Zivo NiX BLog

We did it, I kept the Untangle logo but add our own logo next to it.

Hold down control and shift and click on the “setup info” tab under config.

This brings up the “secret” panel for rebranding - you can insert your own logo which will replace the logo on the block pages, quarantine, client, etc.
You can also supply a new name, email, etc.

ethernet eth0 {
disable: false
discard: false
description: "Config Interface"
hw-id: 00:0C:6E:8E:00:00
duplex: "auto"
speed: "auto"
address 192.168.1.1 {
prefix-length: 24
disable: false
}
}
ethernet eth1 {
disable: false
discard: false
description: ""
hw-id: 00:00:E8:70:00:00
duplex: "auto"
speed: "auto"
bridge-group {
bridge: "br0"
}
}
ethernet eth2 {
disable: false
discard: false
description: ""
hw-id: 00:E0:7D:EA:00:00
duplex: "auto"
speed: "auto"
bridge-group {
bridge: "br0"
}
}

The bridge interface is:
bridge br0 {
description: "Bridge"
disable: false
aging: 300
stp: false
priority: 0
forwarding-delay: 15
hello-time: 2
max-age: 20
}

nmap -T Aggressive -A -v

vim sendmail.cf

Cambiar lo siguiente:

# SMTP initial login message (old $e macro)
#O SmtpGreetingMessage=$j Sendmail $v/$Z; $b
O SmtpGreetingMessage=$j Sendmail ; $b

http://nixcraft.com/server-configuration-tutorials/746-apache-php-web-server-security-hiding-version-information.html

How do I Hide Apache Version info?
Open httpd.conf file (located in /etc/httpd/ directory /etc/apache2/ )

Code:

vi httpd.conf

Set Apache ServerTokens to product only but don’t show version and other info:

Code:

ServerTokens Prod

This directive controls whether Server response header field which is sent back to clients includes a description of the generic OS-type of the server as well as information about compiled-in modules.

Setting this to Prod only displays Apache and nothing else.

Set Apache ServerSignature off

Code:

ServerSignature Off

The ServerSignature directive allows the configuration of a trailing footer line under server-generated documents.

How do I hide php info?
Open php.ini (located in /etc/php.ini or /etc/php5 or /etc/php4 directory)

Code:

vi php.ini

Make sure php does not display errors and other php information. Modify add setting as follows:

Code:

expose_php = Off

display_errors=Off

register_globals = Off

Also send all errors to /var/log/php-scripts-error.log and not on screen to end user. It can provide serious information to user.
error_log = /var/log/httpd/php-scripts-error.log

Restart Apache.

Code:

/etc/init.d/httpd restart

Now all php script errors are written to /var/log/httpd/php-scripts-error.log. Ask your website developers to use following commands to view log files

Code:

tail -f /var/log/httpd/php-scripts-error.log

vi /var/log/httpd/php-scripts-error.log.

For more info please read Apache 2 docs http://httpd.apache.org/docs/2.2/mod/core.html

locally checks for signs of a rootkit:
CHKROOTKIT
http://www.chkrootkit.org/download/

5. Installation
 —————
 To compile the C programs type:

 # make sense

 After that it is ready to use and you can simply type:

 # ./chkrootkit

If you have unchecked Allow people to post comments on the article on the Options > Discussion panel, then you have only disabled comments on future posts. To completely disable comments, you will have to edit each past post and uncheck Allow Comments from the Write Post SubPanel. Alternatively, you could delete the wp-comments-post.php file, or run this MySQL query, from the command line on a shell account, or using phpMyAdmin: UPDATE wp_posts SET comment_status=”closed”;

Tags: wordpress

http://tty64.org/code/

Re: IMPORTANT More UpLoad hacks
Click to flag this post 3 stars [3 stars] [3 stars]

by Harold Hallikainen Apr 12, 2007; 12:31pm :: Rate this Message: - Use ratings to moderate (?)

Reply | Reply to Author | View Threaded | Show Only this Message

> 2007/4/12, Harold Hallikainen :
>> > 2007/4/12, Sabri LABBENE :
>> >> Reini Urban wrote:
>> >> >Via the Phpwiki 1.3.x UpLoad feature some hackers from russia upload
>> a
>> >> >php3 or php4 file,
>> >> >install a backdoor at port 8081 and have access to your whole
>> >> >disc and overtake the server.
>> >> >
>> >> >See http://ccteam.ru/releases/c99shell
>> >>
>> >> I think that the URL is wrong.
>> >
>> > This url obviously worked in 2006. Now it is gone.
>> >
>> > I submitted a critical security alert to CERT and it will be in the
>> > cve reports of mitre.org
>> > also then (hopefully).
>>
>> As the one who was attacked, I can give you the IP addresses of the
>> attackers. Second, instead of disallowed extensions, I think it would be
>> much safet to have a list of ALLOWED extensions. I see this as a todo in
>> the upload plugin.
>
> Hm, I will think about it. Other opinions?
>
>> I have set my upload directory as read only and require users to now
>> email
>> me stuff to post.
>>
>> As to how much was visible to the hackers (and I have the code for their
>> script), it SEEMS that it would only be what user apache could see,
>> which
>> would be stuff it owns and stuff that is world readable. Is that
>> correct?
>
> Well not really. The c99shell script tries in various ways to get more
> access.
> At first it compiles and installs a backdoor at port 8081 and then
> with shell access it’s normally quite easy for an experienced hacker
> to get root.
>
> –
> Reini Urban

THANKS for the support on this issue! I did an updatedb, then did locate
c99. The only stuff that comes up is this:

/usr/include/boost/numeric/interval/detail/c99sub_rounding_control.hpp
/usr/include/boost/numeric/interval/detail/c99_rounding_control.hpp
/usr/share/man/man1p/c99.1p.gz
/usr/bin/c99

In addition, port 8081 is blocked at the router (for incoming requests).
So, I’m hoping I’m ok!

Nabble - IMPORTANT More UpLoad hacks.