Posts Tagged ‘security’

So all these sites around the net get hacked these days

Friday, July 26th, 2013

The method? Stupid people, like myself, using the same password on many sites. Ups 😐

Ok, so I’ve been on the internet since like .. 15 years or so and back then my security paranoia wasn’t this advanced. My short memory wasn’t this short either so back then I would use a set of the same passwords. I can really only recall 2 of them now and they were maybe like 10 or so back in the day.

Anyway, I’ve got a lot of accounts since then which use that same old password. Correction. Had 😀

I just went over my keepass list (god do I have many accounts) and changed each and every one of them to a password that is unique to that account.

Phew.

So … sites getting hacked, ha? Ok, paranoia level increased.

Related posts

mod_security sucks big time

Sunday, November 1st, 2009

I installed mod_security a little while ago and guess what: nothing works anymore.
I mean god, are you guys really that stupid not to test against the major scripts our there? wordpress, joomla !!!! gallery, phpbb, etc, nothing works.
Jesus Christ, what kind of a stupid shit is this? It reminds me of the days I tested various firewalls for window and got into core force.
I’m gonna google for a bit to see if there is any good resolution for this but if not, go screw you guys.
I mean I added like over 10 rules to th exception list according to various findings and nothing, I can’t even post a damn shit.

Related posts

Possible DOS attack caught on time

Thursday, October 22nd, 2009

My server suddenly went under a very heavy load, similar with a DOS (Denial Of Service) attack. Luckily I was 1 foot away form it and heard the hard-drive working like crazy so I ssh-ed in the server, checked the running processes, noticed it was a high load on mysql (only possible via web), did a netstat, found the offending IP and temporarely -j DROP-ped it out with iptables. the load stopped suddenly so my finding was right.

this is the offending ip: 85.92.222.254
anyone know the guy behind it, hit him hard in the head.
will see if he returns and if he does, the -j DROP will become permanent.
Just for the record I currently have 7 IPs with permanent -j DROP . I should probably remove them since they are pretty old and with the use of DHCP the IPs probably belong to a ton of other people now.

Related posts

Site advertising their security component obviously got hacked

Saturday, July 4th, 2009

Joomsuite hacked

Joomsuite hacked

Jomsuite has a security component for joomla, named Defender. It is advertised as the best (and if my memory servers me correctly, the only) security option for joomla sites.
You can see in the attached screenshot how good this component is.
Their video tutorial on the subject is here: http://joomsuite.com/index.php?option=com_resource&controller=article&article=5678&category_id=150&Itemid=135
well, it will be available once they solve their security hole 🙂

Related posts