falko's Feed

Preventing MySQL Injection Attacks With GreenSQL On Debian Etch | HowtoForge - Linux Howtos and Tutorials

falko — Tue, 28 Oct 2008 09:13:00 -0400

GreenSQL (or greensql-fw) is a firewall for MySQL databases that filters SQL injection attacks. It works as a reverse proxy, i.e., it takes the SQL queries, checks them, passes them on to the MySQL database and delivers back the result from the MySQL database. It comes with a web interface (called greensql-console) so that you can manage GreenSQL through a web browser. This guide shows how you can install GreenSQL and its web interface on a Debian Etch server. Tagged by falko under greensql, mysql, injection, sql, debian,

How To Patch BIND9 Against DNS Cache Poisoning On Debian Etch | HowtoForge - Linux Howtos and Tutorials

falko — Tue, 29 Jul 2008 05:53:00 -0400

Dan Kaminsky earlier this month announced a massive, multi-vendor issue with DNS that could allow attackers to compromise any name server - clients, too. These two articles explain how you can fix a BIND9 nameserver on Debian Etch and Fedora/CentOS so that it is not vulnerable anymore to DNS cache poisoning. Tagged by falko under bind, dns, cache, cache poisoning, vulnerability, patch, debian, centos, fedora,

Intrusion Detection For PHP Applications With PHPIDS | HowtoForge - Linux Howtos and Tutorials

falko — Tue, 24 Jun 2008 10:20:00 -0400

This tutorial explains how to set up PHPIDS on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session. Tagged by falko under phpids, php, intrusion detection, apache, debian,

Preventing Brute Force Attacks With Fail2ban On OpenSUSE 10.3 | HowtoForge - Linux Howtos and Tutorials

falko — Mon, 15 Oct 2007 03:02:00 -0400

In this article I will show how to install and configure fail2ban on an OpenSUSE 10.3 system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule. Tagged by falko under fail2ban, brute-forde, brute force, opensuse, suse, linux, security,

Preventing Brute Force Attacks With BlockHosts On Debian Etch | HowtoForge - Linux Howtos and Tutorials

falko — Sun, 30 Sep 2007 06:11:00 -0400

In this article I will show how to install and configure BlockHosts on a Debian Etch system. BlockHosts is a Python tool that observes login attempts to various services, e.g. SSH, FTP, etc., and if it finds failed login attempts again and again from the same IP address or host, it stops further login attempts from that IP address/host. By default, BlockHosts supports services that use TCP_WRAPPERS, such as SSH, i.e. services, that use /etc/hosts.allow or /etc/hosts.deny, but it can also block other services using iproute or iptables. Tagged by falko under blockhosts, brute force, ssh, denyhosts, fail2ban, debian, etch, debian etch, linux, server, security,

Preventing Brute Force Attacks With Fail2ban On Debian Etch | HowtoForge - Linux Howtos and Tutorials

falko — Tue, 01 May 2007 01:36:00 -0400

In this article I will show how to install and configure fail2ban on a Debian Etch system. Fail2ban is a tool that observes login attempts to various services, e.g. SSH, FTP, SMTP, Apache, etc., and if it finds failed login attempts again and again from the same IP address or host, fail2ban stops further login attempts from that IP address/host by blocking it with an iptables firewall rule. Tagged by falko under fail2ban, brute force, brute-force, attack, security, linux, ssh, ftp, smtp, apache, block, iptables, login,

Secure Your Apache With mod_security | HowtoForge - Linux Howtos and Tutorials

falko — Wed, 12 Jul 2006 05:48:00 -0400

This article shows how to install and configure mod_security. mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. Tagged by falko under apache, mod_security, intrusion, xss, attack,