Wednesday, April 28, 2010

Iptables: Unblock / Delete an IP Address Listed in IPtables Tables

Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. You can delete one or more rules from the selected chain. There are two versions of this command: the rule can be specified as a number in the chain (starting at 1 for the first rule) or a rule to match.


List existing chains

Type the following command to list current IPs in tables:

iptables -L -n
iptables -L -n -v
iptables -L chain-name -n -v
iptables -L spamips -n -v


List existing chains with line number

To display line number along with other information, enter:

iptables -L INPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers
iptables -L OUTPUT -n --line-numbers | less
iptables -L spamips -n -v --line-numbers
iptables -L spamips -n -v --line-numbers | grep 202.54.1.2


Chain droplist (3 references)
num   pkts bytes target     prot opt in     out     source               destination
1 0 0 LOG 0 -- * * 116.199.128.0/19 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block'
2 0 0 DROP 0 -- * * 116.199.128.0/19 0.0.0.0/0
3 0 0 LOG 0 -- * * 116.50.8.0/21 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block'
4 0 0 DROP 0 -- * * 116.50.8.0/21 0.0.0.0/0
5 0 0 LOG 0 -- * * 128.199.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block'
6 0 0 DROP 0 -- * * 128.199.0.0/16 0.0.0.0/0
7 0 0 LOG 0 -- * * 132.232.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block'
8 0 0 DROP 0 -- * * 132.232.0.0/16 0.0.0.0/0
9 342 23317 LOG 0 -- * * 134.175.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DROP Block'
10 342 23317 DROP 0 -- * * 134.175.0.0/16 0.0.0.0/0
11 0 0 LOG 0 -- * * 134.33.0.0/16 0.0.0.0/0 LOG flags 0 level 4 prefix `LASSO DR
You will get the list of all blocked IP. Look at the number on the left, then use number to delete it. For example delete line number 10 (subner 134.175.0.0/16), enter:

iptables -D INPUT 10

You can also use the following syntax to delete / unblock an IP use the following syntax:

iptables -D INPUT -s xx.xxx.xx.xx -j DROP
iptables -D INPUT -s xx.xxx.xx.xx/yy -j DROP
iptables -D spamlist -s 202.54.1.2 -d 0/0 -j DROP
iptables -D spamlist -s 202.54.1.2/29 -d 0/0 -j DROP


On a related note I recommend getting a good Linux command line and netfilter Firewall (iptables) book to understand all technical mumbo jumbo.

How to avoid dictionary attack on SSH? Secure your server now!

For this past few weeks, I've encountered a lot of attacks on my server coming from different IP's using automated scripts. They use brute force using dictionary attack to guess my root and other account password. Well, honestly I'm not really bothered by this attacks before because i do have my firewall up and enabled and I am confident enough that they wont guess my very super secured password :)

However, what annoyed me and makes me create this article is the email that I received from my cpanel account 3 times per day and spamming my personal inbox. The email says, 'Drive Warning: /dev/sda2 (/var) is 72% full' (dev/sda2 is my secondary disk where logs are located)

From 72% to 89% percent for just a couple of days.. it started to get my furious attention. WTH?! then i started the investigation and found out my btmp file (File btmp contains bad login entries for each invalid logon attempt) has reached a very huge 8Gb in file size. Whoa! its even larger than my GTA IV installer and to think that its only a txt file. Grrrrr.

And now to limit or end this script kiddie playtime,

1) Make passwords long & strong, stuff like: &^bV{-)wQ17HG*dzQK?X

2) Limit sshd's accessing domains you know you don't need in hosts.deny (sshd can be compiled w/hosts_access support or put in under xinetd/inet with -i option). For example, I know that no one from China should be logging into my sshd, so:

hosts.deny:

Code:
sshd: .cn, .cn.net, .cn.com, .jp, .jp.com

3) Add line

Code:
sshd: UNKNOWN

to hosts.deny. Surprisingly, this stops alot of them but hasn't stopped any of my legit users. You can combine this rule with #2 above.
4) Make use of the AllowUser, DenyUser tags in sshd_config. Make sure you list exactly who should and who should not login. IMO, never, ever allow root.

sshd_config:

Code:
# Explicitly set who can and who can not login by way of ssh
AllowGroups users
AllowUsers tom joe harry

# Everything that isn't above
DenyGroups root bin daemon sys adm tty disk lp mem kmem wheel floppy mail news uucp man games slocate utmp smmsp mysql rpc sshd shadow ftp nogroup console xcdwrite

DenyUsers root bin daemon adm lp sync shutdown halt mail news uucp operator games ftp smmsp mysql rpc sshd nobody test guest user admin apache www wwwrun httpd irc

5) Check into key-only ssh login. If someone doesn't have a valid key, it will be very hard to login with any password!

6) Turn up logging and watch logs carefully. Maybe limit access times too (with xinetd's port times). I completely drop traffic from known trouble networks/domains/netblocks, but this may be too extreme for some people. xinetd can do rate limit as well.

7) You can put sshd on another port, but this shouldn't be needed if all your other defense is in place. Stay up on patches and current security. Most intruders I've seen get local, then use kernel exploits like km3.c (ptrace) or do_brk(), mremap to gain root. Of those that did get root, they usually downloaded IRC stuff (bouncers, bots) and linux viruses OSF, and RST varient #2. The attackers were quite amatureuish, and left behind plenty of evidence, including bash history files, logs, and other records. Once a machine is compromised, they use it to do more. The most advanced tool that I've seen

came as a C source file, so the port could be changed. It had an extensive password list with dictionary type words. More words could be added. RST #2 contains its own backdoor. Rootkits T0rn, and SucKit were popular as well. Many of the tools came from the go.ro domain. In many cases, the admins of the attacking machines didn't know they were compromised. Several expressed gratitude when notified of the attempts, but unfortunately the norm seems to be no response (at least in the cases I've reported myself).

As far as using hosts based access for iptables, I'd say go for both: knock out as much trouble spots as you can with each tool, because they work slightly different. For example, I may not need to allow sshd login from a certain domain, but I do want to be able to send and receive mail with it; so I can't drop it completely. With hosts based access you can give rules to just one daemon, or all.

Tuesday, April 21, 2009

Installing ImageMagick 6.3.8 on a cPanel Server

This tutorial will give you a little step by step manual of how to upgrade and properly install ImageMagick on you cPanel server without having to manually compile Apache

Firstly we need to talke notice that the new easyApache version 3 does not incude ImageMagick as an additional install option in PHP, so here are the steps we performed to get that magic wand happening again.

1/ downolad ImageMagic 6.3.8. onto your server by using

wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.4.3-6.zip
unzip ImageMagick-6.4.3-6.zip

go into the directory

cd ImageMagick-6.4.3-6

the default should be fine , but you can always check other options here Install-unix.txt
anyways, default install is simple

./configure
make install

Both of the commands can take a little while , but either way this should have installed ImageMagick 6.3.8 now. And now to finish the process


cd PerlMagick/
perl Makefile.PL
make
make install


BUT HOLD ON, this is not it yet!

We need to get it locked into PHP !
The new WHM has a fantastic utility to complete the task.

Log into WHM >> Software >> Module Installers >> PHP Pecl and install imagick to get the whole thing binding into PHP and making your applications gell ! :)


Below you can find a pic in WHM



That should be it, if by any chance you hot a problem with a 64 bit OS and WHM can not find imagick then install it manually, by following the steps below

Firstly install ImageMagick-devel

yum -y install ImageMagick-devel

Assuming ImageMagick-devel is installed, you need to download the Imagick PHP extensions, located here: http://pecl.php.net/package/imagick

Latest version, as of this post, is imagick-2.2.0
wget http://pecl.php.net/get/imagick-2.2.0.tgz

Place this package in your home directory. Then, in a shell console, type

tar -zxvf imagick-2.2.0
.tgz


while in the home directory (don't type the quotes)

Then type the following commands:

cd imagick-2.2.0
phpize
./configure

make
make install


Now go back into WHM and try to activate imagick again

Tuesday, April 14, 2009

How to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encoder, and Libog from source

This article shows how to install ffmpeg, ffmpeg-PHP, Mplayer, Mencoder, flv2tool, LAME MP3 Encoder, and Libog from source. It should work on most systems, however may need some tweaking from system to sytem.

cd /usr/local/src

Download source tarballs:

wget http://rubyforge.org/frs/download.php/9225/flvtool2_1.0.5_rc6.tgz
wget http://easynews.dl.sourceforge.net/sourceforge/lame/lame-3.97.tar.gz
wget http://superb-west.dl.sourceforge.net/sourceforge/ffmpeg-php/ffmpeg-php-0.5.0.tbz2
wget http://downloads.xiph.org/releases/ogg/libogg-1.1.3.tar.gz
wget http://downloads.xiph.org/releases/vorbis/libvorbis-1.1.2.tar.gz
wget http://www4.mplayerhq.hu/MPlayer/releases/codecs/essential-20061022.tar.bz2

Extract the tarballs:

tar zxvf lame-3.97.tar.gz
tar zxvf libogg-1.1.3.tar.gz
tar zxvf libvorbis-1.1.2.tar.gz
tar zxvf flvtool2_1.0.5_rc6.tgz
tar jxvf essential-20061022.tar.bz2
tar jxvf ffmpeg-php-0.5.0.tbz2
tar zxvf flvtool2_1.0.5_rc6.tgz


Make a directory to store all the codecs:

mkdir /usr/local/lib/codecs/


Install any necessary packages:

yum install gcc gmake make libcpp libgcc libstdc++ gcc4 gcc4-c++ gcc4-gfortran
yum install subversion ruby ncurses-devel

svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
svn checkout svn://svn.mplayerhq.hu/mplayer/trunk mplayer
cd /usr/local/src/mplayer
svn update
cd /usr/local/src

Copy codecs for mplayer:

mv /usr/local/src/essential-20061022/* /usr/local/lib/codecs/
chmod -R 755 /usr/local/lib/codecs/

If you are using secure tmp:

mkdir /usr/local/src/tmp
chmod 777 /usr/local/src/tmp
export TMPDIR=/usr/local/src/tmp

Installing Lame:

cd /usr/local/src/lame-3.97
./configure
make && make install

Installing Libogg:

cd /usr/local/src/libogg-1.1.3
./configure && make && make install

Installing libvorbis:

cd /usr/local/src/libvorbis-1.1.2
./configure && make && make install

Installing flvtool2:

cd /usr/local/src/flvtool2_1.0.5_rc6/
ruby setup.rb config
ruby setup.rb setup
ruby setup.rb install

cd /usr/local/src/mplayer
./configure && make && make install

Installing ffmpeg:

cd /usr/local/src/ffmpeg/
./configure --enable-libmp3lame --enable-libogg --enable-libvorbis --disable-mmx --enable-shared
make && make install

ln -s /usr/local/lib/libavformat.so.50 /usr/lib/libavformat.so.50
ln -s /usr/local/lib/libavcodec.so.51 /usr/lib/libavcodec.so.51
ln -s /usr/local/lib/libavutil.so.49 /usr/lib/libavutil.so.49
ln -s /usr/local/lib/libmp3lame.so.0 /usr/lib/libmp3lame.so.0
ln -s /usr/local/lib/libavformat.so.51 /usr/lib/libavformat.so.51

Installing ffmpeg-php:

cd /usr/local/src/ffmpeg-php-0.5.0/
phpize
./configure
make
make install

Note: Make sure this is the correct php.ini for this server.

echo 'extension=/usr/local/lib/php/extensions/no-debug-non-zts-20020429/ffmpeg.so' >> /usr/local/Zend/etc/php.ini

Restart apache:

service httpd restart

You should be ready to go now!

Note: up2date can be used if you don't have yum installed.

[How-To] Install FFMPEG to your account

Hello folks!

Let me first state that I have not tested if this installation of FFMPEG functions as required but the installation seems to have gone smoothly. If you attempt to use this install method and have any troubles, please do not submit a support ticket as Site5 does not provide support for 3rd party products. Feel free to respond to this post with any questions or issues you might have and I will do my best ( time permitting ) to assist in troubleshooting with you.

FFMPEG Install for Shared Hosting accounts.

Required:
Bash Shell for the account the procedure is initiated on.
Access to system Compiler and Fetch utility groups.

Note: For both of the above, you will likely need to submit a ticket unless previously requested. Please include the account domain name, and the specific system username which you will be logging into to perform this task to expedite your request.

cd ~
mkdir TEMP src bin bin/ffmpeg
cd src/
svn checkout svn://svn.mplayerhq.hu/ffmpeg/trunk ffmpeg
cd ffmpeg/
export TMPDIR='/home/username/TEMP/'
./configure --prefix=/home/username/bin/ffmpeg
# Your application may require extra configure options enabled to function correctly.
# Run "./configure --help" for a full list of available options.
# Contact the application vendor if you are not certain with this one.
make
make install

Your ffmpeg binary will be available @ "/home/username/bin/ffmpeg/bin/".

Thursday, January 8, 2009

MASTERING UPPERCASE LETTERS

IS YOUR WRITING TIRED AND LIMP LIKE ABE VIGODA IN THE MORNING?

YOU NEED THE POWER OF UPPERCASE! WITH UPPERCASE YOU CAN ENJOY MORE POTENT WORDS THAN EVERY LOWERCASE LETTER IN THE ENTIRE ALPHABET! COMBINED!

IN MASTERING UPPERCASE LETTERS YOU WILL DISCOVER:

  • HOW TO GRAB SOMEONE’S ATTENTION USING UPPERCASE NAMES, SUCH AS “HELLO, GEORGE”
  • HOW TO ADD OOMPH TO PROPER NOUNS, LIKE “I SENT A POUCH OF ANTHRAX TO THE WHITE HOUSE”
  • HOW TO BETTER PROVE YOUR POINT, FOR EXAMPLE, “I WILL GET YOU”

PLUS…DID YOU EVER WISH YOU COULD TYPE UPPERCASE WITH ONLY ONE HAND? NOW YOU CAN, WITH MASTERING UPPERCASE LETTERS: ADVANCED EDITION. LEARN TO DEPRESS YOUR CAPS LOCK KEY PERMANENTLY AND FOREVER USING HOT GLUE.

ORDER MASTERING UPPERCASE LETTERS NOW AND RECEIVE A FREE LOWERCASE-TO-UPPERCASE CONVERSION KIT FOR UPDATING OLD MESSAGES!


got this funny crap here : http://www.iwritefunny.com/

Wednesday, January 7, 2009

Installing Tomcat 5.5 + OpenLaszlo + Red5 Flash Server on Windows XP

Resource founded at http://weblogs.amtex.nl/media/users/admin/Installing_Tomcat_Openlaszlo_Red5.pdf


This are the very useful and convenient alternative way on setting up a server that needs ADOBE Flash Media Server which is very expensive. I recommend using an opensource server, the "red5". :)


This article explains how to install and run OpenLaszlo Presentation Server,
Red5 Flash Server on top of an Apache Tomcat server.
This article will quickly get you started according to the philosophy “experience
first, understand later”.
OK, let’s get started!

Tomcat is a free, open source implementation of Java Servlet and JavaServer
Pages (jsp) technologies.

OpenLaszlo is a free, open source platform for creating zero-install web applications
with the user interface capabilities of desktop client software. In fact, it’s a
free Adobe® Flex Server.

Red5 is a free, open source Flash server that supports streaming and recording
audio/video, live stream publishing and Flash remoting. Its commercial brother is
Adobe® Flash Media Server.

Pick them up, shake them well and put it down. The result is T-O-R and the possibilities
are truly amazing!


Prerequisites

Download the following files:

- JDK 5.0 Update ‘xx’ (Java SE Development Kit (JDK)) from
http://java.sun.com/javase/downloads

- tomcat 5.5 from http://tomcat.apache.org:

> Core (windows service installer)
> Administration Web Application

- openlaszlo dev kit (war file) from www.openlaszlo.org

- red5 war file from www.osflash.org/red5

On my system, I ended up with the following files:

jdk-1_5_0_09-windows-i586-p.exe
apache-tomcat-5.5.20.exe
apache-tomcat-5.5.20-admin.zip
openlaszlo-3.3.3.war
red5-0.6rc1.war
Installing JRK + Tomcat 5.5

Estimated time to complete: 5 - 10 minutes

· Perform a standard installation of JDK (next, next… finish)
· Install Apache Tomcat (use the default server port 8080 and remember your
admin login credentials)

Test the installation in your browser: http://localhost:8080

The last thing we’ve to do is installing the Admin Web Application for easy Tomcat
administration.

· Stop the Tomcat Service (from taskbar)

· Open “apache-tomcat-5.5.20-admin.zip” and drop the folders “conf” and
“server” into “C:\Program Files\Apache Software Foundation\Tomcat 5.5\”.
(Windows warns you about already existing folders, but that’s OK. Simply ignore
this)

Start the Tomcat Service again

Test the installation again in your browser (http://localhost:8080) by clicking on
“Tomcat Manager”.

Please enter your login credentials you’ve thought earlier.

You are logged in now.

Onward….!

Installing OpenLaszlo

Estimated time to complete: 1 minute

We’re going to install OpenLaszlo from within the Admin Web Application.

Login (again) into the Admin Web Application and click on “Tomcat Manager”.

Locate “WAR file to deploy” and use the buttons “Browse…” and “Deploy” to install
“openlaszlo-3.3.3.war”.

Test your OpenLaszlo installation by accessing the following URL:
http://localhost:8080/openlaszlo-3.3.3/

All right!

Note: if you’re planning to use OpenLaszlo in a live environment use the servlet
(openlaszlo-3.3.3-servlet.war) instead of the dev kit. The dev kit contains extras
like examples and documentation.


Installing Red5

Estimated time to complete: 1 minute

Next, we’re going to install Red5 in the same way.

Rename “red5-0.6rc1.war” into “red5.war” to get a nice deployment URL (context
path) and deploy it.

Test your Red5 installation by accessing the following URL:
http://localhost:8080/red5

Also try this “real” demo: http://localhost:8080/red5/flvdemo.html
Done!

What you’ve done
You’ve completed a successful installation of Tomcat, OpenLaszlo and Red5.

The next step is writing an application which makes use of OpenLaszlo and
Red5.

Most Viewed