Search:
Type: Posts; User: tchryan
Search: Search took 0.07 seconds.
-
07-21-2015, 07:31 PM
- Replies
- 47
- Views
- 8,967
A commit has been pushed that adds support for...
A commit has been pushed that adds support for clam(d) while in monitor mode, which ive done limited testing on and works as intended.
You can grab the latest git version from the github project... -
12-04-2014, 12:43 AM
- Replies
- 5
- Views
- 1,520
These are cleaner rules used to strip...
These are cleaner rules used to strip base64/gzbase64 injections from php files. They are not malware and do not pose any risk to the system and have been part of the LMD installation for some 3...
-
02-04-2014, 03:46 AM
- Replies
- 43
- Views
- 14,461
[FEATURED] I am inclined to agree, we can implement changes...
I am inclined to agree, we can implement changes that stand to improve the overall security of systems to reduce the risk of log spoofing but as in most cases it is a balancing act between...
-
02-04-2014, 03:42 AM
- Replies
- 43
- Views
- 14,461
[FEATURED] The processing output is verbose CLI only output...
The processing output is verbose CLI only output now and bfd will only log authentication failures/bans. You can use 'bfd -a' to see report of all current trending attackers.
-
02-01-2014, 02:29 AM
- Replies
- 43
- Views
- 14,461
[FEATURED] This issue is mitigated by the use of the...
This issue is mitigated by the use of the RESV_DNS feature in conf.apf. I will ensure the option is explicitly force-enabled when RAB is enabled. Apologize if I missed your e-mail on this, was not...
-
01-29-2014, 11:42 PM
- Replies
- 11
- Views
- 2,744
Apologies for late reply, I aiming to release LMD...
Apologies for late reply, I aiming to release LMD 1.5 within the next 30 - 60d. I will issue a blog post on rfxn.com once it goes up along with a corresponding WHT post and updating the WHT Wiki...
-
01-29-2014, 10:09 PM
- Replies
- 43
- Views
- 14,461
[FEATURED] There are realistically two solutions I can think...
There are realistically two solutions I can think of offhand, one requires additional support from applications such as BFD, CSF etc.. and the other requires additional configuration by system...
-
01-15-2014, 03:10 AM
- Replies
- 11
- Views
- 2,744
I am inclined to disagree (biased of course) that...
I am inclined to disagree (biased of course) that LMD real-time protection consumes large amounts of CPU. We use at A Small Orange brands LMD on a substantially large server fleet with no tangible...
-
05-14-2013, 11:36 AM
Thread: Kernel 0-day Going around in Hosting Security and Technology
by tchryan- Replies
- 44
- Views
- 6,906
[FEATURED] Correct, it is simply a mitigate method to stop...
Correct, it is simply a mitigate method to stop the existing canned exploit. It does not correct the vulnerability itself but it does stop, for the moment, the exploits that currently exist in the...
-
05-14-2013, 11:31 AM
Thread: Kernel 0-day Going around in Hosting Security and Technology
by tchryan- Replies
- 44
- Views
- 6,906
[FEATURED] The severity of this should not be understated. A...
The severity of this should not be understated. A temporary means to mitigate this vulnerability is to disable kernel profiling from userspace:
sysctl -w kernel.perf_event_paranoid=2
Don't... -
05-31-2012, 03:44 PM
- Replies
- 17
- Views
- 6,421
Here are rules for mod_security and snort-inline...
Here are rules for mod_security and snort-inline w/ flexresp:
mod_security:
SecRule REQUEST_FILENAME "modules/gateways/boleto.php" "deny,status:403,auditlog,chain"
SecRule ARGS:invoiceid... -
01-02-2011, 05:54 PM
- Replies
- 13
- Views
- 5,140
Please use the maldetect checkout feature to send...
Please use the maldetect checkout feature to send any malware files it is not detecting to us for hashing/signature creation so that we may detect it in the future. This can be done with the '-c'...
-
11-28-2010, 07:08 PM
Thread: Help with lsof errors in Hosting Security and Technology
by tchryan- Replies
- 4
- Views
- 1,425
Try and see if you have the lcap command...
Try and see if you have the lcap command installed, run it as root:
# lcap
If it produces output see if there is an asterisk sign next to capability 19 CAP_SYS_PTRACE, if there is no asterisk... -
11-08-2010, 10:00 PM
- Replies
- 4
- Views
- 2,590
The bug although fixed by the proftpd team has as...
The bug although fixed by the proftpd team has as of yet to be fixed/updated in major panels that use it, such as plesk and cpanel. I would recommend switching to pure-ftpd on cpanel or manually...
-
11-08-2010, 08:58 PM
Thread: cPanel Nginx in Hosting Security and Technology
by tchryan- Replies
- 2
- Views
- 1,614
You might find the following article helpful:...
You might find the following article helpful:
http://www.rfxn.com/nginx-caching-proxy/ -
09-21-2010, 12:24 PM
- Replies
- 3
- Views
- 1,144
The packet must first arrive on the server before...
The packet must first arrive on the server before the kernel (iptables) can do anything with it (i.e: reject / drop it), meaning if you are using tcpdump you are still going to see the traffic even...
-
09-19-2010, 01:39 AM
- Replies
- 13
- Views
- 8,814
By working with ClamAV malware team to exchange...
By working with ClamAV malware team to exchange signature data and along with the CymRU malware hash registery, the LMD project contributes back to the malware detection community at large and helps...
-
09-16-2010, 03:36 PM
- Replies
- 13
- Views
- 8,814
One could argue the very same for CXS, none will...
One could argue the very same for CXS, none will detect every single threat. However, LMD is community supported and allows for users to easily submit signatures for addition to the project in...
-
09-01-2010, 12:53 AM
Thread: How to stop this attack? in Hosting Security and Technology
by tchryan- Replies
- 17
- Views
- 4,123
At the end of the day, you are an end point...
At the end of the day, you are an end point device, the attack/traffic must first arrive to your server before you can do anything to it. Once the traffic has arrived at the server, all you are...
-
08-19-2010, 06:38 PM
- Replies
- 4
- Views
- 2,475
Though LMD goal is eventually to cover what...
Though LMD goal is eventually to cover what Rkhunter and chkrootkit currently do, at the moment the current focus for LMD is on malware sourced from (web) application abuses. It does also detect an...
-
08-14-2010, 08:02 PM
Thread: Web Shell by oRb malware in Hosting Security and Technology
by tchryan- Replies
- 10
- Views
- 21,620
You might also want to scan the user account with...
You might also want to scan the user account with LMD for malware content you may have missed:
http://www.webhostingtalk.com/wiki/Linux_Malware_Detect
install it and run:
lmd -a... -
07-23-2010, 04:18 PM
Thread: Snapshots backups in Hosting Security and Technology
by tchryan- Replies
- 8
- Views
- 1,856
http://www.rfxn.com/projects/irsync-incremental-rs...
http://www.rfxn.com/projects/irsync-incremental-rsync/
http://www.rfxn.com/appdocs/README.irsync
http://www.rfxn.com/irsync-limiting-passwordless-ssh-keys/
Check out irsync, basically it creates... -
07-05-2010, 01:00 PM
Thread: eXploit Scanner (cxs) in Hosting Security and Technology
by tchryan- Replies
- 21
- Views
- 9,885
A free, open source alternative to cxs is Linux...
A free, open source alternative to cxs is Linux Malware Detect available at http://www.rfxn.com/projects/linux-malware-detect/, also check out the wht wiki article at...
-
07-05-2010, 12:52 PM
- Replies
- 2
- Views
- 1,369
The link for linux malware detect (LMD) you...
The link for linux malware detect (LMD) you provided is to an actual blog entry, the project page is located at: http://www.rfxn.com/projects/linux-malware-detect/
-
05-15-2010, 06:52 PM
Thread: Very odd file in Hosting Security and Technology
by tchryan- Replies
- 10
- Views
- 1,610
This will come across as a bit self-promoting but...
This will come across as a bit self-promoting but it not, you can try my new malware detection tool on the account in question and see if it catches any other malware on the domain. I can tell you...
Results 1 to 25 of 447