World: r3wp
[Linux] group for linux REBOL users
older newer | first last |
Oldes 28-Aug-2009 [3097] | you have been Hacked By Cyb3rking |
yeksoon 28-Aug-2009 [3098x2] | do u have direct access to the server? |
may need to shut off the various ports first before you can even get it resolved | |
Oldes 28-Aug-2009 [3100] | http://tech.yahoo.com/qa/20090328150137AAzlEuc |
Graham 28-Aug-2009 [3101x3] | don't understand the yahoo thing |
there's only one port open to the world .. the one for web access | |
well, going to login to the console and have a poke around | |
Sunanda 28-Aug-2009 [3104] | Sorry to hear you've been attacked, Graham. I hope it is not too much work to get it all back together....Don't work all night! Looks like it was not personal -- just some automated tools seeking vulnerabilities. You seem to be on a fairly recent version of Apache, but that does mean you may be some months behind on the security patches: http://httpd.apache.org/security/vulnerabilities_22.html |
yeksoon 28-Aug-2009 [3105] | actually, I thought Graham was on Apache 1.3* |
Sunanda 28-Aug-2009 [3106] | Server id says 2.2.3. (that may be just a reply string, not the real situation of course). |
Graham 28-Aug-2009 [3107] | well, index.php has been changed |
Henrik 28-Aug-2009 [3108] | I have an idle Cheyenne running on a Linode server without a domain name. it's been there for a couple of months now. I was a bit surprised to already see bots looking for wordpress, admin pages and attempts to submit various scripts for injection in the access log. Well, I guess I shouldn't be surprised. |
Graham 28-Aug-2009 [3109x4] | Pity I couldn't run this under Cheyenne |
At least I might have a clue how they did this. | |
well, the home page is now gone | |
I rm index.php | |
Henrik 28-Aug-2009 [3113] | I would love to see data mining tools that can detect such attempts at access in the access log without having to read through the log. Do they exist? |
yeksoon 28-Aug-2009 [3114] | wonder if it is a permission issue on the index.php file |
Gabriele 28-Aug-2009 [3115] | I'm ready to bet it was a deki wiki or php vulnerability rather than an apache one... |
Graham 28-Aug-2009 [3116x3] | php I bet |
now to figure how to backup the mysql files and transfer them to a backup of the vm | |
Looks like I was not the only vm user who was attacked. Mindtouch are investigating. They suspect a PHP5 vulnerability that I guess I should have updated :( | |
Graham 29-Aug-2009 [3119x2] | the vulnerability has been identified. There is a vulnerability in the rich text editor which allow a user to upload a php file as an image type and then browse to it executing it. http://xinha.webfactional.com/ticket/1363 So, not really a php exploit ... |
I would have thought that this was pretty basic stuff ... not allowing non image types to be uploaded! | |
MaxV 2-Sep-2009 [3121x4] | Hello everybody, does DRAW works with Linux? |
I wrote a software with DRAW with 2 arrow and 2 text (Cartesian axes), in windows works, in Linux appear just the vertical row and notihng else... | |
Example: stats: [ 'arrow 1x0 'line 10x390 10x10 'text 100x10 "EURO" 'line 10x390 420x390 'text 350x350 "Days" 'pen blue 'line 420x390 420x10 'text 370x10 "Cash" 'pen white 'arrow 0x0 'line 5x370 15x370 'line 5x350 15x350 'line 5x330 15x330 'line 5x310 15x310 'line 5x290 15x290 ] | |
view layout [ box 400x500 effect [draw stats]] | |
Henrik 2-Sep-2009 [3125] | there could be font problems with DRAW under other platforms than Windows. |
MaxV 2-Sep-2009 [3126] | So if I change font ,will it work? |
Graham 2-Sep-2009 [3127x2] | yes |
you have to define the font path | |
MaxV 2-Sep-2009 [3129x2] | I think you are right, beacause after text Rebol do nothing |
how I define Font and Fontpath, and how I can make that work in Windows and Linux? | |
Graham 2-Sep-2009 [3131] | this way ... http://www.compkarori.com/vanilla/display/AGG |
MaxV 2-Sep-2009 [3132] | THANK YOU!!!! |
Geomol 2-Sep-2009 [3133] | News to me. Is there a similar trick under OS X? |
Graham 2-Sep-2009 [3134x2] | That's a pretty old post |
I wasn't aware that agg fonts don't display in OSX .. but since it's also BSD based probably. | |
Geomol 2-Sep-2009 [3136] | I tried to change the agg script to point to a ttf font file under OS X. It doesn't display. |
Pekr 2-Sep-2009 [3137x2] | I can ask Cyphre on ICQ .... |
Sent request to him, but he's not online right now ... | |
Geomol 2-Sep-2009 [3139] | Thanks! |
Pekr 2-Sep-2009 [3140x3] | Cyphre is not sure, if there is support for fonts in AGG under OS-X, he did it together with Carl, but long time ago ... |
I am moving few domains of my friend to my server. However - he wants to access email, which means, I need to provide him with authenticated smtp. I have my old sendmail in simple mode - simply relying allowed from local 10* network, but not from the outside. Has anyone succesfull configured sendmail, so that it would use authentication by username, password? My friend sent me following link, but I don't understand, what should I do :-) Hopefully I don't need to recompile sendmail :-) http://www.sendmail.org/~ca/email/auth.html | |
I found out, that my Sendmail is probably compiled with SASL support: [[root-:-linux] mail]# sendmail -d0.1 -bv root | grep SASL NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS [[root-:-linux] mail]# telnet localhost 25 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 linux.pekr.dom ESMTP Sendmail 8.12.10/8.12.10; Wed, 2 Sep 2009 15:37:31 +0200 ehlo localhost 250-linux.pekr.dom Hello localhost.localdomain [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 <---- This means SASL is allowed 250-DELIVERBY 250 HELP ... now just how to further instruct sendmail to use it? | |
Graham 2-Sep-2009 [3143] | only allow the SSL ports to be used? |
Pekr 2-Sep-2009 [3144x3] | I got it running thanks to some sane persons, not linux top gurus, who can't explain kind of anything to mortal man. Those ppl will always wonder, why linux is still not mainstream ... |
http://www.jonfullmer.com/smtpauth/ | |
Simply put - starting "saslauthd -a shadow" daemon, then uncommenting 2-3 lines in sendmail.mc, restarting sendmail, and voila, it was done ... | |
older newer | first last |