Archive | March, 2014

Linux Ninja Tux

Linux one-liner to detect Symlink Attack on web server

The symlink attack is an old favourite and still very much prevalent. This attack usually occurs after the attacker has been able to read the contents of the /etc/passwd file and has enumerated the server’s users. The attacker then runs a script which blindly builds symbolic links (a bit like shortcuts on Windows or Aliases […]

images

Install Drush on cPanel shared hosting

Drush is a command line shell and scripting interface for the popular Drupal CMS. To install Drush on almost all shared linux hosting platforms requires just a few steps at the command prompt. For the purposes of this guide, I’ll assume you already know how to connect to your hosting server using SSH to get […]

Every kept a password on a postit note?

Seven ways to improve small business security

I’ve worked with many small businesses over the years, and it’s probably fair to say that most view I.T. expenditure as a necessary evil. While a growing number of e-commerce businesses take greater care, small business security is often woefully neglected. Small business security statistics The cost of allowing unwelcome guests into your business computers can be […]

timemachine

Improve Time Machine performance with Big Bands

It may sound like some bizarre fusion between Duke Ellington and H.G.Wells, but, if you use a Time Machine via a NAS, Airport Extreme, or Airport Time Capsule (rather than a directly connected external drive), then you’ve probably experienced painfully slow time machine performance after several months of use. Time Machine backups are stored inside […]

Linux Ninja Tux

How to : strace php process via apache

This little adventure started today when a customer was complaining of having a slow website (8 seconds plus to serve the home page without any additional resources) for the past 10 days or so. No file modification or change dates matched this timeframe. Also, a scan using clam and another proprietary scanner showed up nothing, […]

Spam-Can

Exim spam hunting – essential one liners

Anyone who looks after an Exim MTA that relays outgoing SMTP at some point finds their installation has been abused by spammers. Given the poor security practices of many users, busy servers will see compromised mailboxes quite regularly. As a sysadmin you probably find out about it in one of two ways: During the attack, […]

Two Factor Authentication

Two Factor Authentication Explained

Passwords are dead Despite almost weekly reports of major security breeches single passwords still protect the majority of online accounts. At the last count, I had over 150 various online accounts protected by nothing more than a username and password. Is this sufficient? Ask anyone who works in the field of information security and in […]

Linux Ninja Tux

Kali – NMAP MaxMind GeoCity Lite Database Bug

Symptom : Looking up the location of IP addresses using Nmap fails when using the MaxMind GeoLocation script ip-geolocation-maxmind. Installing the Nmap MaxMind GeoCity Lite database in Kali (1.0.6)

OK, so now we try to use the database:

The result?

So, running with the -d debug option

We get

Checking […]

codeguardlogo

Safe Secure Website Backups with CodeGuard

The online backup business has quite simply exploded in the past couple of years. Well, it has as far as your personal computing environment is concerned. There are so many vendors offering cheap cloud storage for your PC it’s bewildering. But what about your website? How are you backing that up? Most CMS systems have […]

handbrake

Batch convert iPhoto Videos to MP4

Exporting videos from iPhoto is quite easy – just create a smart album to filter out your movies, then select the movies you want, and go to File > Export… and export the movies in their current formats. However, if you want to convert your videos into a consistent format that will play on your […]