Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: webalizer hasn't created logs in almost a year!

  1. #21
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: webalizer hasn't created logs in almost a year!

    Only you can determine how "risky" what you are doing is. I am NOT a php programmer and reviewing code is not something I'd do for free even if it were in a language I know.

    Running an nmap from inside the network might not be returning the truth. There are external services that will perform the scan for you. GRC has a free one. A small restaurant with open wifi might work too. Larger chain stores will filter connections, so those can't be used.

    If you didn't open the ports on the router, how do you suppose they were opened? Things may be much worse than has been discovered so far.

    Could an open relay for email and web traffic have been running?

    There is NO WAY that I'd have telnet, pop3 or an http-proxy (if that is really what it is) running on my network connection. These names don't necessarily mean anything, but could be true. If I had hacked your box, I'd use a reverse ssh connection on a non-standard port to remain in contact. The binary would be renamed to something recognized as normal, something expected.

    Uh... some of those security cameras are extremely hackable. Saw a presentation on that last fall. Using google, it is possible to find them on the internet and "watch." Nanny-cams get lots of hits.

    I'm dropping from this thread with one more thought. To learn how to secure your systems, the best way that I know is by learning to hack them. There are Defcon groups around the world. In the USA, they are usually found using the areacode after DC - DC202, DC303, DC404, DC402 ... you get the idea - google. The OWASP guys are good too. IronGeek posts videos of presentations about hacking things from many cons. Watching how they hack is eye opening, normal people have absolutely no idea how wild the internet really is. These are primarily IT security professionals - people paid by large organizations to break into their networks, but anyone can view and attend these conferences. The lock picking 101 classes are usually full.

    Good luck with your systems.

  2. #22
    Join Date
    Sep 2006
    Beans
    7,975
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: webalizer hasn't created logs in almost a year!

    PHP is almost *that* bad, I used to use it and was always having to work around problems. Where you can start is to make sure that no variables *ever* take data or input from outside the program and then pass it on unmodified to the system. Despite being in Wikipedia, here is a good example of what to avoid: http://en.wikipedia.org/wiki/Taint_checking#Example

    Some terms to look up are data validation and taint checking.
    The Truth Shall Make Ye Fret.

  3. #23
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: webalizer hasn't created logs in almost a year!

    Current warning from Brian Krebs about Wordpress ping-backs.
    https://krebsonsecurity.com/2014/03/...cannon-fodder/

    Mainly using WP to perform DoS attacks against other WP blogs, but any blog that supports pingbacks might be used. I run a RoR blog, but have never enabled pingbacks. I don't think it is any safer than WP, just less popular and less likely to be attacked.

    I consider his Monday blog article to be a MUST READ.
    Last edited by TheFu; March 17th, 2014 at 02:24 PM.

  4. #24
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: webalizer hasn't created logs in almost a year!

    Thanks for the link. Note to self, if and when I get to installing wordpress, I'll have to disable that "feature."
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

  5. #25
    Join Date
    Dec 2007
    Beans
    380

    Re: webalizer hasn't created logs in almost a year!

    I will be sure to do that as well.

    On a related note, after reinstalling and activating one of my sites for a few minutes, I found this line in the error.log:
    Code:
    [Mon Mar 17 01:50:16 2014] [error] [client 192.151.152.186] File does not exist: /var/www/robotsandcomputers.com/web/++++++++++++++++++++++result:+chosen+nickname+"apposespignee";+nofollow+is+found;+success;+bb-code+not+working;, referer: http://www.robotsandcomputers.com/++++++++++++++++++++++result:+chosen+nickname+%22apposespignee%22%3b+nofollow+is+found%3b+success%3b+bb-code+not+working%3b

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •