/mod_evasive]# /usr/sbin/apxs -cia mod_evasive20.c --------------------------------------------------------------------------------- When mod_evasive is installed, place the following lines in your httpd.conf (/etc/httpd/conf/httpd.conf) -------------------------------- <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 </IfModule> -------------------------------- 6.6) Random things: csf -d IP - Block an IP with CSF csf -dr IP - Unblock an IP with CSF csf -s - Start firewall rules csf -f - Flush/stop firewall rules csf -r - Restart firewall rules csf -x - Disable CSF csf -e - Enable CSF csf -c - Check for updates csf -h - Show help screen -Block an IP via iptables iptables -A INPUT -s IP -j DROP -Unblock an IP via iptables iptables -A INPUT -s IP -j ACCEPT -See how many IP addresses are connected to the server and how many connections has each of them. netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n =================== | 7) Mod_Security | =================== Mod_Security is a web application firewall and he can help us to secure our sites against RFI, LFI, XSS, SQL Injection etc If you use cP/WHM you can easly enable Mod_security in WHM - Plugins - Enable Mod_Security and save Now I will explain how to install Mod_security from source. You can't install Mod_Security if you don't have libxml2 and http-devel libraries. Also, you need to enable mod_unique_id in apache modules, but don't worry, I will explain how to do it Login into SSH and type... root@server [~]# yum install libxml2 libxml2-devel httpd-devel libxml2 libxml2-devel httpd-devel should be installed now then you need to edit httpd.conf file, you can find it here: root@server [~]# nano /etc/httpd/conf/httpd.conf You need to add this in your httpd.conf file LoadModule unique_id_module modules/mod_unique_id.so Now download the latest version of mod_security for apache2 from http://www.modsecurity.org login into SSH and type... root@server [~]# cd /root/ root@server [~]# wget http://www.modsecurity.org/download/modsecurity-apache_2.5.6.tar.gz root@server [~]# tar zxf modsecurity-apache_2.5.6.tar.gz root@server [~]# cd modsecurity-apache_2.5.6 root@server [~/modsecurity-apache_2.5.6]# cd apache2 then type: root@server [~/modsecurity-apache_2.5.6/apache2]# ./configure root@server [~/modsecurity-apache_2.5.6/apache2]# make root@server [~/modsecurity-apache_2.5.6/apache2]# make install Go at the end of httpd.conf and place an include for our config/rules file... Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- # /etc/httpd/conf/httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadFile /usr/lib/libxml2.so LoadModule security2_module modules/mod_security2.so Include /etc/httpd/conf/modsecurity.conf --------------------------------------------------------- You need to find a good rules for Mod_Security. You can find them at official Mod_Security site. Also, give a try to gotroot.com rules. When you find a good rules, just put them in /etc/httpd/conf/modsecurity.conf And restart httpd at the end, type "service httpd restart" into SSH. ========================== | 8) Anti-Virus - ClamAV | ========================== You need AV protection to protect the server against worms and trojans invading your mailbox and files! Just install clamav (a free open source antivirus software for linux). More information can be found on clamav. website - http://www.clamav.net In order to install CLamAV login into SSH and type root@server [~]# yum install clamav Once you have installed clamav for your CentOS, here are some basic commands you will need: Update the antivirus database root@server [~]# freshclam Run antivirus root@server [~]# clamscan -r /home Running as Cron Daily Job To run antivirus as a cron job (automatically scan daily) just run crontab -e from your command line. Then add the following line and save the file. @daily root clamscan -R /home It means clamav will be scanning /home directory every day. You can change the folder to whatever you want to scan. ============== | 9) Rootkit | ============== Rootkit scanner is scanning tool to ensure you for about 99.9%* you're clean of nasty tools. This tool scans for rootkits, backdoors and local exploits by running tests like: -MD5 hash compare -Look for default files used by rootkits -Wrong file permissions for binaries -Look for suspected strings in LKM and KLD modules -Look for hidden files -Optional scan within plaintext and binary files Instalation: Login into SSH and type root@server [~]# cd /root/ root@server [~]# wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz root@server [~]# tar -zxvf rkhunter-1.2.7.tar.gz root@server [~]# cd rkhunter root@server [~rkhunter]# ./installer.sh Scan the server with rkhunter root@server [~]# rkhunter -c ========================= | 10) The Rest of Shits | ========================= 10.1) Random suggestions If you use bind DNS server then we need to edit named.conf file named.conf is located here: /etc/named.conf and add recursion no; under Options ---------------------------- Options{ recursion no; ---------------------------- Now restart bind, type into SSH root@server [~]# service named restart This will prevent lookups from dnstools.com and similar services and reduce server load In order to prevent IP spoofing, you need to edit host.conf file like this: This file is located here: /etc/host.conf Add that in host.conf ------------------ order bind,hosts nospoof on ------------------ Hide the Apache version number: edit httpd.conf (/etc/httpd/conf/httpd.conf) ----------------------- ServerSignature Off ----------------------- 10.2) Passwords Don't use the same password you are using for the server on some other places. When the Datacenter contacts you via e-mail or phone, always request more informations. Remember, someone alse could contact you to get some information or even root passwords. 10.3) Random thoughts No matter what you need to secure the server, don't think you are safe only because you are not personally involved in any shits with "hackers". When you are hosting hacking/warez related sites you are the target. There is no such thing as totally secured server. Most important things are backups, make sure you will always have an "up-to-date" offsite backups ^^ Anyhow, this is the end of my paper, I hope it will help you to get some kind of security to your server. -Krun!x
  4. Nytro
    phpDesigner 7 phpDesigner 7 is an all-in-one solution for your web-development. It is a rapid fast full-featured PHP editor and PHP IDE with built-in HTML-, CSS- and JavaScript editors and FTP! ~Create, edit, debug, analyze and publish PHP, HTML, CSS and JavaScript ~Speed up your coding with tons of time-saving features ~Support all PHP frameworks e.g. Zend, CodeIgniter, Yii, Symfony and Prado ~JavaScript frameworks jQuery, Ext JS, YUI, Dojo, MooTools and Prototype Perfect for professional developers, novices and anyone, who wants to code great websites and improve their coding skills. Download: http://www.mpsoftware.dk/downloads.php Informatii: http://www.mpsoftware.dk/phpdesigner.php
  5. Nytro
    Pe de-o parte e bine, ca vezi reclame care iti arata ceva util, ce ti-ar putea fi de folos, pe de alta parte ar trebui sa ai o oarecare intimitate...
  6. Nytro

    Google Blind SQLI

    Nytro replied to mah_one's topic in Off-topic

    Stiu si eu unul, dar nu am reusit sa il exploatez, e ciudat de tot, nici nu cred ca poate fi exploatat. Nu e gasit de mine, e gasit de... altcineva. Dar nu am reusit nimic, e posibil sa nu se poata nimic. Gaseste versiunea bazei de date macar, si probabil vei primi ceva. Asta daca reusesti sa o gasesti. Cu Havij sau alte programele nu ai nici cea mea mica sansa.
  7. Nytro
    Major New DNS Vulnerability Discovered Posted by Mathew J. Schwartz, InformationWeek February 25, 2011 The Internet Systems Consortium has issued a warning that certain versions of BIND are vulnerable to a denial of service attack. BIND is the most widely used domain name system protocol implementation. The latest version of BIND, 9.7.3, is not affected, but versions 9.7.1 through 9.7.2-P3 are vulnerable. Attackers could exploit the vulnerability to create a denial of service attack because of the way that BIND handles incremental zone transfers (IXFR), which is a technique for transferring data on top of the Transmission Control Protocol (TCP). "When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time during which the IXFR/update--coupled with a query--may cause a deadlock to occur," according to the ISC's security advisory issued on Tuesday. "This deadlock will cause the server to stop processing all requests. A high query rate and/or a high update rate will increase the probability of this condition." According to the ISC, this severe vulnerability can be remotely exploited, although no related attacks have been seen in the wild. DNS is the technique used to resolve domain names into IP addresses. Accordingly, security experts are urging any organizations running a vulnerable version of BIND to upgrade immediately. "IXFRs between authoritative name servers are a vital part of keeping DNS both alive and correct," said Paul Ducklin head of technology for antivirus firm Sophos in the Asia-Pacific region, in a blog post. With 300,000 new computers being connected to the Internet every day, as well as the role of DNS in supporting cloud computing, its importance continues to increase. "DNS servers are at the heart of many cloud-style security services, providing the mechanism by which up-to-date blocklist data is published," said Ducklin. He also noted that Apple OS X includes a copy of BIND, though most people don't run it. Even if they do, however, the latest Mac operating system, OS X 10.6.6, includes the older BIND 9.6, which is not vulnerable to the above exploit. "Sometimes, being behind the curve is a good thing," he said. Sursa: Major New DNS Vulnerability Discovered - Network Computing
  8. Nytro
    How to be a Programmer: A Short, Comprehensive, and Personal Summary Robert L Read Table of Contents 1. Introduction 2. Beginner Personal Skills Learn to Debug How to Debug by Splitting the Problem Space How to Remove an Error How to Debug Using a Log How to Understand Performance Problems How to Fix Performance Problems How to Optimize Loops How to Deal with I/O Expense How to Manage Memory How to Deal with Intermittent Bugs How to Learn Design Skills How to Conduct Experiments Team Skills Why Estimation is Important How to Estimate Programming Time How to Find Out Information How to Utilize People as Information Sources How to Document Wisely How to Work with Poor Code How to Use Source Code Control How to Unit Test Take Breaks when Stumped How to Recognize When to Go Home How to Deal with Difficult People 3. Intermediate Personal Skills How to Stay Motivated How to be Widely Trusted How to Tradeoff Time vs. Space How to Stress Test How to Balance Brevity and Abstraction How to Learn New Skills Learn to Type How to Do Integration Testing Communication Languages Heavy Tools How to analyze data Team Skills How to Manage Development Time How to Manage Third-Party Software Risks How to Manage Consultants How to Communicate the Right Amount How to Disagree Honestly and Get Away with It Judgement How to Tradeoff Quality Against Development Time How to Manage Software System Dependence How to Decide if Software is Too Immature How to Make a Buy vs. Build Decision How to Grow Professionally How to Evaluate Interviewees How to Know When to Apply Fancy Computer Science How to Talk to Non-Engineers 4. Advanced Technological Judgment How to Tell the Hard From the Impossible How to Utilize Embedded Languages Choosing Languages Compromising Wisely How to Fight Schedule Pressure How to Understand the User How to Get a Promotion Serving Your Team How to Develop Talent How to Choose What to Work On How to Get the Most From Your Teammates How to Divide Problems Up How to Handle Boring Tasks How to Gather Support for a Project How to Grow a System How to Communicate Well How to Tell People Things They Don't Want to Hear How to Deal with Managerial Myths How to Deal with Organizational Chaos Glossary A. B. History (As Of February, 2003) C. GNU Free Documentation License PREAMBLE APPLICABILITY AND DEFINITIONS VERBATIM COPYING COPYING IN QUANTITY MODIFICATIONS COMBINING DOCUMENTS COLLECTIONS OF DOCUMENTS AGGREGATION WITH INDEPENDENT WORKS TRANSLATION TERMINATION FUTURE REVISIONS OF THIS LICENSE ADDENDUM: How to use this License for your documents Legatura: http://samizdat.mines.edu/howto/HowToBeAProgrammer.html
      • 1
      • Downvote
  9. Nytro
    Google Chrome 11 va avea recunoastere vocala de Cristina Enescu | 28 aprilie 2011 Google si-a propus ca facilitatile precum recunoasterea vocala si functionalitatile text-to-speech sa nu mai fie limitate decat la dispozitivele mobile. Se pare ca ultima versiune beta a browser-ului Chrome va avea suport pentru API-ul HTML5 speech input, care le va permite dezvoltatorilor sa scrie aplicatii de recunoastere vocala pentru Chrome in standardul HTML5. Aceasta functionalitate le va oferi utilizatorilor posibilitatea de a adauga text pe un site fara a fi nevoiti sa foloseasca tastatura. Sunetele inregistrate sunt trimise catre serverele speciale Google pentru transcriere. Viteza de recunoastere este destul de mare, asemanatoare celei de pe Google Voice Android. Sursa: Google Chrome 11 va avea recunoastere vocala | Hit.ro
  10. Nytro
    Cam asa ceva? http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+^mysql_query.*\.\%24_GET\.*&sbtn=Search Mai bine asa, sa nu inceapa randu cu mysql_query: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.\%24_GET\.*&sbtn=Search Si cu spatii, poate ceva de forma: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_GET[[%3Aspace%3A]]*\.*&sbtn=Search Daca mai punem POST si COOKIE: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\.[[%3Aspace%3A]]*\%24_%28GET|POST|COOKIE%29[[%3Aspace%3A]]*\.*&sbtn=Search Pentru $_GET intre ghilimele, dar da multe alte rezultate: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query\%28\%22.*\%24_GET.*\%22\%29&sbtn=Search LFI sau RFI simplu: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28include|require%29.*\%24_GET.*&sbtn=Search RCE: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+%28eval|exec|system|passthru|shell_exec%29\%28.*\%24_GET.*\%29&sbtn=Search Conexiune mysql, cu mici filtre: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_connect\%28\%22[^%28127\.0\.0\.1%29%28localhost%29%28\%24%29].*&sbtn=Search Veniti si voi cu idei...
  11. Nytro
    Tehnologia iti poate distruge viata? de Andrei Ciltaru | 28 aprilie 2011 Socializam pe Facebook, vorbim cu orele la telefon sau, atunci cand nu vorbim, trimitem mesaje de la volanul masinii noastre electrice. Cat de rea poate sa fie tehnologia? Destul de rea, spun cei de la Business Insider, care au alcatuit o lista cu modalitatile in care tehnologia iti poate distruge viata. Mesajele soferilor Din 2001 si pana in 2006, s-au inregistrat 16.000 de victime din cauza tendintei celor aflati la volan de a trimite mesaje, numai in SUA. Nici pietonii nu sunt feriti de aceasta "boala". La spitalele din America au ajuns peste 1.000 de pacienti, ca urmare a lipsei de atentie. "Relationship status: divorced" Comentariile si like-urile de pe Facebook pot naste gelozii atat de puternice, incat sa distruga o casnicie. In final, divortul poate conduce la depresie si, de aici, pot lua nastere alte gesturi necugetate. Tehnologia ne ia din orele de somn Fie ca stam toata noaptea sa jucam ultimul Call of Duty sau sa ne uitam la serialul preferat, orele de somn "mancate" de tehnologie se resimt, pe termen lung. Astea deoarece, potrivit unui studiu facut de cercetatorii americani, lipsa somnului reduce perioada de viata. Pericolul motorului electric Masinile electrice sunt silentioase, motiv pentru care pot deveni un pericol pentru orbi. Lucru stiut foarte bine de producatorii auto, care se gandesc sa adauge un zgomot in exteriorul masinii, pentru a alerta posibilii pietoni ce se bazeaza pe auz. Sursa: Tehnologia iti poate distruge viata? | Hit.ro
  12. Nytro
    Google recunoaste ca inregistreaza deplasarile utilizatorilor Android de Silviu Anton | 28 aprilie 2011 La numai cateva zile dupa ce specialistii in securitate au descoperit ca Apple inregistreaza deplasarile utilzatorilor de iPhone-uri si iPad-uri printr-un fisier de tracking, Google a recunoscut ca foloseste aceleasi practici. Intr-o strategie de genul "mai bine sa previi decat sa combati" sau "mai bine sa le spunem noi inainte sa afle ei", un purtator de cuvant al companiei a declarat ca datele sunt colectate intr-un fisier anonim, alaturi de un numar de identificare, care ajuta la furnizarea informatiilor targhetate pentru mapping si servicii locale. Google sustine ca informatia nu poate fi urmarita astfel incat sa conduca la identificarea unui individ dupa nume, iar datele inregistrate sunt sterse de fiecare data cand telefonul este resetat. Reprezentantul companiei a numit acest “feature”, o optiune a sistemului, desi daca instalezi orice fel de mapping sau aplicatii de cautare, inregistrarea deplasarilor porneste automat. Credeti ca tehnicile parcticate de Apple si Google reprezinta o amenintare la intimitatea si confidentialitatea datelor nostre? Sau reprezinta doar unul dintre compromisurile pe care oamenii ar trebui sa le faca intr-o era in care cu totii vrem acces constant la informatie? Sau poate ar trebui sa ne intoarcem cu totii la asa-numitele dumbphones? Sursa: Google recunoaste ca inregistreaza deplasarile utilizatorilor Android | Hit.ro
  13. Nytro
    Da, nu m-as fi gandit la asa ceva. Ceva banal: http://www.google.com/codesearch?hl=en&lr=&q=lang%3Aphp+mysql_query.*\%24_GET&sbtn=Search
  14. Nytro
    Block Autorun Malware with BitDefender USB Immunizer 27 April 2011 A low-footprint tool to protect both your USB stick and your computer For years, Autorun-based malware has been atop of the worldwide e-threat landscape, with notorious representatives such as Trojan.AutorunInf, the Conficker worm (Win32.Worm.Downadup), Worm.Autorun.VHD or the fearsome Stuxnet. The Autorun feature dates back in the Windows® XP® era, when it was first introduced to facilitate software installations from CD-ROM media for non-technical computer users. This feature has quickly become the cyber-criminals’ tool of choice to automatically execute malware located on infected USB drives. The USB Immunizer – You’re just two clicks away from full protection against Autorun-based e-threats Since early 2009, malware exploiting the Autorun technology in order to subsequently infect other computers via flash disks has significantly increased. Trojan.AutorunINF has been world’s number one e-threat since the second half of 2009, while the other two representatives of the Autorun family – Worm.Autorun.VHG and Trojan.Autorun.AET are constantly present in the global Top 10 malware tops. The evolution of autorun-based malware displayed in percentage points of infection The BitDefender USB immunizer is our response to this growing issue. Divided in two sections, this small utility is able to protect both your storage device and your computer. The Immunize option allows you to immunize your USB storage device or SD card against infections with autorun-based malware. Even if your storage device has been plugged into an infected computer, the piece of malware will be unable to create its autorun.inf file, thus annihilating any chance of auto-launching itself. The Immunize Computer slider allows you to toggle the Autorun feature On or Off for any removable media (except for CD/DVD-ROM devices). If you frequently read and write data from USB sticks or SD cards which do not belong to you or which haven’t been immunized yet, disabling the Autorun option may save you the unpleasant surprise of getting your computer infected without warning. The BitDefender USB Immunizer is available for free on the product’s page located at the BitDefender Labs. Sursa: Block Autorun Malware with BitDefender USB Immunizer - MalwareCity : Computer Security Blog
  15. Nytro
    Un nou telefon de la HTC: Doubleshot, cu Android Gingerbread si tastatura QWERTY de Cristina Enescu | 27 aprilie 2011 Numele HTC Doubleshot a ajuns pe taramul zvonurilor in urma cu cateva zile, cand un angajat HTC a upload o poza pe site-ul de foto-sharing Picassa. Speculatiile care sustin existenta noului telefon HTC au fost generate de informatiile din EXIF-ul imaginii postate. Potrivit acestor date, HTC are in lucru un telefon cu tastatura QWERTY, care ruleaza pe Android 2.3 Gingerbread. Cel mai probabil HTC Doubleshot va avea un procesor dual-core de 1.2GHz si un ecran mare, cel mai probabil de 4 inci, cu rezolutie de 480x800. Alte specificatii includ conectivitatea 802.11 b/g/n si Bluetooth 3.0. Nu se cunoasc alte informatii, desi unele surse sustin ca numele Doubleshot se refera la camerele duale, al caror scop este inregistrarea imaginilor 3D stereoscopice. Au fost descoperite de asemenea indicii ale unei camere de 6MP cu abilitati HDR. Din pacate nu exista imagini disponinile cu dispozitivul, dar cel mai probabil va avea avea un design asemanator cu Desire Z.
  16. Nytro
    Spotlight on Linux: Toorox Apr 26, 2011 By Susan Linton Toorox is a Gentoo-based installable live CD that features your choice of KDE or GNOME desktops. It comes with lots of useful applications including system configuration tools, easy package management, and proprietary code installers. Toorox is sometimes compared to another Gentoo-based distribution, Sabayon. This comparison may be legitimate on the surface, but differences emerge when looking deeper. Sabayon is indeed based on Gentoo as Toorox, but Sabayon is primarily a binary distribution. Package installation almost always involves installing binary Sabayon packages. While this is convenient and often preferred, Toorox compiles and install software from Gentoo sources. Toorox begins life on your computer as a binary installation with all its advantages, such as fast, easy, and ready at boot, but subsequent package installation compiles source packages. So Toorox is perfect for users that would like a source-based distribution, but don't want the initial time and effort investment. Either over time or with a all-at-once effort, one can fairly easily transform Toorox to a full source install. Toorox lists some of their software in an introduction that appears when the desktop starts. These include: - Kernel 2.6.37-gentoo - KDE 4.6.0 - Xorg-Server 1.9.4 - LibreOffice 3.3.1 - IceCat 3.6.13 - Thunderbird 3.1.7 - K3b 2.0.2 - Gimp 2.6.11 - Wine 1.3.14 - VLC 1.1.7 - Amarok 2.4.0 - Audacious 2.4.3 - Ardour 2.8.7 - Kino 1.3.3 - Cinelerra 20101104 Toorox includes two graphical Portage front-ends: Potato and Porthole. Of course, users can use Portage at the commandline just as in Gentoo. In any case, there's plenty of software available to install. In addition, users may wish to install NVIDIA or ATI proprietary drivers. In the Systemconfig are the utilities that will install those. Users may also install Flash and multimedia libraries with the provided scripts. Like other Gentoo-based systems, Toorox suffered through growing pains and initial failings. But also like Sabayon, it's shown great improvement over the years and now gives users a stable and enjoyable experience. The hard drive install is a simple procedure, asking only a few questions. It does offer one bootloader option rarely seen. It offers the usual choices of installing on the MBR or root partition, but it also allows users to add Toorox to an existing bootloader list. To use that option, one merely ticks the partition that contains the bootloader menu. Toorox routinely comes in KDE and GNOME versions for 32-bit or 64-bit systems. The basic look and feel have been updated a bit in the newest releases, but overall it still retains the Toorox personality. This is usually formed from a black to white gradient background embossed with the Toorox logo with dark panels and desktop widgets. The latest wallpaper feature a multicolor design surrounding the Toorox logo and the machine architecture. Stable version 2.2011 was released February 27 and developmental release 3.2011 was released March 30. Toorox is a great choice for those who wish a bit more control over their machine or would like an introduction to Gentoo with a little less pain. Some may say Toorox isn't ideal for new users, but that depends on the user really. In between the vast work of Gentoo and the ease of Sabayon comes Toorox. Give it a try. Sursa: Spotlight on Linux: Toorox | Linux Journal
  17. Nytro
    Fa asa, probabil nu te lasa sa folosesti acele caractere la numele de fisiere: Open "F:\" & Day(Now()) & "-" & Month(Now()) & "-" & Year(Now()) & ".txt" For Append As #1 Print #1, "Test" Close #1 Si ai si functiile Hour, Minute si Secunde, formatezi tu cum vrei.
  18. Nytro
    Open "D:\" & Now() & ".txt" For Append As #1 ?
  19. Nytro
    Da, dar daca iese ceva frumos si elegant, il potin vinde si castigi ceva bani. Poti pune o optiune de editare headere HTTP, daca ar fi si multithreading ar fi perfect... Si inveti multe lucruri noi cand lucrezi la un proiect mai complex.
  20. Nytro
    Hmm, deci poate detecta si posibile Blind SQL Injection? Ai putea sa folosesti mai multi "vectori", sa incerci mai multe lucruri pe acelasi link. Poti sa sniffezi Acunetixu sa vezi ce metode foloseste el si sa te inspiri.
  21. Nytro
    Da, m-am gandit ca se poate face asta. Dar mi se pare dedicat acelor script-kiddie care vor sa gaseasca vulnerabilitati intr-un site si nu conteaza ce site, doar sa fie un site, sa aiba cu ce sa se laude. Nu arata rau, probabil e error-based. Si felicitari daca e facut de tine.
  22. Nytro
    Da, interesant, dar ideea de baza e stupida. Eu vreau sa gasesc SQL Injection in site-ul "x", cu ce ma incanta sa gasesc vulnerabil site-ul lui Vasile, folosind un dork?
  23. Nytro
    Nu m-am uitat la emisiunea asta cacacioasa, dar am vazut cateva videoclipuri pe youtube, si asta chiar nu merita.
  24. Nytro
    Open "D:\Fisier.txt" For Append As #1 Print #1, Text1.Text Close #1
  25. Nytro

    hello

    Nytro replied to _Nephthys_'s topic in Bine ai venit

    Mi-a dat o poza cu ea, e draguta.
×
×
  • Create New...