Domain: gotroot.com
Stories and comments across the archive that link to gotroot.com.
Comments · 12
-
How many SysAdmins will be logged in on Sunday?
Next 24 hours puts this fix release on Sunday. I, myself, can't wait to let my Apache source compiles rip upon release.
All jokes aside, what baffles me is even if you're clueless when it comes to Apache webserver security, there's plenty of best practices out there, especially using mod_security with some tuned SecRule's. The mitigation steps Apache provided (using mod_rewrite) almost identically mirror the out-of-the-box SecRule's provided at gotroot.com. This isn't a soapbox plug, I just think that this attack really isn't "new" as I've compensated for it for years on any Apache webserver setup, public or private facing. Might be a good idea for 'whomever' is supporting Apache to spend some time securing it so you don't waste your Sunday evenings.
-
Re:Could they not do the same with torrents?
There are options for anonymous torrents: i2p and TOR, although apparently TOR torrents only work on *nix.
I haven't tried either of these myself.
-
Re:Could they not do the same with torrents?
There are options for anonymous torrents: i2p and TOR, although apparently TOR torrents only work on *nix.
I haven't tried either of these myself.
-
modsecurity
I recently installed modsecurity http://www.modsecurity.org/ for apache along with the
rules from http://www.gotroot.com/ and it's done a good job of blocking attacks
on my server including a lot of the php mail() injection attempts.
ozgur uksal -
Install modsecurity
I recently installed modsecurity http://www.modsecurity.org/ for apache along with the rules from http://www.gotroot.com/ and it's done a good job of blocking attacks on my server including a lot of the php mail() injection attempts, whilst it has shown up a few false positives like someone posting a message with sql keywords e.g. "select" "from", it is certainly worth installing even if you have to monitor the logs for a bit afterwards to watch for the false positives and alter the rules accordingly.
Whilst it probably won't solve a lot of the problems with php and security it does help protect the server especially when you don't have control over what your users are uploading to their web space. -
mod_security
I've had quite good luck by using Apache mod_security (modsecurity.org) to filter web activity. Yes, all the suggestions people have been giving about CAPTCHAs, blocking people with addresses in high spam domains, etc., are all good and useful, but mod_security lets you cover a base those approaches are missing: it lets you block spammers from posting spam, even if they somehow manage to get through your registration defenses. I use a mod_security ruleset based on one published at http://gotroot.com/tiki-index.php?page=mod_securi
t y+rules which watches POST content for URLs and terms commonly used in spam postings, and blocks them--in adddition to rules that are more traditional for mod_security, such as blocking phpBB exploits--which I've also found it to be invaluable for. I administer several forums and wikis that were having quite bad problems, even with CAPTCHAs, email verification, and so on. . . but the problems pretty much went away once I pulled mod_security into the battle. -
Re:Good moderators help...
Problem there is that most of the domains used are only used for a few days, a week or two at most. After that, the malicious user moves on to the next throwaway domain name. Blog spam is all about getting one's pagerank high, so that someone looking for terms like xanax, or texas hold-em, will see the spammer's site above more legitimate sites. If you have mod_security installed, you may want to try the comment spam blacklist as a starting point. I recommend only using entries that are a couple months old, after that, spammers just don't use those domains.
-
Solution
Easy way of fixing the problem:
Install mod_security for Apache. Install the current development version (2.0.0-dev1) and use DNSBl with mod_security to block most of those spam-bots. Go to got root? and download their rule set and include it into your mod_security configuration.
That's it! This gives you a good tool set to fight the spam bots. I was able with the above mentioned setup to block ALL spam bots and all the anoying linkdumper bots, without any problems. -
Re:PHP vs. Java
If you're going to use PHP, please do yourself a huge favour and install mod_security.
Snarf mod_security from here and snarf the awesome rulesets available from gotroot.com
It's a DEAD EASY installation and is quite educational. You'll notice in the logs it generates that people/scripts are scanning your sites all freaking day for phpmyadmin, phpbb2 vulnerabilities etc. Awesome software.
mod_security should come OOTB with all Linux distros that use Apache, configured with a decent set of rules such as those from gotroot.com.
I sincerely wish the developers of PHP put more of a focus on security. It's a hard job: people are writing insecure PHP applications (heck, they're doing it in other languages as well such as Perl). I don't have a really intelligent suggestion here because I don't do a lot of PHP (I'm a systems guy rather than a developer) but it would be great if it wasn't so easy for PHP programmers to inadvertantly open up massive holes. It's probably not all laziness that causes most PHP applications to be insecure: sometimes programmers simply make mistakes. Anything the language can do (within reason) to help avoid these mistakes is a Good Thing. In the meantime, mod_security baby!
Cheers
Stor -
Re:GNUnet, better than 'torrent anyway...
the key point w.r.t. this article is that anonimity is 'built in'
bit torrent can be anonymized but, IMHO the (various) way of doing this all involve rather ugly hacks. -
Re:no login shell
Yes cgi access gives them a virtual shell, you can control how it functions.
You should be using mod_security.
http://understudy.net/tutorials.php?name=wget comes back failed You can run limited ablity shell accounts such as scponlyc (chrooted version of scponly)
And the servers I run on are all FreeBSD based.
Mod security can be found here:
http://modsecurity.org/
http://www.gotroot.com/tiki-index.php?page=mod_sec urity+rules
http://www.onlamp.com/pub/a/apache/2003/11/26/mod_ security.html -
Re:King Canute comes to mind
the next, harder to kill iterations are already developed.
it's just a matter of people starting to use them.. for example, there's bittorrent over i2p(http://www.gotroot.com/article/195). which works, I mean that it really works, the reason why it's not a good alternative for most folks hunting for tv episodes is that there's not enough people on it and sharing. and sure, there's overhead but bandwith is cheap.
when the riaa and mpaa get too hungry with their lawsuits people will be forced to change, so anything they do is pretty much futile in this regard. but that doesn't matter - the lawyers get their cash anyways so what would they care about which direction they are pushing things...