Am 31.08.2011 15:35, schrieb Karanbir Singh:
PS: To install iptables from source is pretty straightforward:
get the tarball from netfilter.org, unpack and run:
./configure --prefix=/opt/iptables make make install
And at that point you lose. All management capability or the
Am 31.08.2011 15:18, schrieb Always Learning:
uname -a = 2.6.35.4 #2 (don't know how this got installed)
This is not a CentOS-provided kernel; as has been said elsewhere
in the thread, this is likely an OpenVZ kernel. Your hosting
No stock OpenVZ kernel, see
Are you a dog lover ? I like dogs too. They usually bark at strangers.
Paul.
PLONK
see also http://en.wikipedia.org/wiki/Plonk_%28Usenet%29
best regards
---
Michael
___
CentOS mailing list
CentOS@centos.org
On Wed, Aug 31, 2011 at 04:43:46AM +0100, Always Learning wrote:
That you for the useful enlightenment. I was unaware it was an OpenVZ. I
thought is was XEN on Ubuntu.
Next time, try posting more usefull information stating that you are indeed
running CentOS on a CentOS support mailing list and
On Tue, Aug 30, 2011 at 10:24 PM, Always Learning cen...@u61.u22.net wrote:
On a VPS I wanted to add to IP tables:-
iptables -A -p tcp -m string --algo bm --string 'login' -j DROP
I got:
iptables: Unknown error 18446744073709551615
uname -a = 2.6.35.4 #2 (don't know how
Am 31.08.2011 04:24, schrieb Always Learning:
On a VPS I wanted to add to IP tables:-
iptables -A -p tcp -m string --algo bm --string 'login' -j DROP
I got:
iptables: Unknown error 18446744073709551615
uname -a = 2.6.35.4 #2 (don't know how this got installed)
lsmod | grep
On Tuesday, August 30, 2011 10:24:41 PM Always Learning wrote:
On a VPS I wanted to add to IP tables:-
iptables -A -p tcp -m string --algo bm --string 'login' -j DROP
iptables: Unknown error 18446744073709551615
uname -a = 2.6.35.4 #2 (don't know how this got installed)
This is
On Wed, 2011-08-31 at 09:01 -0400, Lamar Owen wrote:
On Tuesday, August 30, 2011 10:24:41 PM Always Learning wrote:
uname -a = 2.6.35.4 #2 (don't know how this got installed)
This is not a CentOS-provided kernel; as has been said elsewhere
in the thread, this is likely an OpenVZ
On 08/31/2011 12:10 PM, Walter Haidinger wrote:
PS: To install iptables from source is pretty straightforward:
get the tarball from netfilter.org, unpack and run:
./configure --prefix=/opt/iptables make make install
And at that point you lose. All management capability or the
On Wednesday, August 31, 2011 09:18:26 AM Always Learning wrote:
A very helpful and knowledgeable poster, Walter Haidinger, in his email
dated Wed, 31 Aug 2011 13:10:16 +0200 (12:10 BST), gave what appears to
be an ideal solution.
* get a more recent iptables from netfilter.org
It's
Perhaps the most important point here is that the script kiddies and/or
bots usually make sure the target string, 'login' in your example is *not*
contained within a single packet. You can verify this with wireshark. In
any case just be aware that your solution will likely not have the
On Wed, 2011-08-31 at 09:54 -0400, Lamar Owen wrote:
It's less than ideal to install anything from source, as Karanbir
has so correctly pointed out downthread.
Sometimes it is necessary; but it is never ideal, for the reasons KB
stated
The service provider has suggested it needs the
On 08/31/11 7:22 AM, Always Learning wrote:
In the current 4,000 to 6,000 daily hits, the lunatic uses
login.php
contact.php
forgotten_password.php
your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
running on distributed previously hacked hosts, and probing
On Wed, 2011-08-31 at 08:07 -0700, John R Pierce wrote:
On 08/31/11 7:22 AM, Always Learning wrote:
In the current 4,000 to 6,000 daily hits, the lunatic uses
login.php
contact.php
forgotten_password.php
your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
John R Pierce wrote:
On 08/31/11 7:22 AM, Always Learning wrote:
In the current 4,000 to 6,000 daily hits, the lunatic uses
login.php
contact.php
forgotten_password.php
your 'lunatic' aka 'hacker' is undoubtably a blind script ('bot')
running on distributed previously
On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote:
Maybe not, for a small website. However, let me re-suggest fail2ban, with
three lines from one of our config files:
failregex = HOST -.*GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
onfig\.inc|main)\.php.*.*404.*
On 8/31/2011 11:22 AM, Always Learning wrote:
On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote:
Maybe not, for a small website. However, let me re-suggest fail2ban, with
three lines from one of our config files:
failregex = HOST -.*GET .*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote:
I assume this is an Apache server. Have you looked at mod_security
(http://www.modsecurity.org/)? It is available from the epel
repository. There is a bit of a learning curve to get it running, but
it protects against a ton of hacking
Always Learning wrote:
On Wed, 2011-08-31 at 11:16 -0400, m.r...@5-cent.us wrote:
Maybe not, for a small website. However, let me re-suggest fail2ban,
with
three lines from one of our config files:
failregex = HOST -.*GET
.*(php|pma|PMA|p/m/a|db|sql|admin).*/(config/c
On 08/31/11 8:22 AM, Always Learning wrote:
Looking at your example seems to suggest Fail2Ban is an 'after the
event' response. I would like to implement 'before the event' filtering
which prevents, even on the first detected hacking attempt, anything
reaching HTTPD.
so you want another piece
On 8/31/2011 11:32 AM, Always Learning wrote:
On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote:
I assume this is an Apache server. Have you looked at mod_security
(http://www.modsecurity.org/)? It is available from the epel
repository. There is a bit of a learning curve to get it
On Wed, 2011-08-31 at 08:41 -0700, John R Pierce wrote:
On 08/31/11 8:22 AM, Always Learning wrote:
Looking at your example seems to suggest Fail2Ban is an 'after the
event' response. I would like to implement 'before the event' filtering
which prevents, even on the first detected hacking
On Wed, 2011-08-31 at 11:51 -0400, Bowie Bailey wrote:
On 8/31/2011 11:32 AM, Always Learning wrote:
On Wed, 2011-08-31 at 11:29 -0400, Bowie Bailey wrote:
I assume this is an Apache server. Have you looked at mod_security
(http://www.modsecurity.org/)? It is available from the epel
On 08/31/11 9:00 AM, Always Learning wrote:
No I do not want another piece of software to parse the http protocol
and analyze the traffic.
IT Tables, in which I have great confidence and trust, can do it.
iptables will filter on packet headers and such at layer 3, it can't and
won't analyze
UPDATE:
I started with kernel 2.6.35.4 #2 and lsmod | grep ipt = ipt_LOG 5419 2.
My service provider produced a replacement kernel 2.6.24-28-xen #1.
Now lsmod | grep ipt reveals ..
ipt_LOG 8192 2
iptable_filter 4608 1
ip_tables 24232 1
On Wed, 2011-08-31 at 09:11 -0700, John R Pierce wrote:
iptables will filter on packet headers and such at layer 3, it can't
and won't analyze the content of packets, regardless of your emotional
attachments.
I believe IP Tables '-m string' will. If you think the custodians and
maintainers
On Wednesday, August 31, 2011 11:15:20 AM Always Learning wrote:
Dangerous to ignore any background noise - far better to
firmly shut the door and fill-in all known holes.
The unknown holes are the ones that will get you.
You are also setting yourself up for a denial-of-service vector.
On 08/31/11 9:32 AM, Always Learning wrote:
Wrong. Some can be determined by machine searching for 'known' invalid
URL strings which are not remotely similar to valid web page names.
there's an infinite number of invalid strings, and only a finite number
of valid ones.
anyways, your webserver
On Wed, 2011-08-31 at 10:17 -0700, John R Pierce wrote:
anyways, your webserver already filters these out, its not going to
respond to an invalid URL with anything other than '404'. thats its
job.
The 'error' is trapped; a PHP routine examines the URL for known (in a
list) hacker strings;
On Wed, Aug 31, 2011 at 12:17 PM, John R Pierce pie...@hogranch.com wrote:
Wrong. Some can be determined by machine searching for 'known' invalid
URL strings which are not remotely similar to valid web page names.
there's an infinite number of invalid strings, and only a finite number
of
On Wed, 2011-08-31 at 13:01 -0400, Lamar Owen wrote:
On today's Internet you are simply not going to catch 100% of the
attacks, full stop.
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most of them.
Paul.
On 08/31/11 10:33 AM, Always Learning wrote:
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most of them.
an attempted access of a non-vunerability won't be any more effective
the millionth time its run than the first time. its the
On Wed, 2011-08-31 at 10:38 -0700, John R Pierce wrote:
On 08/31/11 10:33 AM, Always Learning wrote:
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most of them.
an attempted access of a non-vunerability won't be any more
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote:
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most of them.
Getting the last 10% will cost you 90% of your time.
___
CentOS
On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote:
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote:
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most of them.
Getting the last 10% will cost you 90% of your
On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote:
On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote:
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote:
Rather than being a willing or passive victim to 100% of the attacks, I
aim to reduce the penetrability of most
On Wed, 2011-08-31 at 22:08 +0200, Louis Lagendijk wrote:
On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote:
On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote:
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote:
Rather than being a willing or passive victim to
On Aug 31, 2011, at 1:08 PM, Louis Lagendijk wrote:
On Wed, 2011-08-31 at 19:00 +0100, Always Learning wrote:
On Wed, 2011-08-31 at 13:55 -0400, Lamar Owen wrote:
On Wednesday, August 31, 2011 01:33:31 PM Always Learning wrote:
Rather than being a willing or passive victim to 100% of the
On Wed, 2011-08-31 at 16:11 -0700, Craig White wrote:
More to the point, he disables SELinux and then spends hours trying to
improve security.
Tell the world the ENTIRE story.
Disabled it because things would not run. Said publicly in the last 7
days will find time to learn about Selinux and
On Thu, Sep 01, 2011 at 12:28:01AM +0100, Always Learning wrote:
Tell the world the ENTIRE story.
That you never listen to anyone but yourself? I'm confident that this
is a known fact.
I am trying to filter-out some web page access attepts in IP Tables.
When will you accept that has
On 08/31/11 4:28 PM, Always Learning wrote:
Disabled it because things would not run.
Always Talking. Never Learning.
--
john r pierceN 37, W 122
santa cruz ca mid-left coast
___
CentOS mailing
On Wed, 2011-08-31 at 18:06 -0700, John R Pierce wrote:
On 08/31/11 4:28 PM, Always Learning wrote:
Disabled it because things would not run.
Always Talking. Never Learning.
Always Learning despite the taunts !
Paul.
___
CentOS mailing list
On 01/09/11 00:28, Always Learning wrote:
On Wed, 2011-08-31 at 16:11 -0700, Craig White wrote:
More to the point, he disables SELinux and then spends hours trying to
improve security.
Tell the world the ENTIRE story.
Disabled it because things would not run. Said publicly in the last 7
On a VPS I wanted to add to IP tables:-
iptables -A -p tcp -m string --algo bm --string 'login' -j DROP
I got:
iptables: Unknown error 18446744073709551615
uname -a = 2.6.35.4 #2 (don't know how this got installed)
lsmod | grep ipt = ipt_LOG 5419 2
yum upgrade iptables* =
On 08/31/2011 12:24 PM, Always Learning wrote:
On a VPS I wanted to add to IP tables:-
iptables -A -p tcp -m string --algo bm --string 'login' -j DROP
I got:
iptables: Unknown error 18446744073709551615
uname -a = 2.6.35.4 #2 (don't know how this got installed)
I'm
On Wed, 2011-08-31 at 13:02 +1000, Steve Walsh wrote:
I'm wagering that's not the full output of uname -a. As far as I'm
aware, centos have never shipped a 2.6.35 kernel with any release, and
that's the sort of error you get with a openVZ stab (or Stable)
kernel, where unless the host
On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
Have already done that. I'm getting about 6,000 web hits a day (all
wrong URLs) from a lunatic who I can stop in IP Tables but only if the
alleged Centos version is up-to-date.
Has nothing to do with being up-to-date; it has to
On Tue, 2011-08-30 at 22:11 -0500, John R. Dennison wrote:
On Wed, Aug 31, 2011 at 04:07:44AM +0100, Always Learning wrote:
Have already done that. I'm getting about 6,000 web hits a day (all
wrong URLs) from a lunatic who I can stop in IP Tables but only if the
alleged Centos version
On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
NO I will not. I have already emailed them.
Then you won't get the support. Period.
The necessary IP Tables facilities are not available. Therefore,
contrary to your strange assertion Has nothing to do with being
up-to-date
On 08/31/2011 01:17 PM, Always Learning wrote:
NO I will not. I have already emailed them.
wowjust...wow.
The necessary IP Tables facilities are not available. Therefore,
contrary to your strange assertion Has nothing to do with being
up-to-date that IP Tables version is certain
On Tue, 2011-08-30 at 22:22 -0500, John R. Dennison wrote:
On Wed, Aug 31, 2011 at 04:17:36AM +0100, Always Learning wrote:
NO I will not. I have already emailed them.
Then you won't get the support. Period.
Utter rubbish. They are excellent either by phone or by email.
It's not
On Wed, Aug 31, 2011 at 04:30:37AM +0100, Always Learning wrote:
Thank you for informing me the 'choice' is mine. Without such undoubted
inspirational wisdom I would never have known I had a choice. I am most
grateful to you.
The choice is indeed yours. You can 1) listen to those that know
On Wed, 2011-08-31 at 13:30 +1000, Steve Walsh wrote:
They have not been included, probably because you are running an openVZ
'stab' kernel. Failing to give us the complete output in your initial
post means that anyone helping you is taking blind guesses.
That you for the useful
On Tue, 2011-08-30 at 22:41 -0500, John R. Dennison wrote:
The choice is indeed yours.
Thanks for confirming that again. Its really nice of you to keep
reminding me.
You can 1) listen to those that know what
they are talking about and probably have 50 years of combined experience;
or 2)
On Wed, Aug 31, 2011 at 04:54:33AM +0100, Always Learning wrote:
Thanks for confirming that again. Its really nice of you to keep
reminding me.
Sigh.
Can you please stop barking? Your need to get the last word in on EVERY
thread is more than a little annoying. Just to end this, you can be
On Tue, 2011-08-30 at 23:08 -0500, John R. Dennison wrote:
Sigh.
Can you please stop barking?
Are you a dog lover ? I like dogs too. They usually bark at strangers.
Paul.
___
CentOS mailing list
CentOS@centos.org
56 matches
Mail list logo