I can think of some reasons why folks might use the Googlebot user agent on their non-Google bots, but I can’t think of any good, upstanding reasons to do it. Here’s how one might find some fine folks who would do such a thing. As of right now (May 2018), all valid Google Bot source
Logwatch is a great utility for emailing me a summary of system logs over the last 24 hours. One of the things it shows are unsuccessful login attempts and their source IP addresses. But the default unsorted output is hard to analyze and take action on, since a single IP may appear many times in
The NoScript extension is fantastic at enhancing one’s security while browsing. Sure, it’s a bit of pain to get used to needing to allow scripts for new websites visited (temporarily or permanently). But I wanted to use bookmarklets to post selected stuff in my Dokuwiki with the dokubookmark plugin. The problem was, every time I
It took a while before I figured out why LFD wasn’t logging any issues to kern.log on my Debian-based systems. I realized at some point that it worked when I first installed CSF, but then logged nothing after the first day.
Just a quick one-liner for posterity. [crayon-5ce272f28781d599928136/]
I was experiencing a pretty bad slowdown while trying to use the admin pages of a WordPress site recently. The load on the machine was quite low, so I began to suspect that it was trying to call out to external services (facebook, pinterest, etc) that might have been blocked by CSF (configserver firewall). I
I recently skimmed a paper showing the success of attacking the security of various password database file formats. The only one which withstood both the passive and active attacks was the Password Safe format.
I noticed that I was getting emails from LFD (part of the ConfigServer Firewall package) about failing to find some added check line it was sending to syslog. The syslog message looks like this: lfd[%d]: *SYSLOG CHECK* Failed to detect check line [%s] sent to SYSLOG Of course I’ve replaced the pid with %d and
I was enjoying trying out APF on my Raspberry Pi, but I noticed that it wasn’t blocking repeat attackers the way I wanted it to. fail2ban was working the way it was supposed to work, but it only blocks temporarily, and I never figured out why the gamin back-end to continuously monitor log files didn’t
The Debian / Ubuntu package for Advanced Policy Firewall (APF) seems a bit unmaintained. By default it won’t run without some initial tweaking. Note that they probably want everyone to just download and run the installer from their site nowadays, but that’s not how I roll (usually). [crayon-5ce272f2879a0543374019/] In functions.apf, change the line [crayon-5ce272f2879a5203686140/] to
APF is wonderful for a good-enough firewall solution for a lot of people. But what if you also want the power of another great tool, fail2ban? The problem is, fail2ban wants to make changes directly to iptables, which APF is maintaining. Rules that fail2ban writes will be overwritten by APF. I found the solution is
I was curious to see how quickly I could transfer files to my Pi using SSH rather than FTP. Obviously using FTP is way faster than almost any other method, but still I wanted to see how fast I could transfer data over SSH. Here’s the time it took to transfer a 50 MB file
On Ubuntu/Debian, you can sudo apt-get install openssl-blacklist.Then just run the following: [crayon-5ce272f287b82766932851/] The last line of output is the most important; It should read “not blacklisted.” :-)
looks pretty cool. This project claims to want to apply the PKI web-of-trust to different services like web browsing and SSH. By querying the public keys stored on key servers, you wouldn’t need to guess that the remote site was providing their actual key the first time you connect, like you normally would when connecting
I wrote before about Cryptocat, and now it seems Schneier has weighed in on the idea, agreeing with researcher Chris Soghoian that depending on host-based security makes it actually not very secure at all. Enter Cryptocat 2, an iterative improvement moving towards a browser plugin to avoid the host-based dependency. Good on ’em!