I got hacked not too long ago, so I decided to setup snort patched with snortsam to stop the intruders. This acually works very well.
They got in by brute forcing a log in page for the web mail interface. The intruders also used the compose mail page to send spam after they broke in.
I wrote my own snort rule to detect and block brute forcing and sending spam through the web mail (It will only block if you have snortsam properly setup). This rule blocks anyone that does an HTTP POST more than 30 times within 60 seconds (I believe it is a ratio – average of 2 times per second).
alert tcp any any -> X.X.X.X 80 ( content: "POST"; nocase; msg: "Webmail Brute Force Attempt or Spam Attack"; threshold: type both, track by_src, count 30, seconds 60; sid:123456789; rev:1; fwsam: src, 5 minutes;)
HINT: Replace X.X.X.X with the IP of your web server. Take out the “fwsam: src, 5 minutes;” if you are not using snortsam (you should be ;p). Replace 123456789 with your own custom ID and make it large so it doesn’t conflict with default snort rules.
Have you wrote any custom snort rules or do you have a suggestion to improve this rule? Show us in the comments.
SNORTĀ® is an open source network intrusion prevention and detection system utilizing a rule-driven language, which combines the benefits of signature, protocol and anomaly based inspection methods. With millions of downloads to date, Snort is the most widely deployed intrusion detection and prevention technology worldwide and has become the de facto standard for the industry.
If you use snort and don’t already know about Emerging Threats I am sure it will help you out on your intrusion detecting escapade. If you have any tips for using Emerging Threat’s rules let us know in the comments.
This article is user submitted by rich0rd. You can also submit articles.
You have multiple computers, and your desk is cluttered with keyboards, mice, and monitors? You desperately need more space, and you are tired of moving your hands the long way from one keyboard to the next? Do not worry any more – rescue is here in form of synergy.
Synergy is a nifty little program which allows you to share your mouse and keyboard with other computers on your network. Just move the mouse out of your screen and it magically appears on the screen of the next computer allowing you to type there. Additionally, you can share cut and paste selections, so you can cut something on one screen/PC, move the mouse to the other screen and paste your selection there . Synergy is available for Windows (XP, NT), GNU/Linux, Mac OS X, and Unix. And the best thing is you can even mix different operating systems. Sounds interesting? So let’s see how it works.
Synergy is composed of a server (synergys) and a client part (synergyc) which communicate with each other over a network to exchange keyboard and mouse events. The server is started on the main PC whose keyboard and mouse should be shared, and the client is started on each machine which should use the input devices of the server. In the configuration file, you define which screen is to the left, right, top, or bottom of each monitor. (like in other multi-monitor setups). If the mouse is moved over an edge, the control events are sent over the network to the host which is defined in the configuration.
Get it
There are binary packages available at the synergy sourceforge page, but if you are using a OS with package management system I recommend checking if it is available there first. Install synergy on every machine which should participate in the input sharing.
Windows only: Twingly Screensaver is a cool new app/screensaver that lets you visualize blog posts in real time all over the globe.
From the site:
“Twingly screensaver is visualizing the global blog activity in real time. Forget RSS readers where you see only what you’re interested in. With Twingly screensaver you get a 24/7 stream of all (viewer discretion advised) blog activity, straight to your screen.
To use the screensaver you need a PC with Windows and a graphics card supporting OpenGL. Enable Asian language support in Windows, there’s lot of that stuff in the blogosphere.”
Preview:
To show your blog posts to Twingly add ‘http://rpc.twingly.com/’ to your ping services in your blog settings. For Wordpress go to Settings -> Writing -> Update Services.
Glype Proxy is a free web-based proxy script written in PHP. It allows webmasters to quickly and easily set up their own proxy site. There is a huge market for these proxy websites that allow both anonymous browsing and bypassing network filters at school, college or work.
Despite the huge popularity of these sites, the choice of scripts available is limited with most either incomplete or problematic. Glype Proxy is intended to be a fast and reliable alternative to the widely used PHProxy (now discontinued) and CGIProxy.
The process of installation couldn’t be any simpler:
Upload the contents of the ‘upload’ folder inside of the Glype download to a secret directory on your webserver. It is a very good idea to add password protection to this directory (thanks Roland)
.
Navigate to the appropriate URL where you installed Glype. Ex. http://yourdomain.com/mysecretdirectory/index.php. You should see a screen similar to this:
Type the URL in the box and browse away!
Now you know how simple it is to bypass any web proxy with your very own! Note that Glype also has many other configurable options such as themes (the default is horrid), blacklist/whitelist, plugins, and more.
If you have different PHP proxy scripts that you use, let us know in the comments. How do they compare to Glype?
Tech.shantanugoel.com writes about how to create a do-it-yourself security system using nothing more than a Linux PC, Webcam, and a Twitter account.
No more brother, Mother, burglar, etc. stepping into your private space or home with out you knowing. Also, don’t forget about enabling Twitter mobile alerts for when a PC might be far from reach.
MySQL is an excellent open source database system. Replication is a great way to keep data redundant in case of a server crash. However, replication should not take the place of backups in case of data corruption or mis-entered data – as this data will also be replicated to the slave.
MySQL replication takes place in a master-slave configuration. Be aware that by using the configuration – only changes made on the master are replicated to the slave. Any changes on the slave will not be replicated to the master.
Following the steps below, you can have MySQL replication setup in no time at all.
If you haven’t noticed, my posting has slowed to a crawl lately. I have been very busy at working on maintaining hundreds of systems and that leaves little time for much else. Enough with excuses and on to a bash script that you might be interested in.
When you are hungry, it is crucial to know where your pizza is in the process of being delivered to your door.
By using this python script you can monitor the status of your pizza, in real time, ensuring it receives the proper care it needs.
The process is simple. Just download the script, make it executable (on Linux) and run it in the following syntax, where XXXXXXXXXX is your telephone number:
./dominos.py XXXXXXXXXX
Thanks to Chris for the heads up! And pizza thumbnail via jetalone.
I got hacked not too long ago, so I decided to setup snort patched with snortsam to stop the intruders. This acually works very well.![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
When you are hungry, it is crucial to know where your pizza is in the process of being delivered to your door. 
