Creating a Simple Iptables Blacklist

Anyone that had ownership of  a server for any length of time quickly learns that the Internet is full of spammers, bots and other characters you would prefer didn’t exist. A firewall is key to keeping these guys at bay and Linux comes with a Kernel level firewall called iptables that can be employed for this purpose. The only downside of iptables is that people who don’t deal with it on a regular basis tend to find its syntax a little bit daunting. In this post I am going to run you through the process of setting up a basic firewall IP blacklist. Using a bash script to read list of blacklisted IP addresses and feeding these to iptables so they can no longer access your server. Creating the Script First up create decide where you would like the script to live. for this example I am just going to put it in /root/scripts. i.e mkdir /root/scripts nano firewall.sh […]

By |June 16th, 2014|Linux, Security, Uncategorized|0 Comments

Creating a Tor Relay on Debian

The TOR project has proven itself an indispensable tool in the fight to protect the anonymity of people on-line. The project needs servers to route traffic through for the project to achieve its goals though. So contributors are needed to donate relays nodes ensuring a free Internet for all. In this post I am going to run you though the process of installing TOR and configuring a relay service for use by the network on a Debian system. Installing & Configuring Tor First up login to your machine via a terminal, update the package library and install the Tor server: apt-get update apt-get install tor Then change into the Tor config directory cd /etc/tor […]

By |June 12th, 2014|Linux, Security|0 Comments

PHP FPM Errors After Upgrade

Recently I noticed a few of my servers had stopped serving my sites, with  502 errors being to visitors. I took a look at my site logs and noticed that they were full of the “Permission Denied” errors below: 2014/06/09 09:45:17 [crit] 11453#0: *22 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream A little more investigation and I found that a privilege escalation issue in the PHP default fpm configuration had been found. This had consequently been fixed in the latest releases. But unless a systems administrator is paying attention and knows that changes to the config are required, upgrading the PHP instance leads to a broken web server. […]

By |June 10th, 2014|PHP, Security, Sysadmin|0 Comments

Tunnelling data over SSH with Putty

An SSH tunnel is used to route unencrypted traffic through an encrypted SSH channel. Its comes in handy for routing traffic over untrusted or hostile networks as the data is encrypted to maintain privacy and prevent eavesdropping. It is also very handy in for bypassing firewall restrictions on networks where the usage of certain services [...]

By |December 16th, 2013|Security, Uncategorized|0 Comments

Nginx: Locking Down The WordPress Backend By IP Address

I recently looked at the server logs for a new site that had just launched and noticed alot of hits by random IP addresses being made to the WordPress login script. Similar to the excerpt below: – – [10/Jun/2013:07:33:26 -0400] “POST /wp-login.php HTTP/1.1” 200 4807 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” – – [10/Jun/2013:07:36:29 -0400] “POST /wp-login.php HTTP/1.0” 200 4749 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” – – [10/Jun/2013:07:43:00 -0400] “POST /wp-login.php HTTP/1.0” 200 4749 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” – – [10/Jun/2013:07:47:18 -0400] “POST /wp-login.php HTTP/1.0” 200 4749 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” – – [10/Jun/2013:08:06:45 -0400] “POST /wp-login.php HTTP/1.0” 200 4749 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” – – [10/Jun/2013:08:10:43 -0400] “POST /wp-login.php HTTP/1.0” 200 4749 “drinknycity.com/wp-login.php” “Mozilla/5.0 (Windows NT 6.1; rv:19.0) Gecko/20100101 Firefox/19.0” Without installing a dedicated plugin to log more details about the requests on the page. At a glance, it appears that automated bots are trying to brute force access to the WordPress backend of the site. If you are like me you most likely only need to access the back end of your WordPress sites from a couple of networks. So I am going to run through the process of locking down access by IP address to wp-login.php under nginx. […]

By |June 11th, 2013|Linux, Security, Wordpress|0 Comments

Filling device storage with HTML5 localstorage

A while back I wrote about using HTML5 local storage engine for storing websites data locally on a client device for caching or off line use. The W3 recommendation on web storage recommends a size limit on the amount of data storage allowed per origin. This has currently been implemented by the major browsers as follows: 2.5 MB per origin in Google Chrome 5 MB per origin in Mozilla Firefox, Safari and Opera 10 MB per origin in Internet Explorer […]

By |March 1st, 2013|HTML5, Security|0 Comments

Ruxmon Is Coming To Sydney

Next Friday will see Sydney hold its very first Ruxmon meetup and by the look of the presentations its not going to be one to be missed. Presentations Proprietary Protocols RCE : Research leads - Jonathan Brossard This presentation will discuss the following techniques for protocol analysis: Automated TCP replay (as in "proper valid tcp [...]

By |June 23rd, 2011|Security|0 Comments