Hacking

All posts in the Hacking category

How to install CSF and LFD?

Published June 17, 2010 by Siva

Securing a web server is critical if it is Internet facing. A steady flood of random and targeted attacks is going to happen as soon as the server is available over the Internet. Installing a firewall and a brute force attack detection tool should be one of the very first steps for a web master. In the past we recommended APF and BFD of R-fx Networks as the software to use, but both tools have not kept up with the pace and are very much outdated. A competing product developer stepped up to the plate and grabbed the opportunity to position his own software solution in the market. Best of all – the solution is freely available at Configserver.com.

CSF and LFD are very easy to install and to configure – especially if you are using a cpanel & WHM server. Here are the instructions on how to install CSF and LFD.

1) Log into your server and switch to the root user
2) Switch directories to your download directory
3) Download the latest version of the software: # wget http://www.configserver.com/free/csf.tgz
4) Untar the package: # tar -xzf csf.tgz
5) Switch into the new extracted folder: # cd csf
6) Run the installer: # sh install.sh
7) If you are still running APF and BFD on your server it is necessary to disable those applications: # sh disable_apf_bfd.sh

If you are running WHM you can now configure CSF and LFD from WHM. CSF/LFD comes pre-configured for a cpanel/WHM server and so there is not that much to do after the installation. Log into WHM and inspect the new configuration utility. As an example you can uninstall APF and BFD from here with the click of the button. If you want to manually edit the CSF/LFD configuration you can do so at / etc/csf/*. Make sure to make backups before you make changes as well as using the debug mode to avoid being locked out.

If for whatever reason you need to uninstall CSF and LFD you can do this easily yourself as well. Login to your server via SSH and switch to the root user.

1) Switch to the folder holding the uninstaller: # cd /etc/csf
2) Run the uninstaller: # sh uninstall.sh

All done. We highly recommend to make yourself familar with the product and how it works. CSF / LFD comes with a readme.txt file that you really should read. The readme file will give a great insight into how both apps work and what you need to configure to have your server properly configured.

RKHunter Configuration Guide

Published January 23, 2010 by Siva

Rkhunter is a very useful tool that is used to check for trojans, rootkits, and other security problems. This tutorial will touch on installing and setting up a daily report for rkhunter.

Installing:

wget http://downloads.rootkit.nl/rkhunter-1.2.7.tar.gz

wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.3.6/rkhunter-1.3.6.tar.gz?use_mirror=nchc
tar -zxvf rkhunter-1.2.7.tar.gz
cd rkhunter-1.2.7
./installer.sh –layout /usr/local/rkhunter –install

Updating rkhunter

gets the latest database updates from their central server and matches your OS better to prevent false positives

rkhunter –update

Now you can run a test scan with the following command:

/usr/local/bin/rkhunter -c

How to setup a daily scan report?

vim /etc/cron.daily/rkhunter.sh

add the following replacing your email address:

#!/bin/bash
/usr/local/bin/rkhunter –cronjob –rwo –nocolors | mail -s “Rkhunter daily run on `uname -n`” siva@example.com
exit 0

chmod +x /etc/cron.daily/rkhunter.sh

Disable ICMP echo (ping) responses in Linux

Published September 22, 2009 by Siva

Many malicious attacks begin with a ping scan. Disabling ICMP echo requests prevents your system’s discovery with a ping.

As superuser, add the following lines to /etc/sysctl.conf

net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_echo_ignore_all = 1

Then run the following command to cause the change to take effect immediately:

sysctl -p

Recovering forgotten Windows XP administrator Password

Published September 2, 2009 by Siva

Please Do the Following steps for Reseting administrator password in Win Xp

1. Place your Windows XP CD in your cd-rom and start your computer (it’s assumed here that your XP CD is bootable – as it should be – and that you have your bios set to boot from CD)

2. Keep your eye on the screen messages for booting to your cd Typically, it will be “Press any key to boot from cd”

3. Once you get in, the first screen will indicate that Setup is inspecting your system and loading files.

4. When you get to the Welcome to Setup screen, press ENTER to Setup Windows now

5. The Licensing Agreement comes next – Press F8 to accept it.

6. The next screen is the Setup screen which gives you the option to do a Repair.

It should read something like “If one of the following Windows XP installations is damaged, Setup can try to repair it”

Use the up and down arrow keys to select your XP installation (if you only have one, it should already be selected) and press R to begin the Repair process.

7. Let the Repair run. Setup will now check your disks and then start copying files which can take several minutes.

8. Shortly after the Copying Files stage, you will be required to reboot. (this will happen automatically – you will see a progress bar stating “Your computer will reboot in 15 seconds”

9. During the reboot, do not make the mistake of “pressing any key” to boot from the CD again! Setup will resume automatically with the standard billboard screens and you will noticeInstalling Windows is highlighted.

10. Keep your eye on the lower left hand side of the screen and when you see the Installing Devices progress bar, press SHIFT + F10. This is the security hole! A command console will now open up giving you the potential for wide access to your system.

11. At the prompt, type NUSRMGR.CPL and press Enter. Voila! You have just gained graphical access to your User Accounts in the Control Panel.

12. Now simply pick the account you need to change and remove or change your password as you prefer. If you want to log on without having to enter your new password, you can typecontrol userpasswords2 at the prompt and choose to log on without being asked for password. After you’ve made your changes close the windows, exit the command box and continue on with the Repair (have your Product key handy).

13. Once the Repair is done, you will be able to log on with your new password (or without a password if you chose not to use one or if you chose not to be asked for a password). Your programs and personalized settings should remain intact.

To finding the hacked website (Gumblar/Martuz)..

Published June 1, 2009 by Siva

To finding the website is hacked by someone or badware scripts running on the server. You can find here…

http://unmaskparasites.com/

This site should be healthy report…. If the report shows badware running..

You need to clean the site on the server & restore the old backup..

Then send review to google web tools &b google will unblock from google blacklist.

Email me for further doubts..

Thanks…