Secunia gave the Chamilo Security team full details of three security flaws detected in version 1.9.4 on Monday the 4th of March 2013. These flaws were detected by Fernando Muñoz, a regular contact for Chamilo in terms of security. We are very grateful for his and Secunia’s work. Within less than 48 hours, the Chamilo […]
We are currently trying out this Fail2Ban rule on one of our server, to block simple (but very upsetting) DOS attacks on Nginx automatically (after 30 seconds). New filter in /etc/fail2ban/filter.d/nginx-dos.conf: # Fail2Ban configuration file # # Generated on Fri Jun 08 12:09:15 EST 2012 by BeezNest # # Author: Yannick Warnier # # $Revision: […]
I wouldn’t want this post to disappear, so just to make sure that the information is better spread on what passwords *not to use*, here is the list: 1. 123456 2. 12345 3. 123456789 4. Password 5. iloveyou 6. princess 7. rockyou 8. 1234567 9. 12345678 10. abc123 11. Nicole 12. Daniel 13. babygirl 14. […]
This article was first written in December 2003 for the BeezNest technical website (http://glasnost.beeznest.org/articles/96) Some UNIX administrators find it handy to add «.» in the PATH (and some even put it at the beginning of the PATH). Why is this bad? On UNIX, everything is made so that you don’t have to do it. Anything […]
To create and save iptables rules the default Debian way, this is the way to go: create your rules using the CLI [1] iptables save them on the active rule by issuing a /etc/init.d/iptables save active create the rules for the inactive state (when booting, for example) and save them accordingly That way, the rules will […]
An IDS is a system to track any changes not planned to a system. It is often used on sensitive machines where any unauthorized access is purely prohibited but can also act as a fool-proof system, more like a monitoring system. It works by checksumming or understanding the format of each file, and scrutinizing any […]
A lot of people use the root account to do anything they need, just because it is easier… This is a really bad idea, as that user can do anything to the system. Not only can he access/delete/modify any file and its permissions, but he can mount/unmount filesystems, kill/start/stop processes, add hardware to the machine, […]
A NIDS is a Network Intrusion Detection System, a system to detect intrusions from the network and take counter-measures ranging from (temporarily) blacklisting to logging through responding with specially crafted IP packets to slow down or kill the attacking host. It extends the principle of IDS to the network. It is usually meant to run […]
There is a common problem appearing when installing a new Chamilo portal that I have seen a lot recently, so I thought I’d share the details here. The problem When installing Chamilo on a cPanel-kind-of-hosting, it might happen that you complete the installation, but when you want to enter a newly-created course, an ugly error […]
It might seem kind of weird to mention it, but I had somewhat of a big scare when Secunia sent us an e-mail entitled “Security Patches in Dokeos 1.8.5”. If my fears had been right, it would have meant that we would have needed to re-package 1.8.5 only two days after the official release. Not […]
It’s already in the code for Dokeos 1.8.5 since 2 weeks ago: files extensions filtering. It was possible, in 1.8.4, to filter files extensions coming from ZIP files, but I didn’t have time back then to include a widespread file filtering. It is included now. There is still a problem whereby Windows interprets files looking […]
I don’t know why exactly, maybe it’s because some system administrators go on holiday, or maybe it’s because evil students (understand young crackers) are on holiday themselves, but the festive season is always a time when we have more attempted security attacks on our servers. Oh, by the way, hackers are just people looking into […]
Recent comments