Disable fopensock pfopensock

By , February 25, 2011 9:59 PM

Disable php Directives(fopensock) & (pfopensock) We were victims of a clever spammer, who was able to upload a php script that simulated/emulated SMTP. It also had code that bypassed the syslog.

I finally caught them, after a month of searching in our own server.

I tarred up the scripts for further analysis, and deleted the account, and more.

When I finished breaking down this script I saw that the whole concept depended on one php directive.

fopensock()

Just disable the fsockopen() in your /etc/php.ini

disable_functions = phpinfo,fsocket,fsockopen,pfsockopen

MYSQL Tuning and Optimizing of my.ini or my.cnf

By , February 25, 2011 8:35 PM

One of the factors with the biggest impact on database performance is not the MySQL settings, but your queries! Make sure you have optimized all your queries first, and have created the right indexes on your tables for MySQL to use.

When tuning MySQL, the two most important variables to configure are key_buffer_size and table_cache. You should first feel confident that you have these set appropriately before trying to optimize any other variables. Ideally, key_buffer_size will be large enough to contain all the indexes (i.e. at least the total size of all .MYI files on the server) of your MyISAM tables.

1. query_cache_size:
* MySQL provides one feature that can prove very handy – a query cache. In a situation where the database has to repeatedly run the same queries on the same data set, returning the same results each time, MySQL can cache the result set, avoiding the overhead of running through the data over and over and is extremely helpful on busy servers.
2. key_buffer_size:
* The value of key_buffer_size is the size of the buffer used with indexes. The larger the buffer, the faster the SQL command will finish and a result will be returned. The rule-of-thumb is to set the key_buffer_size to at least a quarter, but no more than half, of the total amount of memory on the server. Ideally, it will be large enough to contain all the indexes (the total size of all .MYI files on the server).
* A simple way to check the actual performance of the buffer is to examine four additional variables: key_read_requests, key_reads, key_write_requests, and key_writes.
* If you divide the value of key_read by the value of key_reads_requests, the result should be less than 0.01. Also, if you divide the value of key_write by the value of key_writes_requests, the result should be less than 1.
3. table_cache:
* The default is 64. Each time MySQL accesses a table, it places it in the cache. If the system accesses many tables, it is faster to have these in the cache. MySQL, being multi-threaded, may be running many queries on the table at one time, and each of these will open a table. Examine the value of open_tables at peak times. If you find it stays at the same value as your table_cache value, and then the number of opened_tables starts rapidly increasing, you should increase the table_cache if you have enough memory.
4. sort_buffer:
* The sort_buffer is very useful for speeding up myisamchk operations (which is why it is set much higher for that purpose in the default configuration files), but it can also be useful everyday when performing large numbers of sorts.
5. read_rnd_buffer_size:
* The read_rnd_buffer_size is used after a sort, when reading rows in sorted order. If you use many queries with ORDER BY, upping this can improve performance. Remember that, unlike key_buffer_size and table_cache, this buffer is allocated for each thread. This variable was renamed from record_rnd_buffer in MySQL 4.0.3. It defaults to the same size as the read_buffer_size. A rule-of-thumb is to allocate 1KB for each 1MB of memory on the server, for example 1MB on a machine with 1GB memory.
6. thread_cache:
* If you have a busy server that’s getting a lot of quick connections, set your thread cache high enough that the Threads_created value in SHOW STATUS stops increasing. This should take some of the load off of the CPU.
7. tmp_table_size:
* “Created_tmp_disk_tables” are the number of implicit temporary tables on disk created while executing statements and “created_tmp_tables” are memory-based. Obviously it is bad if you have to go to disk instead of memory all the time.

Notes for the future (i.e InnoDB):
If you use InnoDB, it’s buffer pool is controlled by: innodb_buffer_pool_size (this cache also holds row level data). This is the equivalent of key_buffer_size for MyISAM key buffers.
innodb_additional_mem_pool_size
This variable stores the internal data structure. Make sure it is big enough to store data about all your InnoDB tables (you will see warnings in the error log if the server is using OS memory instead).
Since MySQL 4.1.1, the buffer block size is available with the key_cache_block_size server variable. Default 1024.

then test your setup on http://www.omh.cc/mycnf/ to check your max memory size

XAMPP WebDAV Vulnerability

By , February 21, 2011 11:49 PM

XAMPP WebDAV Vulnerability

This vulnerability basically WebDav can be access like ftp server if you know the username & Password. since Xampp places the default username & password the user doesn’t restrict the access to xampp directory after the xampp installtion attackers can places their files & execute remotely. they can use your PC to DDoS their targets.

Quite a strange my machine generating 80Mbps traffic towards one of the host.
as usual i searched through process explore (sysinternal ) for any unwanted process + tcp connection, Nothing suspicious.But Anti-Virus logs points out http.exe trying to access IRC ports http.exe is xammp apache server process.

—–

Im getting sick of all the complains on pm that users are getting hacked with the WebDAV exploit.
So here is how to fix your problem(s):

WebDAV exploit:
1 step: Go to your XAMPP installation folder.
2 step: Delete the folder with the name WebDAV

XAMPP Security:
1 step: Delete the xampp directory in HTDOCS
2 step: Delete the security dir in your main xampp folder.

Extra’s:
Delete the file in the cgi-bin directory in your main xampp folder.

How the WebDAV exploit works:
A guy uses a program (i wont say the name here) to access your WebDAV installation. And since the password is default (unless you have changed it) the person can upload a shell, and gain access to everything on your server.

This is very easy to do, and will save you for alot of time.

STUN SERVERS

By , February 12, 2011 2:00 AM

stun.xten.com
stun1.noc.ams-ix.net
stun.fwd.org

stun.voipbuster.com
stun01.sipphone.com
stun.voxgratia.org

try 3478
or if that fails 3487

Mark 8

By , February 1, 2011 10:22 AM

MARK 8
And he called unto him the multitude with his disciples, and said unto them, If any man would come after me, let him deny himself, and take up his cross, and follow me.

For whosoever would save his life shall lose it; and whosoever shall lose his life for my sake and the gospel’s shall save it.

For what doth it profit a man, to gain the whole world, and forfeit his life?

For whosoever shall be ashamed of me and of my words in this adulterous and sinful generation, the Son of man also shall be ashamed of him, when he cometh in the glory of his Father with the holy angels.

Thomas Challenger Thomas Challenger