On Jan 5, 2012, at 6:34 PM, Johnny Hughes joh...@centos.org wrote:
On 01/05/2012 02:51 PM, Bennett Haselton wrote:
On 1/5/2012 6:53 AM, Johnny Hughes wrote:
On 01/04/2012 07:47 PM, Bennett Haselton wrote:
On 1/4/2012 1:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else
1.) Attacker uses apache remote exploit (or other means) to obtain
your /etc/shadow file (not a remote shell, just GET the file
without that fact being logged);
I don't mean to thread-hijack, but I'm curious, if apache runs as
its
own non-root user and /etc/shadow is root-owned and
On Fri, Jan 6, 2012 at 1:52 PM, email builder emailbuilde...@yahoo.com wrote:
Apache starts as root so it can open port 80. Certain bugs might
happen before it switched to a non-privileged user. But, a more
likely scenario would be to get the ability to run some arbitrary
command through an
On Jan 5, 2012, at 11:13 PM, email builder wrote:
I don't mean to thread-hijack, but I'm curious, if apache runs as its
own non-root user and /etc/shadow is root-owned and 0400, then
how could any exploit of software not running as root ever have
access to that file??
To listen on the default
On 01/04/2012 07:47 PM, Bennett Haselton wrote:
On 1/4/2012 1:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else is peripheral.]
On Jan 4, 2012, at 2:58 PM, Bennett Haselton wrote:
To be absolutely clear: Do you, personally, believe there is more than a
1 in a million
On Wed, Jan 4, 2012 at 8:12 PM, Bennett Haselton benn...@peacefire.org wrote:
Yes, the totality of SELinux restrictions sounds like it could make a
system more secure if it helps to guard against exploits in the services
and the OS. My point was that some individual restrictions may not make
On Wednesday, January 04, 2012 08:47:47 PM Bennett Haselton wrote:
Well yes, on average, password-authentication is going to be worse
because it includes people in the sample who are using passwords like
Patricia. Did they compare the break-in rate for systems with 12-char
passwords vs.
On 01/05/2012 07:56 PM, Lamar Owen wrote:
On Wednesday, January 04, 2012 08:47:47 PM Bennett Haselton wrote:
Well yes, on average, password-authentication is going to be worse
because it includes people in the sample who are using passwords like
Patricia. Did they compare the break-in rate
On Thursday, January 05, 2012 02:25:50 PM Ljubomir Ljubojevic wrote:
What is sentiment about having dedicated box with only ssh, and then use
that one to raise ssh tunnels to inside systems? So there is no exploits
to be used, denyhosts in affect?
Without being too specific, I already do
On 01/05/2012 08:58 PM, Lamar Owen wrote:
1.) Boot and run the bastion hosts from customized LiveCD or LiveDVD on real
DVD-ROM read-only drives with no persistent storage (updating the LiveCD/DVD
image periodically with updates and with additional authentication users/data
as needed; DVD+RW
On 1/5/2012 6:53 AM, Johnny Hughes wrote:
On 01/04/2012 07:47 PM, Bennett Haselton wrote:
On 1/4/2012 1:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else is peripheral.]
On Jan 4, 2012, at 2:58 PM, Bennett Haselton wrote:
To be absolutely clear: Do you, personally,
On 01/05/2012 02:51 PM, Bennett Haselton wrote:
On 1/5/2012 6:53 AM, Johnny Hughes wrote:
On 01/04/2012 07:47 PM, Bennett Haselton wrote:
On 1/4/2012 1:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else is peripheral.]
On Jan 4, 2012, at 2:58 PM, Bennett Haselton wrote:
1.) Attacker uses apache remote exploit (or other means) to obtain
your /etc/shadow file (not a remote shell, just GET the file
without that fact being logged);
I don't mean to thread-hijack, but I'm curious, if apache runs as its
own non-root user and /etc/shadow is root-owned and 0400,
On 1/5/2012 9:13 PM, email builder wrote:
1.) Attacker uses apache remote exploit (or other means) to obtain
your /etc/shadow file (not a remote shell, just GET the file
without that fact being logged);
I don't mean to thread-hijack, but I'm curious, if apache runs as its
own non-root
On Thu, Jan 5, 2012 at 10:13 PM, email builder emailbuilde...@yahoo.com wrote:
1.) Attacker uses apache remote exploit (or other means) to obtain
your /etc/shadow file (not a remote shell, just GET the file
without that fact being logged);
I don't mean to thread-hijack, but I'm curious, if
On Tuesday, January 03, 2012 06:12:10 PM Bennett Haselton wrote:
I'm not sure what their logic is for recommending 80. But 72 bits
already means that any attack is so improbable that you'd *literally*
have to be more worried about the sun going supernova.
I'd be more worried about Eta
On Thu, Jan 5, 2012 at 1:32 AM, Lamar Owen lo...@pari.edu wrote:
root:LdP9cdON88yW
root:u2x2bz
root:6e51R12B3Wr0
root:nb0M4uHbI6M
root:c3qLzdl2ojFB
root:LX5ktj
root:34KQ
root:8kLKwwpPD
root:Bl95X1nU
root:3zSlRG73r17
root:fDb8
root:cAeM1KurR
root:MXf3RX7
root:4jpk
root:j00U3bG1VuA
On 1/4/2012 9:32 AM, Lamar Owen wrote:
On Tuesday, January 03, 2012 06:12:10 PM Bennett Haselton wrote:
I'm not sure what their logic is for recommending 80. But 72 bits
already means that any attack is so improbable that you'd *literally*
have to be more worried about the sun going
[Distilling to the core matter; everything else is peripheral.]
On Jan 4, 2012, at 2:58 PM, Bennett Haselton wrote:
To be absolutely clear: Do you, personally, believe there is more
than a
1 in a million chance that the attacker who got into my machine, got
it
by brute-forcing the password?
On 4.1.2012 20:58, Bennett Haselton wrote:
On 1/4/2012 9:32 AM, Lamar Owen wrote:
The slow brute-forcers are at work, and are spreading. ...
Well yes of course an attacker can try *particular* 12-character
passwords, I never said they couldn't :) ...
If you enforce use of ssh keys an
On Wed, Jan 4, 2012 at 4:13 PM, Markus Falb markus.f...@fasel.at wrote:
To be absolutely clear: Do you, personally, believe there is more than a
1 in a million chance that the attacker who got into my machine, got it
by brute-forcing the password?
I think it was Lamar trying to point out
On 01/04/2012 10:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else is peripheral.]
snip
It is a safe assumption that there are httpd exploits in the wild, that
are not known by the apache project, that specifically attempt to grab
/etc/shadow and send to the attacker.
On 1/4/2012 1:59 PM, Lamar Owen wrote:
[Distilling to the core matter; everything else is peripheral.]
On Jan 4, 2012, at 2:58 PM, Bennett Haselton wrote:
To be absolutely clear: Do you, personally, believe there is more than a
1 in a million chance that the attacker who got into my machine,
On 1/4/2012 3:01 PM, Marko Vojinovic wrote:
On Wednesday 04 January 2012 11:58:07 Bennett Haselton wrote:
If *everyone* used a 12-char random password, then the odds are that
*none* of the 10 million machines attacking 100 million servers would
hit on a success, not when there are 10^21
On 1/2/2012 11:04 PM, Les Mikesell wrote:
On Tue, Jan 3, 2012 at 12:41 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
Standard/non-standard isn't the point. The point is to control what an
app can do even if some unexpected flaw lets it execute arbitrary
code.
What's the scenario where
On 01/02/2012 10:48 PM, Bennett Haselton wrote:
True but I travel a lot and sometimes need to connect to the machines
from subnets that I don't know about in advance.
You could secure another system somewhere on the internet (could be a
$20/month virtual host), leave no pointers to your
Hello Craig,
On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
Very often, a single user with a
weak password has his account cracked and then a hacker can get a copy
of /etc/shadow and brute force the root password.
This is incorrect. The whole reasoning behind /etc/shadow is to hide the
On Tue, Jan 3, 2012 at 11:08 AM, Leonard den Ottolander
leon...@den.ottolander.nl wrote:
Hello Craig,
On Mon, 2012-01-02 at 01:04 -0700, Craig White wrote:
Very often, a single user with a
weak password has his account cracked and then a hacker can get a copy
of /etc/shadow and brute force
On 3 January 2012 02:30, Bennett Haselton benn...@peacefire.org wrote:
In other words, when SELinux causes a problem, it can take hours or days
to find out that SELinux is the cause -- and even then you're not done,
because you have to figure out a workaround if you want to fix the
problem
On 01/03/12 1:14 AM, Rudi Ahlers wrote:
How does something like c99shell allow a local user (not root) to read
the /etc/shadow file?
presumably it uses a suid utility? i'm not familiar with c99shell, but
thats classically how you elevate privileges.
--
john r pierce
On 1/2/2012 11:01 PM, John R. Dennison wrote:
On Mon, Jan 02, 2012 at 10:41:15PM -0800, Bennett Haselton wrote:
Again, you don't have to take my word for it -- in the first 10 Google
hits of pages with people posting about the problem I ran into, none of
the people helping them, thought to
Hello Rudi,
On Tue, 2012-01-03 at 11:14 +0200, Rudi Ahlers wrote:
How does something like c99shell allow a local user (not root) to read
the /etc/shadow file?
I do not vouch for every app that is written to break good security
practices. Try
$ ls -l /etc/shadow
If the tool you are using
On 1/3/2012 12:50 AM, Nataraj wrote:
On 01/02/2012 10:48 PM, Bennett Haselton wrote:
True but I travel a lot and sometimes need to connect to the machines
from subnets that I don't know about in advance.
You could secure another system somewhere on the internet (could be a
$20/month virtual
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton benn...@peacefire.org wrote:
But assuming the attacker is targeting my production system, suppose
they find a vulnerability and obtain the ability to run commands as root
on the system. Then wouldn't their first action be to remove
On Tuesday 03 January 2012 07:57:47 Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton benn...@peacefire.org
wrote:
But assuming the attacker is targeting my production system, suppose
they find a vulnerability and obtain the ability to run commands as root
on the
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton benn...@peacefire.org
wrote:
snip
OK but those are *users* who have their own passwords that they have
chosen, presumably. User-chosen passwords cannot be assumed
On Tue, Jan 3, 2012 at 9:31 AM, Marc Deop damnsh...@gmail.com wrote:
Openvpn runs over UDP. With the tls-auth option it won't respond to
an unsigned packet. So without the key you can't tell the difference
between a listening openvpn or a firewall that drops packets silently.
That is, you
On Tue, Jan 3, 2012 at 12:48 AM, Bennett Haselton benn...@peacefire.org wrote:
You can also set up openvpn on the server and control ports like ssh to
only be open to you if you are using an openvpn client to connect to the
machine.
True but I travel a lot and sometimes need to connect to
On Tue, Jan 3, 2012 at 3:14 AM, Rudi Ahlers r...@softdux.com wrote:
Very often, a single user with a
weak password has his account cracked and then a hacker can get a copy
of /etc/shadow and brute force the root password.
This is incorrect. The whole reasoning behind /etc/shadow is to hide
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
snip
OK but those are *users* who have their own passwords that they have
chosen,
Ljubomir,
Ljubomir Ljubojevic wrote:
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
snip
OK but those are *users* who have their
Whoops, sorry, thought this was offlist.
mark, not reading closely enough.
m.r...@5-cent.us wrote:
Ljubomir,
Ljubomir Ljubojevic wrote:
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3,
On 1/3/2012 11:36 AM, Ljubomir Ljubojevic wrote:
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
snip
OK but those are *users* who
On Jan 3, 2012 12:36 PM, Ljubomir Ljubojevic off...@plnet.rs wrote:
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
snip
OK
Bennett Haselton wrote:
mark wrote:
snip
1. How will you generate truly random? Clicks on a Geiger counter?
There is no such thing as a random number generator.
snip
That there are 10^21 possible random 12-character alphanumeric passwords
-- making it secure against brute-forcing -- is a
On 1/3/2012 12:31 PM, Pete Travis wrote:
On Jan 3, 2012 12:36 PM, Ljubomir Ljubojevicoff...@plnet.rs wrote:
On 01/03/2012 04:47 PM, m.r...@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett
On 1/3/2012 12:32 PM, m.r...@5-cent.us wrote:
Bennett Haselton wrote:
mark wrote:
snip
1. How will you generate truly random? Clicks on a Geiger counter?
There is no such thing as a random number generator.
snip
That there are 10^21 possible random 12-character alphanumeric passwords
--
Here's the qualifying statement I made, in an attempt to preempt pedantic
squabbles over my choice of arbitrary figures and oversimplified math:
I am not a statistician, but
Here is a statement intended to startle you into re-examining your position:
Simplistic probability puts the odds of
On Sunday, January 01, 2012 06:27:32 PM Bennett Haselton wrote:
(I have already practically worn out my keyboard explaining the math behind
why I think a 12-character alphanumeric password is secure enough :) )
Also see:
https://lwn.net/Articles/369703/
Bennett Haselton wrote:
On 1/3/2012 12:32 PM, m.r...@5-cent.us wrote:
Bennett Haselton wrote:
mark wrote:
snip
1. How will you generate truly random? Clicks on a Geiger counter?
There is no such thing as a random number generator.
snip
To date, *nobody* on this thread has ever responded
On 1/3/2012 2:04 PM, Lamar Owen wrote:
On Tuesday, January 03, 2012 03:24:34 PM Bennett Haselton wrote:
That there are 10^21 possible random 12-character alphanumeric passwords
-- making it secure against brute-forcing -- is a fact, not an opinion.
To date, *nobody* on this thread has ever
On 1/3/2012 2:10 PM, Pete Travis wrote:
Here's the qualifying statement I made, in an attempt to preempt pedantic
squabbles over my choice of arbitrary figures and oversimplified math:
I am not a statistician, but
Here is a statement intended to startle you into re-examining your position:
On Tue, Jan 3, 2012 at 5:12 PM, Bennett Haselton benn...@peacefire.org wrote:
The critical thing to remember is that in key auth the authenticating key
never leaves the client system, rather an encrypted 'nonce' is sent (the
nonce is encrypted by the authenticating key), which only the
On 1/3/2012 2:13 PM, Lamar Owen wrote:
On Sunday, January 01, 2012 06:27:32 PM Bennett Haselton wrote:
(I have already practically worn out my keyboard explaining the math behind
why I think a 12-character alphanumeric password is secure enough :) )
Also see:
https://lwn.net/Articles/369703/
On 1/3/2012 4:21 PM, Les Mikesell wrote:
On Tue, Jan 3, 2012 at 5:12 PM, Bennett Haseltonbenn...@peacefire.org
wrote:
The critical thing to remember is that in key auth the authenticating key
never leaves the client system, rather an encrypted 'nonce' is sent (the
nonce is encrypted by
On Tue, Jan 3, 2012 at 6:49 PM, Bennett Haselton benn...@peacefire.org wrote:
Of the compromised machines on the Internet, what proportion do you
think were hacked via MITM-and-advanced-crypto, compared to exploits in
the services?
Proportions don't matter. Unless you have something
On Wed, Jan 4, 2012 at 11:40 AM, Les Mikesell lesmikes...@gmail.com wrote:
Do you lock your doors or just leave them open because anyone who
wants in can break a window anyway?
Hi Benneth,
In conclusion, IMHO, I think you are worried too much :)
Don't be afraid just because it's a dangerous
If attack A is 1,000 times more likely
to work than attack B, you don't think it's more important to guard
against attack A?
It's not either/or here. You could be the guy who gets hit by lightning.
I'm not sure I entirely agree with you there Les.
I'm not going to delve into the
On Sun, 2012-01-01 at 14:23 -0800, Bennett Haselton wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company have now
been
On Mon, Jan 2, 2012 at 12:04 AM, Craig White craigwh...@azapple.com wrote:
On Sun, 2012-01-01 at 14:23 -0800, Bennett Haselton wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also
apparently
been
On Sun, Jan 1, 2012 at 6:04 PM, Ljubomir Ljubojevic off...@plnet.rs wrote:
On 01/02/2012 02:50 AM, Bennett Haselton wrote:
I'm not sure what you mean by an exploit from a web board which is
apparently designed to pull outside traffic. Like Ljubomir said, it
looks
like a script that is
On 01/02/2012 02:04 AM, Craig White wrote:
On Sun, 2012-01-01 at 14:23 -0800, Bennett Haselton wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines
On Mon, Jan 2, 2012 at 6:03 AM, Bennett Haselton benn...@peacefire.org wrote:
I tried SELinux but it broke so much needed functionality on the server
that it was not an option.
Pretty much all of the stock programs work with SELinux, so this by
itself implies that you are running 3rd party or
Hello,
just if it helps, please find below these lines the steps I have used to
analyze several suspicious machines in some customers, to check if they
have been compromised or not:
* Chrootkit rkhunter - To search for known trojans and common linux
malware.
* unhide
On 1/2/2012 9:18 AM, Les Mikesell wrote:
On Mon, Jan 2, 2012 at 6:03 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
I tried SELinux but it broke so much needed functionality on the server
that it was not an option.
Pretty much all of the stock programs work with SELinux, so this by
On 1/2/2012 9:18 AM, Les Mikesell wrote:
There have been many, many vulnerabilities that permit local user
privilege escalation to root (in the kernel, glibc, suid programs,
etc.) and there are probably many we still don't know about. They
often require writing to the filesystem. For example,
On 01/03/2012 03:30 AM, Bennett Haselton wrote:
In other words, when SELinux causes a problem, it can take hours or days
to find out that SELinux is the cause -- and even then you're not done,
because you have to figure out a workaround if you want to fix the
problem while keeping SELinux
On 1/2/2012 9:41 PM, Ljubomir Ljubojevic wrote:
On 01/03/2012 03:30 AM, Bennett Haselton wrote:
In other words, when SELinux causes a problem, it can take hours or days
to find out that SELinux is the cause -- and even then you're not done,
because you have to figure out a workaround if you
On Mon, Jan 2, 2012 at 8:30 PM, Bennett Haselton benn...@peacefire.org wrote:
What apps are those (i.e. the ones that
SELinux would have broken) and if they are open source, have those
projects updated the app or the underlying language(s)/libraries since
you have?
So here's a perfect
On Jan 2, 2012, at 9:37 PM, Bennett Haselton wrote:
On 1/2/2012 9:18 AM, Les Mikesell wrote:
There have been many, many vulnerabilities that permit local user
privilege escalation to root (in the kernel, glibc, suid programs,
etc.) and there are probably many we still don't know about. They
On Jan 2, 2012, at 9:30 PM, Bennett Haselton wrote:
On 1/2/2012 9:18 AM, Les Mikesell wrote:
On Mon, Jan 2, 2012 at 6:03 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
I tried SELinux but it broke so much needed functionality on the server
that it was not an option.
Pretty much all of
On 1/2/2012 8:11 PM, RILINDO FOSTER wrote:
On Jan 2, 2012, at 9:30 PM, Bennett Haselton wrote:
On 1/2/2012 9:18 AM, Les Mikesell wrote:
On Mon, Jan 2, 2012 at 6:03 AM, Bennett Haseltonbenn...@peacefire.org
wrote:
I tried SELinux but it broke so much needed functionality on the server
On 1/2/2012 7:48 PM, Les Mikesell wrote:
On Mon, Jan 2, 2012 at 8:30 PM, Bennett Haseltonbenn...@peacefire.org
wrote:
What apps are those (i.e. the ones that
SELinux would have broken) and if they are open source, have those
projects updated the app or the underlying
On Tue, Jan 3, 2012 at 12:23 AM, Bennett Haselton benn...@peacefire.org wrote:
So I stand by the statement that SELinux is more likely to cause
problems that are hard to figure out for people who aren't professional
admins.
Don't think anyone claims otherwise. Or that security is easy.
On 1/2/2012 7:29 AM, Johnny Hughes wrote:
On 01/02/2012 02:04 AM, Craig White wrote:
On Sun, 2012-01-01 at 14:23 -0800, Bennett Haselton wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
On Mon, Jan 02, 2012 at 10:41:15PM -0800, Bennett Haselton wrote:
Again, you don't have to take my word for it -- in the first 10 Google
hits of pages with people posting about the problem I ran into, none of
the people helping them, thought to suggest SELinux as the cause of the
problem.
On Tue, Jan 3, 2012 at 12:41 AM, Bennett Haselton benn...@peacefire.org wrote:
Standard/non-standard isn't the point. The point is to control what an
app can do even if some unexpected flaw lets it execute arbitrary
code.
What's the scenario where this port restriction would make a
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company have now
been hacked, but this hasn't happened to any of the other 37 dedicated
2012/1/2 Bennett Haselton benn...@peacefire.org:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company have now
been hacked, but
On Sun, Jan 1, 2012 at 2:55 PM, Eero Volotinen eero.voloti...@iki.fiwrote:
2012/1/2 Bennett Haselton benn...@peacefire.org:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also
apparently
been hacked.
On Jan 1, 2012, at 5:23 PM, Bennett Haselton benn...@peacefire.org wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also apparently
been hacked. Since 2 of out of 3 machines hosted at that company
On Sun, Jan 1, 2012 at 4:23 PM, Bennett Haselton benn...@peacefire.org wrote:
So, following people's suggestions, the machine is disconnected and hooked
up to a KVM so I can still examine the files. I've found this file:
-rw-r--r-- 1 root root 1358 Oct 21 17:40 /home/file.pl
which appears to
On 01/02/2012 12:27 AM, Bennett Haselton wrote:
On Sun, Jan 1, 2012 at 2:55 PM, Eero Volotineneero.voloti...@iki.fiwrote:
2012/1/2 Bennett Haseltonbenn...@peacefire.org:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting
On Sun, Jan 1, 2012 at 4:57 PM, Rilindo Foster rili...@me.com wrote:
On Jan 1, 2012, at 5:23 PM, Bennett Haselton benn...@peacefire.org
wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second machine hosted at the same hosting company has also
≈On Jan 1, 2012, at 8:24 PM, Bennett Haselton wrote:
On Sun, Jan 1, 2012 at 4:57 PM, Rilindo Foster rili...@me.com wrote:
On Jan 1, 2012, at 5:23 PM, Bennett Haselton benn...@peacefire.org
wrote:
(Sorry, third time -- last one, promise, just giving it a subject line!)
OK, a second
On Sun, Jan 1, 2012 at 5:33 PM, RILINDO FOSTER rili...@me.com wrote:
≈On Jan 1, 2012, at 8:24 PM, Bennett Haselton wrote:
On Sun, Jan 1, 2012 at 4:57 PM, Rilindo Foster rili...@me.com wrote:
On Jan 1, 2012, at 5:23 PM, Bennett Haselton benn...@peacefire.org
wrote:
(Sorry, third
On Jan 1, 2012, at 8:50 PM, Bennett Haselton wrote:
On Sun, Jan 1, 2012 at 5:33 PM, RILINDO FOSTER rili...@me.com wrote:
≈On Jan 1, 2012, at 8:24 PM, Bennett Haselton wrote:
On Sun, Jan 1, 2012 at 4:57 PM, Rilindo Foster rili...@me.com wrote:
On Jan 1, 2012, at 5:23 PM, Bennett
On Sun, Jan 1, 2012 at 5:01 PM, Les Mikesell lesmikes...@gmail.com wrote:
On Sun, Jan 1, 2012 at 4:23 PM, Bennett Haselton benn...@peacefire.org
wrote:
So, following people's suggestions, the machine is disconnected and
hooked
up to a KVM so I can still examine the files. I've found
On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER rili...@me.com wrote:
The script in question is an exploit from a web board which is apparently
designed to pull outside traffic. If you had SELinux, it would put httpd in
its own context and by default, it will NOT allow connections from that
On 01/02/2012 02:50 AM, Bennett Haselton wrote:
I'm not sure what you mean by an exploit from a web board which is
apparently designed to pull outside traffic. Like Ljubomir said, it looks
like a script that is used from machine X to DOS attack machine Y, if
machine Y has the VBulletin
On Sun, Jan 1, 2012 at 6:03 PM, Fajar Priyanto fajar...@arinet.org wrote:
On Mon, Jan 2, 2012 at 9:33 AM, RILINDO FOSTER rili...@me.com wrote:
The script in question is an exploit from a web board which is
apparently designed to pull outside traffic. If you had SELinux, it would
put httpd in
91 matches
Mail list logo
