Server Security - Page 15

We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

Financially motivated hacking groups are increasingly exploiting newly disclosed vulnerabilities to deploy custom malware on public-facing servers. The threat actors are known as Magnet Goblin, and they have been quick to leverage one-day flaws, vuln...
Mar 11, 2024
  0

New Bifrost Malware Evades Detection, Threatens Linux Server Security

A new variant of Bifrost, a remote access Trojan (RAT),...
Mar 02, 2024
  0
11.Locks IsometricPattern Esm H115

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers

A new malware dubbed “Migo” that is targeting Linux Red...
Feb 21, 2024
  64
22.Lock ScreenEffect Esm H115

Discover Server Security News

LS Hmepg 337x500 34 Esm H200

Making Apache httpd Logs More Useful

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

No doubt you're already aware of the standard logfiles that Apache httpd creates for you. There's the access log, which tells you every time a request is made to your server. There's also the error log, which makes a note every time something goes wrong or something of interest happens that you should know about. Click this Mojo Ad There are a few things that you can do to make your access log more useful, such as using the combined, rather than the common, logfile format--but that's another article. Look at the documentation for mod_log_config for more information on that.

LS Hmepg 337x500 34 Esm H200

Ping of death comes to Solaris

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Sun Microsystems has issued a security update intended for computers running Sun Solaris 10 operating system. The update patches a security vulnerability that could cause kernel panic by sending one false ICMP request. The vendor does not disclose the conditions required for the attack to occur, but in its security advisory, Sun suggest testing whether a system responds to ICMP echo requests using a normal ping utility.

LS Hmepg 337x500 34 Esm H200

The Zero-Day Dilemma

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The recent surge in malware attacks against zero-day flaws in some of the most widely used software packages is confirmation of an IT administrator's worst nightmare: Stand-alone, signature-based anti-virus software offers no protection from sophisticated online criminals.During 2006, there was a wave of zero-day attacks against Microsoft Office applications

LS Hmepg 337x500 34 Esm H200

Web Application Security: The Overlooked Vulnerabilities

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

How do you cost effectively defend web applications from attack? Your organization relies on mission critical business applications that contain sensitive information about customers, business processes and corporate data. Moving away from proprietary client/server applications to web applications gives you a simpler, cost-effective, highly extensible delivery platform. These applications are more than a valuable tool to power your business operations; they are also a valuable and vulnerable target for attackers. Web applications are increasingly the preferred targets of cyber-criminals looking to profit from identity theft, fraud, corporate espionage, and other illegal activities.

LS Hmepg 337x500 34 Esm H200

Protecting DNS Servers From Hackers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are several things that you can do to prevent problems. I would recommend putting the DNS servers behind your current firewall and give them a public IP address. When allowing port 53 through the firewall, be sure to allow both TCP and UDP through. I learned this one the hard way the first time I put DNS servers behind a firewall. There were intermittent problems in DNS resolution until both TCP and UDP were allowed through the firewall for port 53. If you put the DNS servers behind your current firewall, I would suggest putting the servers in a different subnet from your server farm or anything else on your network. I would also suggest putting an access control list statement in the switch for the subnet that the DNS servers will be on that doesnt allow traffic from the DNS servers to ingress onto your network and only talk over your Internet connection. Another option is to put the servers on a DMZ connection. Some firewalls allow this with the installation of an additional network card if the firewall you have doesnt have an additional port already available.

LS Hmepg 337x500 34 Esm H200

The Cross-Site Request Forgery (CSRF/XSRF) FAQ

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Cross Site Request Forgery (also known as XSRF, CSRF, and Cross Site Reference Forgery) works by exploiting the trust that a site has for the user. Site tasks are usually linked to specific urls (Example: ;stock=ebay) allowing specific actions to be performed when requested. If a user is logged into the site and an attacker tricks their browser into making a request to one of these task urls, then the task is performed and logged as the logged in user. Typically an attacker will embed malicious HTML or JavaScript code into an email or website to request a specific 'task url' which executes without the users knowledge, either directly or by utilizing a Cross-site Scripting Flaw. Injection via light markup languages such as BBCode is also entirely possible. These sorts of attacks are fairly difficult to detect potentially leaving a user debating with the website/company as to whether or not the stocks bought the day before was initiated by the user after the price plummeted.

LS Hmepg 337x500 34 Esm H200

How To Automatically Scan Uploaded Files For Viruses With php-clamavlib

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

This guide describes how you can automatically scan files uploaded by users through a web form on your server using PHP and ClamAV. That way you can make sure that your upload form will not be abused to distribute malware. To glue PHP and ClamAV, we install the package php5-clamavlib/php4-clamavlib which is rather undocumented at this time. That package is available for Debian Etch and Sid and also for Ubuntu Dapper Drake and Edgy Eft, so make sure you use one of these platforms. I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!

LS Hmepg 337x500 34 Esm H200

PHP Apps: Security's Low-hanging Fruit

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web. PHP became one of my favorite languages because of how quickly one can write a highly functional, standards-based web application with a database back-end. Unfortunately, attackers are taking these applications down even faster than they appear.

LS Hmepg 337x500 34 Esm H200

Why Blurring Sensitive Information Is A Bad Idea

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Undoubtedly you have all seen photographs of people on TV and online who have been blurred to hide faces. For the most part this is all fine with peoples' faces as there isn't a convenient way to reverse the blur back into a photo so detailed that you can recognise the photo. So that's good if that is what you intended. However, many people also resort to blurring sensitive numbers and text. I'll illustrate why that is a BAD idea.

LS Hmepg 337x500 34 Esm H200

Subverting Ajax

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular, an attacker can inject client side code to totally subvert the communication flow between client and server. In fact, advanced features of Ajax framework build up a new transparent layer not controlled by the user. This paper will focus on security aspects of Ajax technology and on their influence upon privacy issues. Ajax is not only a group of features for web developers: it's a new paradigm that allows leveraging the most refined client side attacks.

LS Hmepg 337x500 34 Esm H200

Learn 10 good UNIX usage habits

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

When you use a system often, you tend to fall into set usage patterns. Sometimes, you do not start the habit of doing things in the best possible way. Sometimes, you even pick up bad practices that lead to clutter and clumsiness. One of the best ways to correct such inadequacies is to conscientiously pick up good habits that counteract them. This article suggests 10 UNIX command-line habits worth picking up -- good habits that help you break many common usage foibles and make you more productive at the command line in the process. Each habit is described in more detail following the list of good habits.

LS Hmepg 337x500 34 Esm H200

How Not To Use Cookies

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Within one week's time, we stumbled across two different sites using cookies the wrong way. While the attack vectors were a bit different, both sites trusted the cookie data to secure their users

LS Hmepg 337x500 34 Esm H200

Not Much Resistance at the Door

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Websites are as vulnerable as ever, according to a survey of Web application security professionals who test sites for security holes. The survey, conducted by researcher Jeremiah Grossman on his blogsite, polled more than 60 security pros, 63 percent who work for vendors or consultants, 23 percent for enterprises, 5 percent for government, and 10 percent for other types of organizations. These are the guys in the trenches who hammer on Websites regularly -- 53 percent said all or almost all of their job is dedicated to Web app security (versus development, general security, and incident response); 28 percent said about half; and 20 percent said "some."

LS Hmepg 337x500 34 Esm H200

Making a distribution secure

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There's no dearth of Linux distributions to choose from. With so many to choose from, one might think it's as easy as picking up the Linux kernel, throwing in a few applications, setting up respositories, making ISOs and you've got a shiny new Linux distro. Well, there's more to a Linux distro than assembling applications and making sure everything works. A lot of time and effort, at least for major distros, is spent on making the distribution secure and getting updates out in a timely fashion. To start with, all major distributions have security teams that collaborate with the main release team to ensure no vulnerable packages make their way into the final release. For example, Chris Gianelloni, release engineering strategic lead of Gentoo says that the release engineering team works with Gentoo's security team and individual architecture teams to make sure Gentoo doesn't have security vulnerabilities when Gentoo is released.

LS Hmepg 337x500 34 Esm H200

Snake Bytes: XSS Rx

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

There are two philosophies in which to protect against cross-site scripting (XSS) attacks: input encoding and output encoding. Input encoding means that the application takes whatever the user gives it and then encodes it so that when the information is outputted it has already been sanitized. Output encoding means that the application takes whatever data is given to it in whatever form it takes and stores it. Once it is ready for output it is sanitized before being shown to the user. I've heard people say that output encoding is the right way to deal with HTML injection and XSS attacks as well. There's one concept I haven't bought off on personally. Let's take an example where you have a single input, which is your name.

LS Hmepg 337x500 34 Esm H200

Locking Down Ubuntu

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security is an important issue in computing. Unfortunately, many computers allow a cracker to gain access to them and retrieve sensitive information, or just make life hard. This article will review the basics in general security and explain how to apply it to two Linux distributions--Ubuntu and Kubuntu. This article assumes that you know how to install programs on either Ubuntu or Kubuntu. It also assumes that you have some knowledge of basic computer networking principles. If you do not know how to install programs on Ubuntu, go tohttps://help.ubuntu.com/community/InstallingSoftware. If you do not know much about networking, go to http://www.faqs.org/docs/linux_network/x-087-2-intro.html. This article also assumes that you are using Ubuntu or Kubuntu 6.06(Dapper Drake), but the Firewall section can be adapted for any recent Linux distribution.

LS Hmepg 337x500 34 Esm H200

DNS Security and Threat Mitigation: An Overview of Domain Name System Threats and Strategies for Sec

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

The Internet is a seemingly limitless source of information. It provides the power of collective knowledge and information to a vast array of users who access innumerable resources for countless reasons. These resources are typically accessed by using a human readable name designed to be easily remembered, thus increasing the usability of the resource. These human readable names, as the very term implies, are for the sake of the human users. Network devices, however, find each other by using a number, referred to as IP (Internet Protocol) addresses. The Domain Name System is the service that maps the human readable names to device specific IP addresses creating the user friendly nature of networked systems.

LS Hmepg 337x500 34 Esm H200

Establish more effective security capabilities with OpenSSH

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Longtime Linux admins know that SSH, the "Secure Shell" protocol, is one of the most handy and potentially critical utilities in their software toolbox. Using multiple terminal emulators in an X Windows environment on a workstation, or via the Screen utility, a sysadmin for Linux or other Unix-based OS servers can manage several systems simultaneously with ease. Network administration shell or Perl scripts can make use of SSH to perform automated tasks on multiple servers at once simply and securely. Network shell utilities like RSH have been around longer than SSH, of course. But SSH adds strong encryption and data compression to its functionality and most modern SSH implementations also provide SFTP and SCP in the same convenient package, for secure file transfers over the network.

LS Hmepg 337x500 34 Esm H200

BT to make DDoS mitigation affordable

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

SPs could provide the answer to combatting DDoS attacks according to BT, providing customers with DDoS mitigation at a price far cheaper than buying it in directly. According to Mick Creane, Head of Managed Security Strategy at BT, ISPs are in a unique position to be able to make DDoS mitigation affordable for its customers, and it's something BT is already considering. 'We're looking at technology in the core of our network that would direct traffic through a "scrubbing centre". This terminates requests, checks if they are valid and if they are not, drops them. Where they are valid, they are forwarded to the original destination,' said Creane. 'It's expensive, but with BT you have economies of scale. So we would divert traffic as necessary [rather than route everything through the "scrubbing centre"].'

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved