nmap localhost (checks listening ports)
lsof -i :1980 (checks what running on that port)
kill -15 (kills what’s running on that port)
—-check open ports—-
check for open ports: ‘netstat -a’

Click to continue →

service iptables start
service iptables stop
service iptables restart

Click to continue →

iframe / gariben hack find and removers. iframe / gariben is a script kiddie code added usually via a cracked password or hidden mysql code added to a vulnerable script. I usually refreshes the web page to some sort of web page that downloads a virus.
1.
find /home/username \( -name “*.php” -o -name “*.html” -o -iname [...]

Click to continue →

Remove any old versions: rm -fv csf.tgz
Download and install:
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh
To disable run this from root:
sh disable_apf_bfd.sh
To update from root run this:
/usr/sbin/csf -u
To flush all blocks run this:
/usr/sbin/csf -f
Usage: /usr/sbin/csf [option] [value]
Option Meaning
-h, –help [...]

Click to continue →

Cracker: n.
One who breaks security on a system. Coined ca. 1985 by hackers in defense against journalistic misuse of hacker (q.v., sense 8). An earlier attempt to establish worm in this sense around 1981–82 on Usenet was largely a failure.
Use of both these neologisms reflects a strong revulsion against the theft and vandalism perpetrated by [...]

Click to continue →

What Is a Hacker?
The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant.
There is a community, a shared culture, of expert [...]

Click to continue →

Script kiddies are the worse kinds of crackers, primarily because there are so many of them and most of them are unskilled. It is one thing to be cracked when you have put in all the correct patches, have a tested firewall, and run advanced intrusion detection actively on multiple levels. It is another when [...]

Click to continue →

To remove a rule or ip:
Find rule
grep 68.188.73.13 /etc/sysconfig/iptables
Delete rule (must be exact)
iptables -D INPUT -s 202.100.85.0/24 -j DROP
You can whitelist a ip to bypass any blocks and after restarting iptables you can find alist of rules here: /etc/sys-config/iptables

Click to continue →

In a windowless underground computer lab in California, young men are busy cooking up viruses, spam and other plagues of the computer age. Grant Joy runs a program that surreptitiously records every keystroke on his machine, including user names, passwords, and credit-card numbers. And Thomas Fynan floods a bulletin board with huge messages from fake [...]

Click to continue →

Linux security may seem daunting, but there are a host of best practices to simplify the maze. Recently, Steve Grubb of Red Hat Inc. outlined some important security principles, including minimizing admin access, the increasing sophistication of SELinux and the importance of auditing systems.
Where should IT managers focus attention, and what are more casual concerns?
I [...]

Click to continue →