phpMyAdmin is a popular software  and as such is a target for various scripted attacks. If you run phpMyAdmin installation somewhere you should really make sure it is secured.

There are some things you can do to keep you safer:

1. Remove setup directory from phpMyAdmin. You will not use it after initial setup:

 rm -rf /usr/share/phpmyadmin/setup/

2. Prevent access to libraries directory from browser.  You can use a .htaccess file for this.

3. In case you don’t want all  users  to access phpMyAdmin  you can use AllowDeny rules to limit them:

Use the following in the file config,inc.php of phpMyAdmin to restrict access to from remote machines.

vim /usr/share/phpmyadmin/config.inc.php


Continue Reading…

You can view iptables entries by line with command:
iptables -L INPUT -n --line-numbers
Example:

[email protected]:~# iptables -L INPUT -n –line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:22
2   ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:80
3    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:443
4    ACCEPT     tcp  –  0.0.0.0/0            192.168.1.100       tcp dpt:21
5   ACCEPT     all  –  127.0.0.1            0.0.0.0/0
6   ACCEPT     all  –  192.168.1.100        0.0.0.0/0
7   ACCEPT     icmp –  0.0.0.0/0            0.0.0.0/0
8   ACCEPT     all  –  192.168.4.0/24       0.0.0.0/0
9   DROP       all  –  0.0.0.0/0            0.0.0.0/0           state NE

You’ll get the list of all INPUT entries.  Look at the number on the left  then use the following command to delete :

iptables -D INPUT <<number here>>

Enjoy.

Using ssh as a socks proxy

Valic —  January 5, 2012 — Leave a comment

Ssh can support forwarding traffic & act as a SOCKS proxy.

This is fantastic for encrypted browsing over unsecured wifi connections. You can setup Firefox, YM or any other SOCKS 5 compliant program to make use of the proxy. After executing the command below ssh will be listening on localhost (127.0.0.1) and you would then point your SOCKS compliant program to this ip and port that you specify below.

The command:

ssh -qTfnN2 -D 8080 -p 22 [email protected]

Explanations:

-q :- be very quite, we are acting only as a tunnel.
-T :- Do not allocate a pseudo tty, we are only acting a tunnel.
-f :- move the ssh process to background, as we don?t want to interact with this ssh session directly.
-N :- Do not execute remote command.
-p :- Port to connect to on the remote host.
-n :- redirect standard input to /dev/null.
-2 :- Forces ssh to try protocol version 2 only.
-D :- Specifies a local “dynamic” application-level port forwarding.This works
by allocating a socket to listen to port on the local side,and whenever a connection
is made to this port, the connection is forwarded over the secure channel, and the application
protocol is then used to determine where to connect to from the remote machine.
Currently the SOCKS4 and SOCKS5 protocols are supported, and ssh will act as a SOCKS server.
Only root can forward privileged ports.

Enjoy.

What is Suhosin?

Suhosin is an advanced protection  for PHP5 installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. Suhosin comes in independent parts, that can be used separately or in combination.

Suhosin is a great and simple way of increasing your security protection without having a immense impact on overall performance.

In this tutorial I will cover the installation and configuration of Suhosin on Debian Squeeze. I will also assume that you already have apache2 and php2 setup using this tutorial:How to install apache2, mysql5 and php5 on debian squeeze

1. Install Suhosin on Debian Squeeze:

Installation of suhosin on Debian Squeeze is simple.

apt-get update && apt-get install php5-suhosin

2. Configuring Suhosin:

The configuration file on Debian Squeeze is located in /etc/php5/conf.d/suhosin.ini.

Continue Reading…

On Debian Squeeze edit the sshd_config file located in /etc/ssh/ :

Change PermitRootLogin from yes/no to “without-password”:

#PermitRootLogin yes
PermitRootLogin without-password

Restart ssh daemon and try to login with root account.

Enjoy.

Page 3 of 71234567