The Spamhaus Project is one of the largest anti-spam DNS blacklist services known. Founded in 1998, Spamhaus has operations in Geneva, Switzerland, and London in addition to the 28 investigators and forensic specialists located in 8 countries. Spamhaus is a true 24 hour a day anti-spam operation. With over 60 public DNS Servers distributed across 18 countries, Spamhaus is able to serve billion of DNS requests to the world over, all free of charge. It has been estimated that 1.4 billion users mailboxes are in some way protected by The Spamhaus Project every day.

Here, I will show you a script that automatically blocks IPs blocked by Spamhaus:

#!/bin/bash

IPT=”/sbin/iptables”
FILE=”/tmp/drop.lasso”
URL=”http://www.spamhaus.org/drop/drop.lasso”

echo “”
echo -n “Deleting DROP list from existing firewall…”

Continue Reading…

What is mod_evasive?

mod_evasive is an evasive maneuvers module for Apache2 to provide evasive action in the event of an HTTP DoS or DDoS attack or brute force attack. It is also designed to be a detection and network management tool, and can be easily configured to talk to ipchains, firewalls, routers, and etcetera. mod_evasive presently reports abuses via email and syslog facilities.

Installation:

apt-get install libapache2-mod-evasive

Activate the mod_evasive module:

In the directory: / etc/apache2/mods-available / Debian Squeeze should already have directive to load the module. Or you just can use the following command:

a2enmod mod-evasive

The configuration:

Continue Reading…

This the solution that I found against Script Injection:

First of all, backup file. htaccess.

Then paste the code below in .htaccess:

Options +FollowSymLinks
RewriteEngine On
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]

What is the code doing?

Check if the application contains <script> and if someone try to change the variable values  GLOBALS and  _REQUEST variables.

If this happens, then the browser is closed and the 403 error is returned.

I hope this is usefull. Enjoy

Introduction

Assuming you have varnish installed on your server and you started to catch the pages on it.Your webserver is now missing the hits to your pages.

Well, that is great for your webserver load, but not too good for your statistics analysis, because /var/log/apache/access_log will miss the hit.

Configure varnishncsa:

We’ll use varnishncsa to get the logs that awstats will be able to analyse like:

varnishncsa [?a] [?b] [?C] [?c] [?D] [?d] [?f] [?I regex] [?i tag] [?n varnish_name] [?P file] [?r file] [?V] [?w file] [?X regex] [?x tag]

Add this line in the /etc/rc.local file:

Continue Reading…

What is ebtables? (Ethernet bridge frame table administration)

The ebtables utility enables basic Ethernet frame filtering on a Linux bridge, logging, MAC NAT and brouting. It only provides basic IP filtering, the full-fledged IP filtering on a Linux bridge is done with iptables. The so-called bridge-nf code makes iptables see the bridged IP packets and enables transparent IP NAT. The firewalling tools iptables and ebtables can be used together and are complementary. ebtables tries to provide the bridge firewalling that iptables cannot provide, namely the filtering of non-IP traffic.

What can ebtables do?

  • Ethernet protocol filtering.
  • MAC address filtering.
  • Simple IP header filtering.
  • ARP header filtering.
  • 802.1Q VLAN filtering.
  • In/Out interface filtering (logical and physical device).
  • MAC address nat.
  • Logging.
  • Frame counters.
  • Ability to add, delete and insert rules; flush chains; zero counters.
  • Brouter facility.
  • Ability to atomically load a complete table, containing the rules you made, into the kernel. See the man page and the examples section.
  • Support for user defined chains.
  • Support for marking frames and matching marked frames.

Install ebtables:

Continue Reading…

Page 5 of 71234567