Archive for octobre, 2009

Cleaning up your web server logfiles. [fr]

mardi, octobre 27th, 2009

If you are, like me, maintaining a public web server, you might have encountered logfile entries similar to that:

0.0.0.0 - - [19/Apr/2009:01:46:16 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"
0.0.0.0 - - [19/Apr/2009:01:52:20 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"
0.0.0.0 - - [19/Apr/2009:01:58:23 +0200] "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 358 "-" "-"

This is the result of a braindead scanner. It cause no real harm, but it is very annoying and pollute your logs with pointless requests.

This is an easy one with iptables:

# Get my IPv4 address
MYIP=$(hostname -i)
# Build the LOGDROP target: log the bad packet before sending it into oblivion
iptables -X LOGDROP # Delete then recreate
iptables -N LOGDROP
iptables -A LOGDROP -j LOG
iptables -A LOGDROP -j DROP
# w00tw00t get out !!
iptables -I INPUT -d $MYIP -p tcp --dport 80 -m string --to 70 --algo bm --string 'GET /w00tw00t.at.ISC.SANS.' -j LOGDROP

Something else you can add to block other random bots:

# anti-scanner
iptables -I INPUT -d $MYIP -p tcp --dport 80 -m string --to 700 --algo bm --string "Host: $MYIP" -j LOGDROP

Why ??
Because a regular web browser will always set the ‘Host:’ entry in the request header with a valid hostname. Zombies tend to generate an IP address at random and put it into the ‘Host:’ entry, hoping for the best.

With that setup, any bad packet will be sent to the system log. If something breaks, you will have a place to start looking.

Thank you: http://spamcleaner.org/fr/misc/w00tw00t.html

Painful WordPress installation [fr]

mardi, octobre 20th, 2009

Okay, i had to make it live earlier than expected due to a missing robots.txt file. This wordpress was installed on a not-so-public testing virtualhost and the Google bot started to snoop and index stuff located there.

Furthermore, i discovered that migrating WordPress to another domain/subdomain/virtualhost is not an easy task: it stores a lot of its URLs in full into the database (ouch !!). Since i’m not the king of regex with SQL commands, i made a dump of the wordpress database with the following command:

mysqldump --add-drop-table -u [db user] -p[db passwd] [wordpress db] > wordpress_db.sql

Then i edited the raw SQL statements with my favoutite text editor and re-imported the modified database with

cat wordpress_db.sql | mysql -u [db user] -p[db passwd]

Add this to your web server configuration to solve the Google indexing problem.

Redirect permanent /wordpress_folder/ http://yourdomain.example.com/

The layout is not fixed yet, there are still some missing items.
The galleries did not move: they are still here and here.

Reconfigurer le SpeedTouch Pro/510 en mode bridge simple [fr]

dimanche, octobre 18th, 2009

Tapez ces commandes dans une console telnet vers le modem/routeur


:atmf flush # Résulte en une erreur sur le STH hacké
:ppp flush
:pptp flush
:cip flush
:bridge flush
:mer flush
:phonebook flush
:phonebook add name=br1 addr=8.35 type=bridge # 8.35=VPI.VCI pour la Belgique
:bridge config age=300
:bridge ifadd dest=br1
:bridge portadd dest=br1 proto=llc # Résulte en une erreur sur le STH hacké
:bridge portconfig port=br1 state=forwarding # Résulte en une erreur sur le STH hacké
:bridge ifconfig intf=br1 encaps=llc/snap retry=10 portstate=forwarding
:bridge ifattach intf=br1
:config save

Certaines commandes telnet se terminent en erreur: pas de quoi s’inquiéter: ces commandes sont là pour compatibilité avec d’autres versions de firmwares

Source: http://www.forpage.com (lien cassé)

Windows and IPv6 [fr]

dimanche, octobre 11th, 2009

This is something really nice about Windows that few people know about: anybody with a recent enough copy of Windows have an IPv6-ready network stack.

Windows XP

The IPv6 stack is disabled by default, but it is very easy to enable: you just need to open the command prompt as administrator (start->run, cmd),then run the following command

netsh interface ipv6 install

If you already have an IPv6-enabled network

(unlikely if you’re behind a consumer-grade router)
Windows will automatically build an usable address using the subnet sent by the router and the MAC-address of the selected interface.

If you’re behind a NAT box/router

Type the following command to enable Teredo tunnelling

netsh interface ipv6 set teredo client

Windows Vista ant up

You don’t have to do anything: what’s described here is (finally) enabled by default !!

Type ipconfig anytime to check your network configuration: a production-ready public address will usually start with 2001: