Bradley Coudriet

linux_logo_fail
Originally uploaded by brad coudriet

This companies use of the Linux logo is interesting to say the least.

Rochester NY, 390 Southbound

It seems the new trend for successfully exploited weak web applications is that they will only show their seedy content to google or other search engines.

They will only be triggered to show their content when they are accessed by GoogleBot from a Google IP (yeah they are getting that specific).
When you click and view a page that google say’s is full of Viagra spam, you won’t see anything, its tricky and VERY frustrating and hard to troubleshoot.

So far, the common sign i’ve seen of successful exploits have been:

1. .bak files (installed as wordpress plugins, you have to scour your ‘active_plugins’ field in the database
2. .pngg .giff .jpgg and .old files, trying to upload malicious PHP and get around unsecure uploaders
3. the use of the base64_decode PHP function, while there are legit uses for this function, it can be a sign of a baddie
4. Use of the ‘eval’ function in PHP. Also, legit uses are out there, but i’ve seen it used for the dark side of the force.
5. a ‘WordPress’ user in your Wordpress user table.

If you want to scan a *nix system for the file names i’ve found to be ‘bad’ use the following commands.
find -name *_old.php*
find -name *.php.jpgg
find -name *.php.giff
find -name *.php.pngg

To look for those functions i talked about your can use your friend ‘grep’

grep -inrH "eval(base64_decode(" <your dir here>
grep -inrH "gzinflate(base64_decode(" <your dir here>

For anyone interested I’ve recently installed mod_security with their core rule sets on our Apache webserver and after tweaking the config files and creating some white-lists I have be able to ward off a number of baddies and exploit attempts.

http://www.modsecurity.org/

Its worth the hassle of setting it up. It also has a ‘detection only’ mode which does a great job letting you know what you have running and tweak the rules before it starts to block requests.

I’ve used a number of Media Center solutions for connecting a PC/Mac to my HDTV.

First i used the software that came with my Sony, it did TV recording, but it wasn’t a really integrated solution.

I hacked an Xbox at some point and used XMBC, which was a VERY good solution.
For my TV recording i was using a ReplayTV box, sadly, in the Tivo vs, ReplayTV replay was the wrong horse to bet on.

After the XBOX died and the ReplayTV had stopped all future software updates i moved on and actually turned off my cable.

I was using MediaPortal for a while, which was a great product, but my PC started to die.

After my Sony PC started to have memory problems i moved to a G5 running OS X. Front worked as a great simple solution, but it really didn’t offer any flexibility.

PLEX was my next solution, which is a very VERY good project. It is a great port of the XBMC project. Its a very good integrated Mac experience, and i like it alot, but i’ve found a new love when it comes to my TV and PC.

enter Boxee, at the core, its ANOTHER port of XBMC, but… as you start to dig deeper into the application you realized how integrated with the internet this app really is. Everything from its social friend network features, so its use of online reviews and content.

The BIGGEST feature for me is the integration of services like HULU and Netflix. Absolutly amazing. Bring the power of internet streaming video to my big screen TV. Boxee is currently in alpha, and if this is alpha, i can’t wait to see the final product! These guys are doing an amazing job, and if you follow them on twitter they are super fast to respond to problems and they keep the community up to date with progress! I found this app right before the christmas season… so its is my favorite APP of 2008!! Keep up the good work boxee!

In the past month i’ve seen a huge increase hacked and spammed Wordpress installs.

At CIAS we have 1000+ users accounts with 203 individual installs managed by the students, so i usually try to allow the students the benifit of the doubt that they will update their own software… year… that hasn’t been working out so well.

Over the years i’ve had to update a few accounts which have been hacked or otherwise compromised… but lately, the issue has been getting worse and worse. Last night i did a mass upgrade of 203 installs to wordpress 2.7..

I’ve created a script that watches the version of every install on the server. Once a new version of wordpress becomes available i will increment the version on the server and hopefully everyone’s wordpress will get upgraded just like that. Hopefully i’ll be able to keep us from getting hammered with spam.

Another issue we have on the server is poorly written upload scripts which are allowing .php files to be uploaded, and then execuded by the webserver, which then creates a nice little backdoor for hackers to then pepper the server with bad files and crap. Its annoying! LEAVE ME ALONE

Wow This post made my day! 10 of the best 80’s cartoon theme songs. Absolutly took me back to my youth!

http://unrealitymag.com/index.php/2008/12/08/the-10-best-80s-cartoon-theme-songs/

I’ve decided this morning i’m going to upgrade to firmware 2.2 and jailbreak again. Wish me luck. Its always an adventure doing this sort of thing!

Also, have i mentioned that winter is here.. and its freaking cold outside? I just wanted to make sure everyone knows that.

Tonight was supposed to be a very simple hard drive copy to a server, virtualize a physical server, get a beer and go home… I figured, i’d be at home by 6 or 7pm… well… Technology has a way of really screwing with you. So here’s a little story about my stupid night.

 So 5:00pm goes around and i turn off the old desktop class machine that has been used as a server for the better part of 5 years. The plan is to take the hard drive will all the unamed organizations data off of it, put it on to our super fast secure awesome server, and then call it a night, if I had time i was going to get rid of the old physical hardware once and for all and put the server on our virtual server cluster, no brainer, i’ve done this kind of thing a million times before.

Here is where the first snag came, i got the hard drive, put it in our hard drive to firewire adaptor, and i couldn’t get it to mount. Hell, i couldn’t get it to spin… finally after some fiddling and adding the external power plug for the adaptor i got it going, i started the file copy, i thought i was done. I promptly went to play COD4 and blow some 12 year noobs up. I turned around to check on the status of the file copy, and i noticed the drive wasn’t spinning. "Strange" I think to myself. I try remounting the drive over and over again, and it just won’t go, this is already pissing me off. I put the drive on my Windows XP machine and it mounts after a long time, and i start the file copy again, and the drive stops spinning AGAIN. So by now i’m pissed. Its fairly obvious the drive isn’t working properly, and this explains the slow performance the organization had been seeing on their old file server. So what do I do? Only what any sane IT professional would do with a semi dead hard drive, i put it in the freezer. Yes you read that right, i put it in the freezer. Its a religous thing, the hard drive in freezer trick. Some people say its hog-wash, other swear by it. In our office, its saved our butts a few time, so "I want to believe"

At this point Jay and I decide that while the hard drive is on ice, we will take a walk down to the parking lot and pick up our vehicles from the far corner of the lot and bring them closer, if anything to get outside and get fresh air and not be around stupid dead hard drives… and then we saw something that was just… strange… I think the picture will speak for its self. A box truck, inbetween the two levels of parking.

At CIAS here we manage around 20 linux machines, of which only a handful of them are in a cluster.

This means that conventional tools such as puppet and other cluster management software suits don’t fit well into what we want to do.

So what am i to do? I have 20 machines to manage, secure, audit, monitor, update and any number of other tasks. Any good system administrator will have his hands knee deep in BASH and perl and <insert favorite scripting language here>. I personally happen to be a web guy. I live and breath in PHP and MySQL. My specialty over the years has been to create nice little one off web applications that parse data, manage it, and present in a useful manner to myself and my co workers. Lately i’ve start to go a step beyond that and create web services which my machines begin to interact with. I’ve created clever little command line apps that do specific tasks, and are usually generic enough that they work on all our machines. I’ve even created a deployment method for these apps! So now i update a single repository of our scripts and auto-magicly our servers have the latest scripts.

This system has really started to work well, and its been growing day by day.

So far i’ve created systems for the following solutions:

• A global iptables blacklist - add an ip to the list and all our machines block that IP
• A command to block an IP from any of our hosts, which then is put in the global list
• A script that audits SSH attacks and blocks those ips
• A web interface for all those blocked IP’s (Add, Edit and Delete from the list)
• A web interface to show all available APT updates on a host, and the ability to approved updates and have them install automatically at a certain time.
• A web reporting tool that monitors all our servers disk usage and sends warning on full or near full disks
• A interface to a long term archive solution we are custom building
• A script and web interface which aggregates all of our logwatch reports, and then converts them to RSS

As more and more problems need solution i keep creating and distributing these systems. To what end?

In the future i would love to create a portal based system where I log in and i can manage and interact with all of my servers from one place. Much like an Altiris Notification server for my linux machines.

So here’s my question to the great internet… Does anyone else do anything kinda like this? Is this a set of solution that I should think about packaging up and creating an open source project for? Does anyone care? Does anyone else have a better solution than the hacks i’ve been working on? I want to hear your feed back!!!

And now for something completely random:

So…

I woke up this morning, and for reasons that i don’t want to explain. I’m just in a bad mood. So… I decided on my drive into work that i’m going to channel this bad mood into productivity. So i’ve been sitting at my desk here, headphones on, hoodie up, iChat not on, no twitter, and not texting or any of my normal distractions. And lone behold, before lunch i pretty much finished a module that i’ve been meaning to finish for about a month. AHH BEHOLD THE POWER OF CONCENTRATION AND FOCUS

Go figure. The moral of the story? Get in a bad mood, and channel your frustration and bad mojo into something productive, which will most likely raise your spirits up, and get you out of your bad mood. Thus saving you from depressions or some other stupid emotional wreck.

I am usually a very positive perosn, i’ve leaned early on the lesson of only worrying about the things you can change or that you have some sort of influence on. The rest of them should just be facts and outside entities that you know about and have acknowledged. This is a philosophy that i usually preach to anyone who asks for my advice. It has worked very well for me. Sometimes it comes off as unemotional or that I just bottle everything up. But i really do believe that the human emotions can only deal with things that you either have done/or can do something to change the outcome. If you have no control, acknowledge the issue and MOVE ON.

So on the way home after the GMB banquet i came across a group of people on the side of the road and a guy flagging me down.

There was an accident has this guy says to me "I need you pull up and give me some light, i’m trying to work on this guys leg" So of course I do the only sensible thing and pull up, put on my high beams and give him the light. Sooner or later the fire department, ambulance and police showed up, took care of the driver of the motorcycle and his passenger. I think they both got away with a few broken bones, but nothing horrible. So i ended up getting stuck between all the emergency vehicles, so I had to way for them all to leave before i could head home. But overall it felt nice to do at least a little something good.

The guy who initially flagged me down thinks the driver was drunk, because i guess earlier on the motorcyle passed him doing like 70 on lake shore drive.

It made for an interesting night.