A man with a dream.

Chen Zhao Rong (陈昭荣) dreamed of flying.

Despite not being able to read English, and with only a primary school education, Chen scoured through foreign flying websites, checking out pictures and schematics, before finally starting to build his helicopter.

Read more »

As I’ve spent the day doing some pre-emptive maintenance type stuff on our servers, I noticed that one of our servers appeared to have way slower ping times than normal from our other servers.

Taking a closer look I also saw that the logs said it having timeout problems talking to our database server.

A quick look at the server logs showed that the server in question was using 100% of its bandwidth for the last hour or so according to Monit.

A quick check with ntop (excellent web based network analysis statistics) and iftop (console based network traffic analysis) confirmed that 99.5% of the bandwidth was going to HTTP requests.
Strangely enough, the server wasn’t even stressed at all (I guess I’ve overspecced that one!)

Read more »

One of our clients was sending out spam unknowingly yesterday. I spent most of my afternoon cleaning it up, tracking down how the attackers were doing it.

In this clients case, they have their own server (which we maintain), and they mostly write their own code.
Most of the common garden variety vulnerability scans don’t work on their server, because they write their own code, although in this case it didn’t save them from being exploited.

In order to find out what was causing the spamming, I had to find out how the attackers got in.
Usually this means a check of the apache logs to check for anything untoward.

In this case, although the logs had plenty of vulnerability scans (which were to files that don’t exist on their server), I couldn’t see anything in the logs that immediately stuck out as being the cause.
Read more »

Foreword – Note that none of our servers are vulnerable to remote inclusion attacks.

For the most part, most of the exploits I covered in yesterdays post are common garden php vulnerability scans.
Some of them are more interesting though, although more for being encrypted, than anything else.

If I take an example from our log files:
Read more »

I’ve noticed a lot more hacker attacks in the logs for the servers we maintain recently.
This is probably due to more people using Botnets for attack scan’s.

What are the hackers looking for, and how can we prevent them getting in?

In most cases, the hackers are looking for vulnerabilities in common applications.  The most notorious of these would be things like PHPBB, WordPress, and other similar apps.  The most common attacks we are noticing these days are ones that leverage remote inclusion of files.
Read more »

(This is a rough draft, so excuse the lack of editing and / or coherence at points)

The news this week is full of alleged government interference with a certain exiled government leaders computers.

While there is sufficient evidence of  targeting by state sponsored actors, I don’t necessarily agree with  everything they wrote in the report, or all their findings.  While there is merit to discussion about that, its probably safer to avoid the topic, and examine how the attacks worked, and what we can do to avoid or mitigate events like that.

The actual report can be read here in PDF format – http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-746.html

Read more »

When I get time, I go through the logs and check out how the servers are doing.

One thing that I haven’t really done recently is to optimize the way things are configured.
The typical solution in most scenario’s is to throw faster hardware at things (something we do when necessary!), but sometimes a few minutes configuration can help speed things up tremendously.

Below are some tips for optimizing apache a little.

Read more »

The notes below are more for my benefit, but others may get some use out of it.
We use debian for our system, and are loosely based on the qmail setup over at http://qmail.jms1.net / http://qmailrocks.org
Read more »

Ok I’ll be the first to admit it, I’m a recalcitrant Mac user now thats quite happy to never use Windows again, especially after the mess that is Vista.  That said, we still have a good proportion of clients that haven’t been assimilated^H converted to Apple.

For at least the last 2 years, I’ve been telling people to use 360Safe antispyware software if they have the dreaded lurgy, er I mean Windows.

The number one issue people have is that its all in Chinese.

While its fun to say “It’s all Chinese to me”; or as my family back home like to rib me with the perenially popular in South Africa –  “Howzit my China”*, people do have a point.

*Yes, I know thats totally irrelevant, but I had to throw it in somewhere

So, without further ado or waffle masquerading as informative writing, I present to you below: Read more »

Windows XP usually plays nicely, but occasionally you do the odd recalcitrant box that doesn’t want to play nice with the other computers, and share.

If you’ve ruled out the Windows Firewall (Make sure that Windows File Sharing has a checkbox in there for allowed), and everything else looks correct, but it still isn’t working, try the following:

Read more »