Search:

Type: Posts; User: tchryan

Page 1 of 18 1 2 3 4

Search: Search took 0.07 seconds.

  1. A commit has been pushed that adds support for...

    A commit has been pushed that adds support for clam(d) while in monitor mode, which ive done limited testing on and works as intended.

    You can grab the latest git version from the github project...
  2. These are cleaner rules used to strip...

    These are cleaner rules used to strip base64/gzbase64 injections from php files. They are not malware and do not pose any risk to the system and have been part of the LMD installation for some 3...
  3. [FEATURED] I am inclined to agree, we can implement changes...

    I am inclined to agree, we can implement changes that stand to improve the overall security of systems to reduce the risk of log spoofing but as in most cases it is a balancing act between...
  4. [FEATURED] The processing output is verbose CLI only output...

    The processing output is verbose CLI only output now and bfd will only log authentication failures/bans. You can use 'bfd -a' to see report of all current trending attackers.
  5. [FEATURED] This issue is mitigated by the use of the...

    This issue is mitigated by the use of the RESV_DNS feature in conf.apf. I will ensure the option is explicitly force-enabled when RAB is enabled. Apologize if I missed your e-mail on this, was not...
  6. Apologies for late reply, I aiming to release LMD...

    Apologies for late reply, I aiming to release LMD 1.5 within the next 30 - 60d. I will issue a blog post on rfxn.com once it goes up along with a corresponding WHT post and updating the WHT Wiki...
  7. [FEATURED] There are realistically two solutions I can think...

    There are realistically two solutions I can think of offhand, one requires additional support from applications such as BFD, CSF etc.. and the other requires additional configuration by system...
  8. I am inclined to disagree (biased of course) that...

    I am inclined to disagree (biased of course) that LMD real-time protection consumes large amounts of CPU. We use at A Small Orange brands LMD on a substantially large server fleet with no tangible...
  9. [FEATURED] Correct, it is simply a mitigate method to stop...

    Correct, it is simply a mitigate method to stop the existing canned exploit. It does not correct the vulnerability itself but it does stop, for the moment, the exploits that currently exist in the...
  10. [FEATURED] The severity of this should not be understated. A...

    The severity of this should not be understated. A temporary means to mitigate this vulnerability is to disable kernel profiling from userspace:

    sysctl -w kernel.perf_event_paranoid=2

    Don't...
  11. Here are rules for mod_security and snort-inline...

    Here are rules for mod_security and snort-inline w/ flexresp:

    mod_security:


    SecRule REQUEST_FILENAME "modules/gateways/boleto.php" "deny,status:403,auditlog,chain"
    SecRule ARGS:invoiceid...
  12. Please use the maldetect checkout feature to send...

    Please use the maldetect checkout feature to send any malware files it is not detecting to us for hashing/signature creation so that we may detect it in the future. This can be done with the '-c'...
  13. Try and see if you have the lcap command...

    Try and see if you have the lcap command installed, run it as root:
    # lcap

    If it produces output see if there is an asterisk sign next to capability 19 CAP_SYS_PTRACE, if there is no asterisk...
  14. The bug although fixed by the proftpd team has as...

    The bug although fixed by the proftpd team has as of yet to be fixed/updated in major panels that use it, such as plesk and cpanel. I would recommend switching to pure-ftpd on cpanel or manually...
  15. Replies
    2
    Views
    1,614

    You might find the following article helpful:...

    You might find the following article helpful:
    http://www.rfxn.com/nginx-caching-proxy/
  16. The packet must first arrive on the server before...

    The packet must first arrive on the server before the kernel (iptables) can do anything with it (i.e: reject / drop it), meaning if you are using tcpdump you are still going to see the traffic even...
  17. By working with ClamAV malware team to exchange...

    By working with ClamAV malware team to exchange signature data and along with the CymRU malware hash registery, the LMD project contributes back to the malware detection community at large and helps...
  18. One could argue the very same for CXS, none will...

    One could argue the very same for CXS, none will detect every single threat. However, LMD is community supported and allows for users to easily submit signatures for addition to the project in...
  19. At the end of the day, you are an end point...

    At the end of the day, you are an end point device, the attack/traffic must first arrive to your server before you can do anything to it. Once the traffic has arrived at the server, all you are...
  20. Though LMD goal is eventually to cover what...

    Though LMD goal is eventually to cover what Rkhunter and chkrootkit currently do, at the moment the current focus for LMD is on malware sourced from (web) application abuses. It does also detect an...
  21. You might also want to scan the user account with...

    You might also want to scan the user account with LMD for malware content you may have missed:
    http://www.webhostingtalk.com/wiki/Linux_Malware_Detect

    install it and run:
    lmd -a...
  22. Replies
    8
    Views
    1,856

    http://www.rfxn.com/projects/irsync-incremental-rs...

    http://www.rfxn.com/projects/irsync-incremental-rsync/
    http://www.rfxn.com/appdocs/README.irsync
    http://www.rfxn.com/irsync-limiting-passwordless-ssh-keys/

    Check out irsync, basically it creates...
  23. A free, open source alternative to cxs is Linux...

    A free, open source alternative to cxs is Linux Malware Detect available at http://www.rfxn.com/projects/linux-malware-detect/, also check out the wht wiki article at...
  24. The link for linux malware detect (LMD) you...

    The link for linux malware detect (LMD) you provided is to an actual blog entry, the project page is located at: http://www.rfxn.com/projects/linux-malware-detect/
  25. Replies
    10
    Views
    1,610

    This will come across as a bit self-promoting but...

    This will come across as a bit self-promoting but it not, you can try my new malware detection tool on the account in question and see if it catches any other malware on the domain. I can tell you...
Results 1 to 25 of 447
Page 1 of 18 1 2 3 4