Web-based Honeypot – participate!
0 Comments Published August 25th, 2010 in HoneyPot, Security, spam fighting.I cannot deny that ProjectHoneypot is really cool. It will track automated web bots, collect all the data of the bot that it can, even any POST data that the bot will send in any forms.
The project participation involve you to put links to a code, hosted on your site’s server. The link will be hidden from human eyes, but visible to the bot. That code is the data collector, that will send the data to central server for statistics. You can view the logs of captured bot by your ‘sensor‘ as well from your account.
Continue reading ‘Web-based Honeypot – participate!’
I bump into a problem when I need to filter my application to be accessed from certain IP only. So, some googling around, i found s simple code to do this.
$targetAddr = "192.168.1..*";
if (ereg($targetAddr, $_SERVER['REMOTE_ADDR'])) {
echo "";
} else {
die("Sorry. Not allowed from your IP.");
}
This simple script will allow only IP that comes from 192.168.1.*, and will block all other IPs. You might want to put this in a file, and include it in all other code files.
Happy coding! 
iptables to solve DOS and brute force attack
0 Comments Published July 28th, 2010 in Open Source, Security, linux.I’ve googled around, and found a few articles that might help solving a few problem that you most probably encounter if you’re hosting your own server on the internet, that are DOS and brute force attack. In this particular example, we will use iptables, to block Denial-of-Service and brute force attack.
IPtables have a special argument, limit and limit-burst that allow us to specify how much connection can be made to the host.
Blocking excessive syn packet
iptables -N syn_flood iptables -A INPUT -p tcp --syn -j syn_flood iptables -A syn_flood -m limit --limit 1/s --limit-burst 3 -j RETURN iptables -A syn_flood -j DROP
* This code limit only 1 syn packet allowed from one host in 1 second.
Blocking brute force attack (on ssh server)
iptables -I INPUT -p tcp --dport 22 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 -j DROP
Limiting ICMP ping request
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j ACCEPT iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-prefix PING-DROP: iptables -A INPUT -p icmp -j DROP
The example above will limit only 1 ping connection to be made to the host in 1 second, and log it.
You should modify the rule accordingly to your environment. You may run your ssh server on another port, or you may want to implement it on FTP server as well. This is a few rules that you don’t want to miss out of your firewall script.
Volume IP-to-Country lookup using bash and php
0 Comments Published October 8th, 2009 in Open Source, bash, monitoring.Today I have encountered a problem, where I need to do some statistics on certain activity in my apache log. Depends on your purpose, you have to define it. Firstly I grep all the IP that I need to do the lookup using bash.
cat domain.log | cut -d' ' -f1 | sort -u > ips.txt
Now we have a list of all unique IP in ips.txt. For the country lookup, I use a free geolocation database from Maxmind. They have a database that you can download to your own host, and query it as much as your server can handle it. Let say, you have 10000 IP to lookup, and if you’re using external service, the service surely will have some limitation on how much query you can do per second or per day and it will consume a lot of bandwidth, and time
For this setup, I have downloaded GeoLite Country database, that is less accurate, but less accurate and without any updates. Well, its just enough for me. I just want some simple stats and I have more than 4 thousand IPs, I can handle 99.5% accuracy. The database was last updated on 1st October 2009.
They do provide PHP API to read the binary database. It really make our goal just a few line of code away Name the file below geoip.php
// include functions and GeoIP database.
include("geoip.inc");
$handle = geoip_open("GeoIP.dat", GEOIP_STANDARD);
$ip = stripslashes($_GET['ip']);
echo $ip.":".geoip_country_name_by_addr($handle, $ip)."\n";
// close database handler
geoip_close($handle);
// print compulsory license notice
#echo "
-- This product includes GeoIP data created by MaxMind, available from http://maxmind.com/ --";
You should keep the last line uncommented to use it. In my case, I need to process the output with bash script. I cannot have any other text in there. Remember the ips.txt file? We have a lot of IP in there. Create another file, process.sh
#!/bin/bash
for a in `cat ips.txt`; do
curl http://domain/geoip.php?ip=$a --user-agent "anything you like" >> result_country.txt
done
Just run the file, ./process.sh, and you can see the processing. Once you see your shell again, you can check result_country.txt for the output. In this example, the output will be formatted like this,
XX.XX.XX.XX:Country name
XXX.XXX.XXX.XXX:Other country names
…
..
Last one, run this, more result_country.txt | cut -d’:’ -f2 | sort | uniq -c | sort -nr, you can see the stats, how many occurrences by countries. Below is the sample output.
20 Bulgaria
19 Peru
19 Hungary
19 Czech Republic
17 Malaysia
15 Turkey
15 Sweden
14 Israel
13 South Africa
13 Panama
13 Pakistan
12 Singapore
11 Lebanon
10 Greece
10 Austria
Good luck!!
Speed up your website loading time – nginx
1 Comment Published October 2nd, 2009 in Wordpress, performance, plugins.
In my previous article I have wrote on how to store your files on Amazon S3 to distribute the file over different server. In one perspective, its not a really good solutions, as the content serve by my web server and Amazon S3 might have different latency, and will affect my users browsing experience in certain location of the world. There will be a DNS query overhead to make to Amazon S3.
I have found an article on nginx(spelled engine-X), a small web and email proxy server, written by Igor Sysoev for Rambler, a Russian 2nd largest website. Its primary purpose is as a reverse proxy, but it is also can be a web server. A report of a survey conducted by Netcraft shows that nginx hosts 12,676,238 websites, make it the 5th most popular web server now.
The most popular setup is to make nginx as a reverse proxy. It will serve requests to a static content, and it will forward any php request to PHP in cgi mode. nginx was so popular because of its capability to handle alot of request and consume a very small amount of mamory. You can refer to this blog for a benchmark. But
But nginx have some drawbacks, if you are currently running apache. You will loose some of features that apache have. For example, mod_rewrite. nginx have its own rewrite rule. So, you will have to rewrite your rewrite rule. For my situation, I have a shared hosting server. I don’t want to replace apache with nginx, as it will be a lot of trouble to fix all the website. Some of them run wordpress engine, and some CMS that utilizing .htaccess.
As in my previous post, I’ve place some static content on Amazon S3, and I cannot see much improvement. So, I installed nginx on port 81, and configured a virtual host to look for the same content as apache did. It will only serve static content.
This is my nginx.conf configuration file.
Continue reading ‘Speed up your website loading time – nginx’
Using Amazon S3 for web file storage
5 Comments Published September 30th, 2009 in Open Source, Web 2.0, Web design, Wordpress, amazon, plugins, themes.
Amazon S3 - Amazon Simple Storage Service
Lately I’ve been looking around some solutions what could reduce the load and connections to my server and I found out, one interesting service from Amazon, Amazon Simple Storage Service (Amazon S3). This service allow you to store your web files into cloud storage in amazon infrastructure, and can retrieve it from anywhere through a custom link.
First thing first, you have to have an account with Amazon S3. You need to fill in a valid payment options, in my case, I have to put it my credit card number for payment purposes. Talking about payment, let check Amazon S3 service rate. This is quoted from Amazon S3 page. The price is quite low, if you’re putting small web related files. It will be charged according to how many data been transfered from Amazon S3.
For United States
Storage
- $0.150 per GB – first 50 TB / month of storage used
- $0.140 per GB – next 50 TB / month of storage used
- $0.130 per GB – next 400 TB /month of storage used
- $0.120 per GB – storage used / month over 500 TB
Data Transfer
- $0.100 per GB – all data transfer in
- $0.170 per GB – first 10 TB / month data transfer out
- $0.130 per GB – next 40 TB / month data transfer out
- $0.110 per GB – next 100 TB / month data transfer out
- $0.100 per GB – data transfer out / month over 150 TB
Requests
- $0.01 per 1,000 PUT, COPY, POST, or LIST requests
- $0.01 per 10,000 GET and all other requests
*
* No charge for delete requests
For Europe
Continue reading ‘Using Amazon S3 for web file storage’
mysql down? need restart? but when?
0 Comments Published September 29th, 2009 in Open Source, PHP, bash, linux.
Last few weeks I have these problem, where my server could not handle so much connection made to the server. The server have been upgraded, and the loads have been reduced. But there is some connection that stuck, that makes my apache died. Last 2 days it happen once, when I got a LAST_ACK DDOS attack. I couldn’t pick up the IP, because if different IP. Otherwise,I can just block the IP. The web server were unaccessible until I restarted apache.
I have installed nagios and cacti on the other machine, and they work really well. But, I dont like to receive downtime notification from nagios. I like nagios working well, but I hate I’m having a problem.
I wrote these 2 scripts, PHP and a bash script that can make my life easier. The PHP script will just query mysql database, and return “OK” if nothing wrong. The other BASH script will download the PHP script through a URL, check if the content is ok. If OK, do nothing. Else, it will restart my apache.
This is my PHP script that can do the work to monitor my apache and mysql.I name it, agent.php
Yesterday I saw a friend who bought a new pen drive. Its a Kingston pen drive, with a mickey mouse cover. Its a small slim pen drive version. It look nice and attractive. maybe not for a guy to use a mickey mouse pen drive, but maybe for his girlfriend or anyone else la. The pen drive have gone too far low than when it first come out. It become some kind like necessary to everyone whose using computer.
I write this post just to showcase some nice thumbdrive that I found out, in amazon store, and also others.
1. MIMO USB Drive – Fancy Chocolate Lemon Tart
This is one of the nice pen drive casing. It is inside a casing of Chocolate Lemon Tart. The price start at USD 62, and available at amazon store.
2. Cosair Flash Survivor 32 GB USB 2.0 Flash Drive
If you’re into sport and extreme activity, this pen drive might be suitable for you. This pen drive comes with waterproof cover, and durable. Its suitable for transferring important data, without worrying about data loss. About shock resistance, I cannot say about that.
3. A-data Disney Mickey 16GB 16g USB Flash memory
This one is just a normal pen drive, its just the mickey mouse casing that makes it attractive. Btw, the pen drive seems small to handle 16GB memory. Thanks to the technology that allow it to be that small. The price stated USD 74.45.
4. USB Hidden Spy Camcorder Drive Pen DVR Cam Camera 40h
This one is nice. This is a chance for you to be like James Bond. This sunglass have a DVR Cam Camera that can records video up up 40 hours. You do not need any software to transfer the videos to your computer, just plug it, and copy it. You will need a QuickTime player to play the video.
This plug and copy feature do allow you to copy files to the drive like normal pen drive. The price start at USD 189.00. GO grab it
Continue reading ‘Fancy pen drive – Nice icons in your pocket!’
Slimbox, lightbox plugin for nice picture preview in your blog
0 Comments Published September 28th, 2009 in Open Source, Web 2.0, Web design, Wordpress, jquery, plugins.
I’m adding up plugins in my site as I need it. Now, I encounter a need to have a lightbox image preview, a javascript tool that allow a larger set of image to be displayed in a nice way.
I have browsed around, and have to choose something that compatible to my site requirements. For example, I’ve been using jquery for other javascript effects in this site. So, i need to find a jquery version of lightbox, and I found this, a Jquery version of Lightbox.
You just need to add some code in your link tag to the bigger picture, as shown here:
Continue reading ‘Slimbox, lightbox plugin for nice picture preview in your blog’
Lately I have a few web projects that I’m working on. Its quite tedious to do all the design, from scratch. So, I will try to find some tools to make it fast, and any free graphics that I can use. Thanks to Web 2.0 and Open Source initiative
This time, I would like to create a favicon image for a site. So, I do google out “favicon generator”, and the first result is one site that allow you to create a favicon web icon, or a desktop size icon.
http://tools.dynamicdrive.com/favicon/
