Strategic IT Consulting and Implementation Services

CategoryInfoSec

GLIBC Vuln Fix For Debian For Now

Cobbled together from For Debian-based systems this might be helpful until there is an update release Check if your system is vulnerable: From terminal/shell run: iconv -l | grep -E 'CN-?EXT' If you get: ISO-2022-CN-EXT// ISO2022CNEXT// You might be vulnerable. On Debian , check this file: /usr/lib/x86_64-linux-gnu/gconv/gconv-modules At around row 1286 you will see the grouping you need to...

Using fail2ban To Mitigate Excessive Apache 403, 404, 500, and 503 Attacks

I finally spent some time last weekend to address the botnets attacking my site and specifically looking for known exploits, bad WordPress plugins, and just general random stuff. I should disclaimer that messing around and systematically blocking hosts viewing your website generating 404s may or may not make sense for you. If you create a fail2ban filter, jail, and start picking off hosts that...

SSH Honeypot Cowrie Session Video

I had a ssh honeypot running a few months ago for a couple of weeks and while most session playbacks are just rapid fire scripts from bots trying to plant crypto mining software, I did have a few humans kicking around in there. I had a colleague login and kick the tires and shared the video back to him. Here is the video to give you a sense of what the ssh session looks and feels like. Disclaimer...

Fixing the fail2ban filter for Postfix unverified address / user unknown spam attacks

For whatever reason, the default distributed postfix filter I had on my fail2ban setup on ubuntu was not triggering on: 450 4.1.1 Receipient address rejected: unverified address: unknown user mail.log errors. The failregex line was in there for it, but it wasn’t hitting on the endless dictionary attack random attempts from spammer servers across the world. This was annoying because, in...

Setting up a killswitch for attacks with ufw and fail2ban on Linux

Who doesn’t love fail2ban? I know I do. If you look at logs and see the constant and acceleration of the server attacks on the internet from the massive resources across the world doing nothing but trying to takeover your servers for crypto currency mining, ransomware, or to help aid criminal phishing attacks, you’re probably using fail2ban in some form. If you are using fail2ban to...

Standard WordPress Attacks Visualized

Everyone that runs WordPress or any website knows there are thousands upon thousands of servers across the Internet doing nothing but looking for vulnerabilities and trying to hack sites. Logs directly don’t give you the sense of what is really happening in a nice visual way. An old favorite of mine, Logstalgia, is a fun way to see what all those servers trying to take you down, hack and...

Blocking garbage gTLDs with postfix header_checks

In looking at my Postfix mail.logs, I only see the new ICANN vanity gTLDs really generating garbage spam. Lots of press on the mess this all is causing. I got kind of sick of even dealing with that, so here is the header_checks lines I use to block them via postfix if you want to do that on your setup. There are a lot of articles on the internet for this, but I here is what works for me. YMMV...

Strategic IT Consulting and Implementation Services