RE: Site whoring...
Have you ever used NetBeans for Rails development? It's awesome. Kevin Sent from my Nokia phone -Original Message- From: Craig White Sent: 02/15/2010 11:07:29 PM Subject: Re: Site whoring... On Mon, 2010-02-15 at 22:48 -0700, Eric Cope wrote: what tools did you use? ruby on rails (sorry, probably should have mentioned) but development entirely with Quanta Plus (KDEwebdevelopment) and a whole lot of different Geo tools which give me lat/lng of every salon as I enter them, GeoIP_City which does a reasonable job of approximating the location of visitors (damn Qwest seems to identify everyone in the valley as being in Peoria) but there is a bunch of different stuff including some nice javascript stuff on the site Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: Site whoring...
No - I should check it out... thanks. I only have minor quibbles with Quanta and I haven't seen enough in IDE's to convince me that is the path for me. Craig On Tue, 2010-02-16 at 14:33 +, Kevin Fries wrote: Have you ever used NetBeans for Rails development? It's awesome. Kevin Sent from my Nokia phone -Original Message- From: Craig White Sent: 02/15/2010 11:07:29 PM Subject: Re: Site whoring... On Mon, 2010-02-15 at 22:48 -0700, Eric Cope wrote: what tools did you use? ruby on rails (sorry, probably should have mentioned) but development entirely with Quanta Plus (KDEwebdevelopment) and a whole lot of different Geo tools which give me lat/lng of every salon as I enter them, GeoIP_City which does a reasonable job of approximating the location of visitors (damn Qwest seems to identify everyone in the valley as being in Peoria) but there is a bunch of different stuff including some nice javascript stuff on the site Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
Why Craig! I didn't know you had a sensual artistic side! I would enter, but, frankly, I don't imagine I am qualified to really kick these tires. [I fear I would get an entry in post 9/11 Department of Homeland Security database (online gay erotic/personal services); you should have seen the sites we managed in the early years of the internet in the 1990's, sheesh!] On Mon, Feb 15, 2010 at 10:35 PM, Craig White craigwh...@azapple.comwrote: Just launched a new web site for a friend/customer... about 6 weeks of development time **whew** http://www.allasianmassage.com (a little rushed but seems to be pretty stable and pretty well debugged... no money/time for TDD) Entirely built using Linux tools on Fedora, running on Linux (also Fedora). Linode VPS host (seems to be a very good provider and actually didn't have to ask them a single question) Please kick the tires Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Skype: (623)239-3392 ATT: (503)754-4452 http://www.obnosis.com http://uncyclopedia.wikia.com/wiki/Linux_Users_Anonymous --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
I used to code entirely in Quanta, and always loved it. When they switched to KDE 4, I have since used regular kwrite and kate for all my coding as Quanta has been too unstable. I will have to look at it again. Lately, as in the last 3 months, I have been using the latest kdevelop and absolutely love it for php, I have to say it rocks! I can only imagine Quanta must be fairly stable now as well. Nathan On Tue, Feb 16, 2010 at 8:59 AM, Lisa Kachold lisakach...@obnosis.comwrote: Why Craig! I didn't know you had a sensual artistic side! I would enter, but, frankly, I don't imagine I am qualified to really kick these tires. [I fear I would get an entry in post 9/11 Department of Homeland Security database (online gay erotic/personal services); you should have seen the sites we managed in the early years of the internet in the 1990's, sheesh!] On Mon, Feb 15, 2010 at 10:35 PM, Craig White craigwh...@azapple.comwrote: Just launched a new web site for a friend/customer... about 6 weeks of development time **whew** http://www.allasianmassage.com (a little rushed but seems to be pretty stable and pretty well debugged... no money/time for TDD) Entirely built using Linux tools on Fedora, running on Linux (also Fedora). Linode VPS host (seems to be a very good provider and actually didn't have to ask them a single question) Please kick the tires Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Skype: (623)239-3392 ATT: (503)754-4452 http://www.obnosis.com http://uncyclopedia.wikia.com/wiki/Linux_Users_Anonymous --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
A baby-step in the right direction...
Greetings All, Part of my job is to make all the various maps we use on our campus, showing safety exits, locations for emergency equipment, main electric and water shut-offs, or just to show new people how to get from point A to point B. When I first approached the IT department several years ago, and asked them for a decent graphics application to make these maps with, they told me to use Paint! I told them I'd prefer to use Inkscape, and they replied We don't do 'Free-ware'..., and nothing I could say would change their minds. Instead, I loaded Debian onto an old laptop and for the past several years have been using it for all the graphics I need for maps, powerpoints, etc., which I then convert to .png files for use on the intranet, or .pdf files to print them out. Just this past week, I finally convinced our new IT director to install the Windows version of Inkscape on my work computer since I've been using it for the past several years anyway. A baby-step in the right direction for them, and I can finally take my old laptop home! Stu --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
Date a Masseuse? On Mon, Feb 15, 2010 at 10:35 PM, Craig White craigwh...@azapple.com wrote: Just launched a new web site for a friend/customer... about 6 weeks of development time **whew** http://www.allasianmassage.com (a little rushed but seems to be pretty stable and pretty well debugged... no money/time for TDD) Entirely built using Linux tools on Fedora, running on Linux (also Fedora). Linode VPS host (seems to be a very good provider and actually didn't have to ask them a single question) Please kick the tires Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
I found the email subject a little too ironic :) On Tue, Feb 16, 2010 at 12:42 PM, Stephen cryptwo...@gmail.com wrote: Date a Masseuse? On Mon, Feb 15, 2010 at 10:35 PM, Craig White craigwh...@azapple.com wrote: Just launched a new web site for a friend/customer... about 6 weeks of development time **whew** http://www.allasianmassage.com (a little rushed but seems to be pretty stable and pretty well debugged... no money/time for TDD) Entirely built using Linux tools on Fedora, running on Linux (also Fedora). Linode VPS host (seems to be a very good provider and actually didn't have to ask them a single question) Please kick the tires Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Need a consultant
Greetings, Hello all a customer contacted me today and they appear to have a root kit or some other software placed on their system that is causing it to act as a proxy used in attacks on other servers causing their ISP to kill em. They prefer to clean and recover over re-install. There system is Centos 5 but no other details are available. If your a security person and would like to consult this client Please email me for contact information. Thanks, -- James Finstrom Rhino Equipment Corp. http://rhinoequipment.com ~ http://postug.com Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826 Twitter: http://twitter.com/rhinoequipment IP: gu...@asterisk.rhinoequipment.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need a consultant
My 2 cents :) It may be a simple web form exploit or something more serious and they have no guarantee that it won't be exploited again and again. I'm not a security expert but used to hang out with hackers back when it was just starting to be illegal and have a good understanding of how they think and operate. I'm perfectly capable of doing such things but thankfully hacking never appealed to me :) Good hackers will patch your system in ways you would never detect... for that matter you'd never even know they were there... they won't show up in a process list, you won't find their files searching for them, they eliminate any trace of themselves in logs, and you probably won't find their back door unless they're amateur 'script kiddies'. Fortunately MOST hacker attacks are script kiddies. You'll usually find traces of their attack in logs and temp folders. The 'clean and recover' method will never give you 100% certainty that you've eliminated the exploit. The machine could have patched binaries all over the place. I have cleaned up such messes before; it can be very time consuming. Even if you find how they got in, how can you ever be completely sure you've stopped them from getting back in without building an new instance to replace it? The safest way to deal with it is to build a hardened server from scratch; before loading data: - change all passwords/etc on the new server - generate new ssh keys if they exist - install mod_ssl, intrusion detection, and fail2ban/denyhosts - re-write applications NOT to use register_globals in PHP and turn it off - turn up logging - migrate the applications/data to it after checking logs for clues of exploit and fix before migrating. The data center can probably give them some information to help them find where their server was exploited. JD On Tue, Feb 16, 2010 at 1:50 PM, James Finstrom jfinst...@rhinoequipment.com wrote: Greetings, Hello all a customer contacted me today and they appear to have a root kit or some other software placed on their system that is causing it to act as a proxy used in attacks on other servers causing their ISP to kill em. They prefer to clean and recover over re-install. There system is Centos 5 but no other details are available. If your a security person and would like to consult this client Please email me for contact information. Thanks, -- James Finstrom Rhino Equipment Corp. http://rhinoequipment.com ~ http://postug.com Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826 Twitter: http://twitter.com/rhinoequipment IP: gu...@asterisk.rhinoequipment.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com Voice: 480.288.8195x201 Fax: 480.406.6753 http://www.twingeckos.com Being powerful is like being a lady. If you have to tell people, you aren't. - M. Thatcherhttp://feedproxy.google.com/%7Er/randomquotes/%7E3/G2PjcLJ0ONI/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need a consultant
I'm gonna wait for Lisa to chime in, and then say, yeah, what she said :) On Tue, Feb 16, 2010 at 2:37 PM, JD Austin j...@twingeckos.com wrote: My 2 cents :) It may be a simple web form exploit or something more serious and they have no guarantee that it won't be exploited again and again. I'm not a security expert but used to hang out with hackers back when it was just starting to be illegal and have a good understanding of how they think and operate. I'm perfectly capable of doing such things but thankfully hacking never appealed to me :) Good hackers will patch your system in ways you would never detect... for that matter you'd never even know they were there... they won't show up in a process list, you won't find their files searching for them, they eliminate any trace of themselves in logs, and you probably won't find their back door unless they're amateur 'script kiddies'. Fortunately MOST hacker attacks are script kiddies. You'll usually find traces of their attack in logs and temp folders. The 'clean and recover' method will never give you 100% certainty that you've eliminated the exploit. The machine could have patched binaries all over the place. I have cleaned up such messes before; it can be very time consuming. Even if you find how they got in, how can you ever be completely sure you've stopped them from getting back in without building an new instance to replace it? The safest way to deal with it is to build a hardened server from scratch; before loading data: - change all passwords/etc on the new server - generate new ssh keys if they exist - install mod_ssl, intrusion detection, and fail2ban/denyhosts - re-write applications NOT to use register_globals in PHP and turn it off - turn up logging - migrate the applications/data to it after checking logs for clues of exploit and fix before migrating. The data center can probably give them some information to help them find where their server was exploited. JD On Tue, Feb 16, 2010 at 1:50 PM, James Finstrom jfinst...@rhinoequipment.com wrote: Greetings, Hello all a customer contacted me today and they appear to have a root kit or some other software placed on their system that is causing it to act as a proxy used in attacks on other servers causing their ISP to kill em. They prefer to clean and recover over re-install. There system is Centos 5 but no other details are available. If your a security person and would like to consult this client Please email me for contact information. Thanks, -- James Finstrom Rhino Equipment Corp. http://rhinoequipment.com ~ http://postug.com Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826 Twitter: http://twitter.com/rhinoequipment IP: gu...@asterisk.rhinoequipment.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- JD Austin Twin Geckos Technology Services LLC j...@twingeckos.com Voice: 480.288.8195x201 Fax: 480.406.6753 http://www.twingeckos.com Being powerful is like being a lady. If you have to tell people, you aren't. - M. Thatcherhttp://feedproxy.google.com/%7Er/randomquotes/%7E3/G2PjcLJ0ONI/ --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Eric Cope http://cope-et-al.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
On Tue, 2010-02-16 at 12:42 -0700, Stephen wrote: Date a Masseuse? trust me on this... I fought against that very hard. my 'title' was to be 'Warm Hands, Happy Heart' but it is not my web site and not my money. FWIW, this is not a sex site... there are plenty of those already. This is up and up massage salons. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
Well after skimming through it the 2 things i wondered about was the imagery, some of which strongly hints at the not a for massage content, then coupled with the date a masseuse bit. (this was strong enough for me to wonder if it was safe to look at while at work) If your client wants any feedback thats what i can say, the tech side of it is pretty nice. On Tue, Feb 16, 2010 at 3:19 PM, Craig White craigwh...@azapple.com wrote: On Tue, 2010-02-16 at 12:42 -0700, Stephen wrote: Date a Masseuse? trust me on this... I fought against that very hard. my 'title' was to be 'Warm Hands, Happy Heart' but it is not my web site and not my money. FWIW, this is not a sex site... there are plenty of those already. This is up and up massage salons. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need a consultant
On Tue, 2010-02-16 at 14:37 -0700, JD Austin wrote: My 2 cents :) It may be a simple web form exploit or something more serious and they have no guarantee that it won't be exploited again and again. I'm not a security expert but used to hang out with hackers back when it was just starting to be illegal and have a good understanding of how they think and operate. I'm perfectly capable of doing such things but thankfully hacking never appealed to me :) Good hackers will patch your system in ways you would never detect... for that matter you'd never even know they were there... they won't show up in a process list, you won't find their files searching for them, they eliminate any trace of themselves in logs, and you probably won't find their back door unless they're amateur 'script kiddies'. Fortunately MOST hacker attacks are script kiddies. You'll usually find traces of their attack in logs and temp folders. The 'clean and recover' method will never give you 100% certainty that you've eliminated the exploit. The machine could have patched binaries all over the place. I have cleaned up such messes before; it can be very time consuming. Even if you find how they got in, how can you ever be completely sure you've stopped them from getting back in without building an new instance to replace it? The safest way to deal with it is to build a hardened server from scratch; before loading data: * change all passwords/etc on the new server * generate new ssh keys if they exist * install mod_ssl, intrusion detection, and fail2ban/denyhosts * re-write applications NOT to use register_globals in PHP and turn it off * turn up logging * migrate the applications/data to it after checking logs for clues of exploit and fix before migrating. The data center can probably give them some information to help them find where their server was exploited. If the mandate is to clean in place and put back online, I myself would not be interested because the predicate is one that I could never agree to and hence, JD is right. You would surely spend more time fixing and trying to locate and removing the exploits than backing up, clean install and putting the data back and still, if it is not a clean install, someone is going to have some sleepless nights. I myself am an avid fan of denyhosts. It is of course, the curse for the dyslexic's among us ;-) Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
Craig White wrote: up and up massage salons. Really. Too funny. ;) -- -Eric 'shubes' --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need a consultant
Any monkey could probably clean it or re-install it and put it on line. The reason I used the term consult is because I would hope whoever goes in to correct this would be able to educate them and secure them so they are not repeating their mistakes. :) On Tue, Feb 16, 2010 at 3:25 PM, Craig White craigwh...@azapple.com wrote: On Tue, 2010-02-16 at 14:37 -0700, JD Austin wrote: My 2 cents :) It may be a simple web form exploit or something more serious and they have no guarantee that it won't be exploited again and again. I'm not a security expert but used to hang out with hackers back when it was just starting to be illegal and have a good understanding of how they think and operate. I'm perfectly capable of doing such things but thankfully hacking never appealed to me :) Good hackers will patch your system in ways you would never detect... for that matter you'd never even know they were there... they won't show up in a process list, you won't find their files searching for them, they eliminate any trace of themselves in logs, and you probably won't find their back door unless they're amateur 'script kiddies'. Fortunately MOST hacker attacks are script kiddies. You'll usually find traces of their attack in logs and temp folders. The 'clean and recover' method will never give you 100% certainty that you've eliminated the exploit. The machine could have patched binaries all over the place. I have cleaned up such messes before; it can be very time consuming. Even if you find how they got in, how can you ever be completely sure you've stopped them from getting back in without building an new instance to replace it? The safest way to deal with it is to build a hardened server from scratch; before loading data: * change all passwords/etc on the new server * generate new ssh keys if they exist * install mod_ssl, intrusion detection, and fail2ban/denyhosts * re-write applications NOT to use register_globals in PHP and turn it off * turn up logging * migrate the applications/data to it after checking logs for clues of exploit and fix before migrating. The data center can probably give them some information to help them find where their server was exploited. If the mandate is to clean in place and put back online, I myself would not be interested because the predicate is one that I could never agree to and hence, JD is right. You would surely spend more time fixing and trying to locate and removing the exploits than backing up, clean install and putting the data back and still, if it is not a clean install, someone is going to have some sleepless nights. I myself am an avid fan of denyhosts. It is of course, the curse for the dyslexic's among us ;-) Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- James Finstrom Rhino Equipment Corp. http://rhinoequipment.com ~ http://postug.com Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826 Twitter: http://twitter.com/rhinoequipment IP: gu...@asterisk.rhinoequipment.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: A baby-step in the right direction...
That is awesome and good work On Tue, Feb 16, 2010 at 12:17 PM, Stu wie...@cox.net wrote: Just this past week, I finally convinced our new IT director to install the Windows version of Inkscape on my work computer since I've been using it for the past several years anyway. A baby-step in the right direction for them, and I can finally take my old laptop home! Stu --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Need a consultant
I agree with JD. I wouldn't (knowingly) buy a used car that had been fixed after a crash either. -- -Eric 'shubes' James Finstrom wrote: Any monkey could probably clean it or re-install it and put it on line. The reason I used the term consult is because I would hope whoever goes in to correct this would be able to educate them and secure them so they are not repeating their mistakes. :) On Tue, Feb 16, 2010 at 3:25 PM, Craig White craigwh...@azapple.com mailto:craigwh...@azapple.com wrote: On Tue, 2010-02-16 at 14:37 -0700, JD Austin wrote: My 2 cents :) It may be a simple web form exploit or something more serious and they have no guarantee that it won't be exploited again and again. I'm not a security expert but used to hang out with hackers back when it was just starting to be illegal and have a good understanding of how they think and operate. I'm perfectly capable of doing such things but thankfully hacking never appealed to me :) Good hackers will patch your system in ways you would never detect... for that matter you'd never even know they were there... they won't show up in a process list, you won't find their files searching for them, they eliminate any trace of themselves in logs, and you probably won't find their back door unless they're amateur 'script kiddies'. Fortunately MOST hacker attacks are script kiddies. You'll usually find traces of their attack in logs and temp folders. The 'clean and recover' method will never give you 100% certainty that you've eliminated the exploit. The machine could have patched binaries all over the place. I have cleaned up such messes before; it can be very time consuming. Even if you find how they got in, how can you ever be completely sure you've stopped them from getting back in without building an new instance to replace it? The safest way to deal with it is to build a hardened server from scratch; before loading data: * change all passwords/etc on the new server * generate new ssh keys if they exist * install mod_ssl, intrusion detection, and fail2ban/denyhosts * re-write applications NOT to use register_globals in PHP and turn it off * turn up logging * migrate the applications/data to it after checking logs for clues of exploit and fix before migrating. The data center can probably give them some information to help them find where their server was exploited. If the mandate is to clean in place and put back online, I myself would not be interested because the predicate is one that I could never agree to and hence, JD is right. You would surely spend more time fixing and trying to locate and removing the exploits than backing up, clean install and putting the data back and still, if it is not a clean install, someone is going to have some sleepless nights. I myself am an avid fan of denyhosts. It is of course, the curse for the dyslexic's among us ;-) Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us mailto:PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- James Finstrom Rhino Equipment Corp. http://rhinoequipment.com ~ http://postug.com Phone: 1-877-RHINO-T1 ~ FAX: +1 (480) 961-1826 Twitter: http://twitter.com/rhinoequipment IP: gu...@asterisk.rhinoequipment.com mailto:gu...@asterisk.rhinoequipment.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
On Tue, 2010-02-16 at 15:28 -0700, Eric Shubert wrote: Craig White wrote: up and up massage salons. Really. Too funny. ;) unintentional... if it was intentional, then I would have been clever. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Site whoring...
If you had been clever it might not have been as funny :-) On Tue, Feb 16, 2010 at 3:58 PM, Craig White craigwh...@azapple.com wrote: On Tue, 2010-02-16 at 15:28 -0700, Eric Shubert wrote: Craig White wrote: up and up massage salons. Really. Too funny. ;) unintentional... if it was intentional, then I would have been clever. Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
RE: RHCE test dates?
So... who might actually be writing RHCE on May 14 in Phoenix? I'm thinking about it. I would be willing to set up a few VMs in a little practice area with anyone who is studying (servers like this server doesn't boot right, new server, bad guy, good guy, rpm supply) Regards, Kaia Taylor DevSA group -- tis-dco-devsa - jumpword devsa http://dco-sps.schwab.com/sites/devsa/welcome desk 602-977-5157 pager 6025785...@vtext.com or white pages All e-mail sent to or from this address will be received by the Charles Schwab corporate e-mail system and is subject to archival and review by someone other than the recipient. -Original Message- From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of Lisa Kachold Sent: Monday, February 15, 2010 7:15 AM To: Main PLUG discussion list Subject: Re: RHCE test dates? I would actually study a few more months and take it here when you are rested and in your element. It will make a difference, unless you are superman! On Mon, Feb 15, 2010 at 6:02 AM, Charles Jones charles.jo...@ciscolearning.org wrote: Wow...looks like I may have to travel out of state just to get the exam over with! -Charles On Fri, Feb 12, 2010 at 8:24 AM, Lisa Kachold lisakach...@obnosis.com wrote: No, actually they occur here at most once a year, or did last I checked. On 2/9/10, Charles Jones charles.jo...@ciscolearning.org wrote: I thought the RHCE exams were given monthly. I just checked the RedHat site ( https://www.redhat.com/training/offices.html#phoenix ) and it seems to indicate that the next available RHCE exam date is not until May 14th...the spacing on that seems pretty far? I did notice that the testing dates for just the RHCT seem to be monthly. Note that I checked both locations: Arizona Facility Interface Technical Training 3110 N. Central Avenue, and JBoss Facility ExitCertified Phoenix 101 N. 1st Ave. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss -- Skype: (623)239-3392 ATT: (503)754-4452 http://obnosis.110mb.com/nuke/index.php http://uncyclopedia.wikia.com/wiki/Arizona --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Fwd: [Linux.com.users] Ultimate Linux Guru Update
-- Forwarded message -- From: Jennifer Cloer jenni...@linuxfoundation.org Date: Tue, Feb 16, 2010 at 5:40 PM Subject: [Linux.com.users] Ultimate Linux Guru Update To: linux.com.us...@linuxfoundation.org Greetings, Our annual Ultimate Linux Guru contest has concluded for the 2009-2010 year. We will be recognizing this year's top Linux Gurus in the coming weeks, so please stay tuned for details. In the mean time, please be advised that your Guru points will be reset for the new year (February 16, 2010 - February 15, 2011). Thank you for your contributions to Linux.com. Without your participation, the site wouldn't be the resource it has become. For more information on the Guru contest, please read here: http://www.linux.com/welcome-community Jennifer Jennifer Cloer The Linux Foundation Director, Communications Community jenni...@linuxfoundation.org 503-746-7577 (Desk) 503-867-2304 (Mobile) www.twitter.com/jennifercloer ___ Linux.com.users mailing list linux.com.us...@lists.linux-foundation.org https://lists.linux-foundation.org/mailman/listinfo/linux.com.users -- Skype: (623)239-3392 ATT: (503)754-4452 http://www.obnosis.com http://uncyclopedia.wikia.com/wiki/Linux_Users_Anonymous --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
turning off wifi
I run Ubuntu Hardy on a Dell Latitude 600 with a Linksys WRT54GL router and the latest Linksys firmware. I usually use a wired connection with wireless access disabled on the router configuration site. Today I booted and inadvertently neglected to attach the cable first. I was surprised to see it connect to the wifi network. I checked to make sure wireless access was still disabled and it was. What don't I understand here? Does disabling wireless access not do what I think (obviously doesn't)? If not, how can I turn off wifi. There is no physical switch. Opening Network Manager shows the wired button grayed out. The only way to turn it off is to connect the cable. Right now I see no way to work off line. Help, pointers, snide comments anyone? -- Bob Holtzman Key ID: 8D549279 If you think you're getting free lunch, check the price of the beer signature.asc Description: Digital signature --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: turning off wifi
Robert Holtzman wrote: I run Ubuntu Hardy on a Dell Latitude 600 with a Linksys WRT54GL router and the latest Linksys firmware. I usually use a wired connection with wireless access disabled on the router configuration site. Today I booted and inadvertently neglected to attach the cable first. I was surprised to see it connect to the wifi network. I checked to make sure wireless access was still disabled and it was. What don't I understand here? Does disabling wireless access not do what I think (obviously doesn't)? If not, how can I turn off wifi. There is no physical switch. Opening Network Manager shows the wired button grayed out. The only way to turn it off is to connect the cable. Right now I see no way to work off line. Help, pointers, snide comments anyone? Right click the Network Manager icon, left click Enable Wireless to uncheck it. Did you perhaps connect to someone else's (your neighbor's) wireless router? -- -Eric 'shubes' --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: turning off wifi
On Feb 16, 2010, at 7:33 PM, Robert Holtzman hol...@cox.net wrote: I run Ubuntu Hardy on a Dell Latitude 600 with a Linksys WRT54GL router and the latest Linksys firmware. I usually use a wired connection with wireless access disabled on the router configuration site. Today I booted and inadvertently neglected to attach the cable first. I was surprised to see it connect to the wifi network. I checked to make sure wireless access was still disabled and it was. What don't I understand here? Does disabling wireless access not do what I think (obviously doesn't)? If not, how can I turn off wifi. There is no physical switch. Opening Network Manager shows the wired button grayed out. The only way to turn it off is to connect the cable. Right now I see no way to work off line. Help, pointers, snide comments anyone? It's a usability bug that's been fixed in more recent versions NetworkManager. --Ted --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: turning off wifi
On Tue, Feb 16, 2010 at 07:05:37PM -0700, Eric Shubert wrote: Right click the Network Manager icon, left click Enable Wireless to uncheck it. I found that shortly after posting. This is my first encounter with NM and I was floundering around. Thanks. -- Bob Holtzman Key ID: 8D549279 If you think you're getting free lunch, check the price of the beer signature.asc Description: Digital signature --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
