OpenSSL Heartbleed's case helped with fail2ban

Rédigé par genuix - 15 avril 2014 16:37

By using fail2 ban you can limit attempte to hack your server.

Create a filter file named by exemple: filter.d/openssl-heartbeat.conf

add in it :

[Definition]
failregex = [[]client <HOST>[]] (Invalid method in request \\x16\\x03)
ignoreregex =

 

then in the jail.conf add a section like this:

[openssl-heartbeat]
enabled  = true
port     = https
filter   = openssl-heartbeat
logpath  = /var/log/apache*/*error.log
maxretry = 2

and then restart the service:

service fail2ban restart

 

if you don't already have fail2ban installed you can find it here for your flavoured system.

http://www.fail2ban.org

As i could see the apache-overflows seams to ban already correctly but by this rules you can whatch after this attempt.

 

Classé dans : Non classé - Mots clés : aucun -

Fake Google Docs Leads to info stealer

Rédigé par genuix - 19 mars 2013 15:16

Fake Email from legitimate sender (sender must be infected). leads to fishing website to steal username passwods if the user complete the forms

Hi, Please i want you to view the Important document i uploaded using Google Doc. i want you to see.

click on http//google.doc.com "\<"http://sib-komfort.ru/images/sss/index.htm"\>" and log on with your email for immediate access to view.

Obviously seen the real URL isn't an google page.

As usual take real care of what you click on .... part source code show :

<code>
<!-- GMAIL CONFIG !--> 
<div id="toggleTextgmail" style="display: none"> 
<p><img src="./Remax - Secure Login_files/gmail.jpg" title="Gmail" border="0" height="48" width="132"></p> <p align="right"><a href="javascript:location.reload(true)">close [x]</a></p> 
<br> 
<form name="gmail" method="post" action="gmail.php" onsubmit="return ValidateFormGmail()"> 
<p> 
 
				<label>Gmail Email Address:</label> 

                <br> 
				<input name="gmailuser" style="width: 200px;" type="text"> 
			<br> 
				<label>Gmail Password</label> 
                <br> 
				<input name="gmailpassword" style="width: 200px;" type="password"> 
                <br> 
                <br> 
                <input name="s_gmail" value="Sign in" type="submit"> 
			</p> 
            </form> 
</code>

and then redirect you to remax.com 

URLQuery result : http://62.249.178.200/report.php?id=1516639

Vurustotal result : https://www.virustotal.com/en/url/13d9e8dbf0ca342c5528c2ea099a775589c73baf7bfea85009c39e836cee738c/analysis/

Classé dans : Non classé - Mots clés : aucun -

Fake Swisscom MMS email

Rédigé par genuix - 12 mars 2013 16:51

Un faux message au design Swisscom vous annoncant que vous avez reçus un nouveau MMS contient un Virus:

Virus Total :

https://www.virustotal.com/en/file/f203....

l' emails ne contient que le sujet: MMS

le logo Swisscom

le numero du correspondant: +417x xxx xx xx (Ce qui tant a supposé que le sender (ou le propagateur), c'est fait véroler son carnet d'adresse).

et le paragraphe:

en allemand:

"Wenn der Adressat ein MMS nicht empfangen kann (weil er kein MMS-fähiges Handy hat oder wenn mit seinem Netzanbieter keine MMS ausgetauscht werden können) erhält er ein SMS mit einer MMS-ID. Auf der Website von Swisscom kann er das MMS mit dieser MMS-ID abrufen. "

PS: Fichier executable en cours d'analyse more infos soon...

Classé dans : Scam - Mots clés : scam swisscom infos stealer -

Domaine Service Scam

Rédigé par genuix - 05 mars 2013 11:45

 

Just recived this morning, well known (http://www.npinc.ca/a-domain-service-search-engine-submission-scam/) scam Proposal for Search Engine Submission.

With full of strange beaviour:

-1 A Domaine service that have an Email address at hotmail (domainindo25658 at htomail dot com ) ?!?!?!? no way !!! that coul'd be real.

-2 the requester ask you to returne a FAX (guess that a good way that you coul'd deny to agreed to the solicitation).

-3 By looking a t the email source code you will find the script taht generate the scam: X-PHP-Script: 198,8,83,250/~domainin/info/mail_new2,php for 174,36,187,73

to be continued ===>

Classé dans : Non classé - Mots clés : aucun -

Java Security

Rédigé par genuix - 11 janvier 2013 10:50

With so many Java 0days the best upgrade:

How to disable Java in Internet Explorer

Tools menu (Tools) -> Internet Options (Internet Options)
Tab Programs (Programs) -> Manage add-ons (Manage Add-ons) Select Java Plug-in and disable (disable)
Click OK (OK), and again OK (OK)

How to disable Java in Mozilla Firefox

Tools menu (Tools) -> Complementes (Add-ons)
select the Plugins panel
Click on items whose name is Java Plug-in or Java Applet Plug-in. Depending on the environment, and operating system version, the plug can come up with a name or other. Click the "Disable" button (Disable)

How to disable Java in Google Chrome

We access the plugins menu by typing "chrome://plugins/" in the address bar.
Search the Java plug and click "Disable".

How to Disable Java in Safari

Access Preferences -> "Security" tab (Security)
Uncheck the "Enable Java"

How to disable Java in Opera

We access the plugins menu typing "opera:plugins" in the address bar.
Search the Java plug and click "Disable".

Classé dans : Non classé - Mots clés : aucun -

page 1 sur 2 suivante

Catégories

Archives

Mots clés

Derniers articles