If you're new here, you may want to subscribe to my RSS feed. So that you can read the latest updates about Web2.0 tools, Making Money Online, Tips in SEO, Ajax and many more. Thanks for visiting ProgramimiCOM!

Website templates are very affordable and they save you a lot of effort and time when you want to create a new layout for your website. However, a lot of people make mistakes in the process of choosing and using a web template and end up with something that was unlike the image they had in mind. Here are some guidelines to help you avoid those mistakes.

The first obvious mistake you should be aware of is using a template that is very popular. If many people use the same template, your website will not appear unique at all and your credibility as a solid, different website will be tarnished. In other words, you will appear generic just like your next-door neighbours.

To whole point of using a web template is to save time and effort. You just change the title and appropriate details and you’re done. The biggest mistake one makes is to customize the template beyond recognisation. While that may be good in the sense that you’re creating a unique graphic, you’re defying the very purpose of using a web template — saving time and effort.

However, on the opposite side, if a template you purchase is suitable but some changes must be made to suit your site’s theme, then you will have to take some time to make the changes. For example, you can find a very nice template that suits your hobby site except the original designer has put an image of stamps in the header. You can find images of garden plants and spades to replace the stamps for your gardening hobby site. However, do only make the necessary changes and don’t redesign the whole template.

In some circumstances, some people simply make the wrong choice of templates. This is a very subjective issue but you have to be careful in selecting templates to suit your audience. Do not choose templates just because they are pretty, choose them because they serve your purpose.

• 0 Comments

It is the search engines that finally bring your website to the notice of the prospective customers. When a topic is typed for search, nearly instantly, the search engine will sift through the millions of pages it has indexed about and present you with ones that match your topic. The searched matches are also ranked, so that the most relevant ones come first.

Remember that a prospective customer will probably only look at the first 2-3 listings in the search results. So it does matter where your website appears in the search engine ranking.

Further, they all use one of the top 6-7 search engines and these search engines attract more visitors to websites than anything else. So finally it all depends on which search engines the customers use and how they rank your site.

It is the Keywords that play an important role than any expensive online or offline advertising of your website.

It is found by surveys that a when customers want to find a website for information or to buy a product or service, they find their site in one of the following ways:

1. • The first option is they find their site through a search engine.
2. • Secondly they find their site by clicking on a link from another website or page that relates to the topic in which they are interested.
3. • Occasionally, they find a site by hearing about it from a friend or reading in an article.

Thus it’s obvious the the most popular way to find a site, by search engine, represents more than 90% of online users. In other words, only 10% of the people looking for a website will use methods other than search engines.

All search engines employ a ranking algorithm and one of the main rules in a ranking algorithm is to check the location and frequency of keywords on a web page. Don’t forget that algorithms also give weightage to link population (number of web pages linking to your site). When performed by a qualified, experienced search engine optimization consultant, your site for high search engine rankings really does work, unless you have a lot of money and can afford to pay the expert. With better knowledge of search engines and how they work, you can also do it on your own.

• 0 Comments

A sitemap is often considered redundant in the process of building a website, and that is indeed the fact if you made a sitemap for the sake of having one. By highlighting the importance of having a well constructed sitemap, you will be able to tailor your own sitemap to suit your own needs.

1) Navigation purposes

A sitemap literally acts as a map of your site. If your visitors browses your site and gets lost between the thousands of pages on your site, they can always refer to your sitemap to see where they are, and navigate through your pages with the utmost ease.

2) Conveying your site’s theme

When your visitors load up your sitemap, they will get the gist of your site within a very short amount of time. There is no need to get the “big picture” of your site by reading through each page, and by doing that you will be saving your visitors’ time.

3) Site optimization purposes

When you create a sitemap, you are actually creating a single page which contains links to every single page on your site. Imagine what happens when search engine robots hit this page — they will follow the links on the sitemap and naturally every single page of your site gets indexed by search engines! It is also for this purpose that a link to the sitemap has to be placed prominently on the front page of your website.

4) Organization and relevance

A sitemap enables you to have a complete bird’s eye view of your site structure, and whenever you need to add new content or new sections, you will be able to take the existing hierarchy into consideration just by glancing at the sitemap. As a result, you will have a perfectly organized site with everything sorted according to their relevance.

From the above reasons, it is most important to implement a sitemap for website projects with a considerable size. Through this way, you will be able to keep your website easily accesible and neatly organized for everyone.

• 0 Comments

Installing Apache on Windows, why? Because let’s face it Windows is easy, and well Apache sure beats using IIS. This tutorial is meant for the person who would like to set up there own little web server. It’s not meant for the IT Person running a fortune 500 company. But hey if you want go ahead.

Instalation:

First thing you need is to download the webserver. Now for windows
users your gonna want to go download the .exe . The apache website is www.apache.org Your gonna wanna head to the apache
binaries sections for Win32 I believe it is at http://www.apache.org/dist/httpd/binaries/win32/
There you will be able to download a version of apache.

Now before you download it you gonna want to make a folder. This folder is
where your gonna server your root directory. Now if you don’t want to do
this it’s ok. You can use the default path if you want. Put usually this helps
in setting up other things like php, and MySQL. Most people do is they create
a folder in the C:\ directory called WWW or somthin. You can name it whatever you want.

Ok so have downloaded the Apache Web Server. Your ready to go with the setup.
No the version I have downloaded was apache_2.0.36-win32-x86-no_ssl.msi This
was a newer version and supposedly supposed to be more secure. The first screen you get when your in the setup is The welcome screen we don’t care much about that
but owell so hit next. The next screen is the terms and service. And yes
your going to agree to the terms duh. The next screen is some documentation.
I never really read it but if you want go ahead and do it. Once your done
hit next again. Know we see a screen that says enter a network domain. Erase what is ever in there and type localhost. Now the next box says
Servername, erace what is ever in the box and put in localhost.
The next is Administrators e-mail address. Go ahead and fill that in.
But make sure to change it. Now there are 2 little radio buttons.
Pick the one that best suites your needs. Now that we got that all
filled out. Hit Next and you’ll go to a screen that asks you which
type of install you want to do. Then hit next.

If you wanted to server out of your one special folder. Change the
file location of were your gonna install apache. Or just leave it at the default path. Click install and it should be on
it’s way. Once it’s done installing hit the finish button.

The test:
First were gonna check to see if Apache installed correctly.
This is how we do it. Open up Internet Explorer and type in ” http://localhost” . If everything went smooth then you should
be seeing a message that looks like this” Seeing this instead of the website you expected?” Yippee!!!
Apache is working. See now wasnt’ that really simple. Ok now were gonna
do some fun stuff.

Alright now that we got or test done lets move on to changing some of this
stuff that apache did on default. In Internet Explorer if you installed
on the deafult path. Make your way to C:\Program Files\Apache Group\Apache2
This is your Main Apache Directory were you can find everything. If you want
take a short break and run around. There are some cool things there. Don’t
worry if you don’t understand what’s in these files just yet.

Break Time:
Go take a leak, get some pepsi and somthin to eat. If you got smokes light
them up in your new found glory.

Alright so now you’ve got apache installed and your about to start dishing out
your web pages that you took so much time on to build. Head to the folder called
htdocs, this is your main folder. There should be a whole bunch of pages What i do
is i select them all and move them to another folder. The htdocs folder is the best
folder in the world. It’s gonna be one of the places you spend most of your time
dishing out content for the world. Ok so get rid of all that stuff that is in your
htdocs folder. And move all your great content inside replacing it. Alright so now
once we moved all are content inside the htdocs folder and we tested it to make
sure it was there. http://localhost remember. Now let’s get out of there. Go to
Apache’s main directory. Now just to be aware of what is going on and get a good
example of how Apache Functions head off to a folder called “conf” This is the
configuration files Apache Uses. If you ever wanted to install php and other
server side scripting languages this is where you would do it. Now you get 2 copys
Use 1 as a backup and never edit it at all. Go ahead and open the folder and open
“httpd.conf” Read it very carefully cause in this tutorial were not gonna read
about it. I just want you to know it’s there. Anytime you edit the httpd.conf file
you must re-start apache in order for it to work. Another good tip for you new people
to apache is you may notice the log files. Yes there great and make sure to make backups
of the logs they will come in handy. As security precautions. I also recommend getting
a firewall set up. There are lots of great security features that apache has but this
is a tutorial to installing apache.

Alright so now you’ve got your webpages up. But the only way people will be able to view
your pages is my typing in your ip address. This is a bumper. Lets look at some free
re-directories. www.n2v.net, This is a cool one. You sign up put your ip adress of your
new webserver in and whalla your done. Type in www. .n2v.net and it goes to your server
and brings up your super nice webpages. Now if you go to google and search for free
domain names or re-directors you should come up with alot. Many People already know
about the www.dot.tk one of the coolest things in the world. Free .tk very simple
That’s all you need. It works perfect for my webserver and I’ve got around 3,000 hits
so it’s working good. If you don’t wanna do it you don’t have to. But it just
makes it simple.

Alright that comes to the conclusion of installing Apache Win32 for WINDOWS users.
Very easy. One last thing Please Read more of the Apache
Documentation either on there website or in your Apache2
directory. If you liked reading this tutorial on how to setup Apache check my
website for others at www.bonfire.tk . Yes there will be follow ups. I’ll be
writing another apache tutorail soon so you can set up PHP. The most awesome
scripting language ever built. And also another on how to secure Apache and yes
ALL FOR WINDOWS!! .

• 0 Comments

What is BFD (Brute Force Detection)?
BFD is a modular shell script for parsing applicable logs and checking for authentication failures. There is not much complexity or detail to BFD yet and likewise it is very straight-forward in its installation, configuration and usage. The reason behind BFD is very simple; the fact there is little to no authentication and brute force auditing programs in the linux community that work in conjunction with a firewall or real-time facility to place bans. BFD is available at: http://www.rfxnetworks.com/bfd.php

This guide will show you how to install and configure BFD to protect your system from brute force hack attempts.

Requirements:
- You MUST have APF Firewall Installed before installing BFD - it works with APF and requires some APF files to operate.
- Root SSH access to your server

Updated: April 13, 2005

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/bfd-current.tar.gz

3. tar -xvzf bfd-current.tar.gz

4. cd bfd-0.7

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

.: BFD installed
Install path: /usr/local/bfd
Config path: /usr/local/bfd/conf.bfd
Executable path: /usr/local/sbin/bfd

6. Lets edit the configuration file: pico /usr/local/bfd/conf.bfd

7. Enable brute force hack attempt alerts:
Find: ALERT_USR=”0″ CHANGE TO: ALERT_USR=”1″

Find: EMAIL_USR=”root” CHANGE TO: EMAIL_USR=”your@yourdomain.com”

Save the changes: Ctrl+X then Y

8. Prevent locking yourself out!
pico -w /usr/local/bfd/ignore.hosts and add your own trusted IPs
Eg: 192.168.1.1

Save the changes: Ctrl+X then Y

BFD uses APF’ cli insert feature
and as such will override any allow_hosts.rules entries users have in-place.
So be sure to add your trusted ip addresses to the ignore file to prevent
locking yourself out.

9. Run the program!
/usr/local/sbin/bfd -s

10. Customize your applicatoins brute force configuration
Check out the rules directory in your /usr/local/bfd

Here you’ll find all kinds of pre-made rules for popular services such as Apache, and ProFTPD w00t!
If you have any clue about shell scripting you can customize them or create new rules for enhanced brute force detection and prevent attacks.

Thanks to RFX Networks for creating another great script for the community, Brute Force Detection is excellent!

Cheers

• 0 Comments

What is APF (Advanced Policy Firewall)? APF Firewall
APF is a policy based iptables firewall system designed for ease of use and configuration. It employs a subset of features to satisfy the veteran Linux user and the novice alike. Packaged in tar.gz format and RPM formats, make APF ideal for deployment in many server environments based on Linux. APF is developed and maintained by R-fx Networks: http://www.rfxnetworks.com/apf.php

This guide will show you how to install and configure APF firewall, one of the better known Linux firewalls available.10

Limit SSH connections to one IP with APF in this advanced tutorial

Requirements:
- Root SSH access to your server

Lets begin!
Login to your server through SSH and su to the root user.

1. cd /root/downloads or another temporary folder where you store your files.

2. wget http://www.rfxnetworks.com/downloads/apf-current.tar.gz

3. tar -xvzf apf-current.tar.gz

4. cd apf-0.9.5-1/ or whatever the latest version is.

5. Run the install file: ./install.sh
You will receive a message saying it has been installed

Installing APF 0.9.5-1: Completed.

Installation Details:
Install path: /etc/apf/
Config path: /etc/apf/conf.apf
Executable path: /usr/local/sbin/apf
AntiDos install path: /etc/apf/ad/
AntiDos config path: /etc/apf/ad/conf.antidos
DShield Client Parser: /etc/apf/extras/dshield/

Other Details:
Listening TCP ports: 1,21,22,25,53,80,110,111,143,443,465,993,995,2082,2083,2086,2087,2095,2096,3306
Listening UDP ports: 53,55880
Note: These ports are not auto-configured; they are simply presented for information purposes. You must manually configure all port options.

6. Lets configure the firewall: pico /etc/apf/conf.apf
We will go over the general configuration to get your firewall running. This isn’t a complete detailed guide of every feature the firewall has. Look through the README and the configuration for an explanation of each feature.

We like to use DShield.org’s “block” list of top networks that have exhibited
suspicious activity.
FIND: USE_DS=”0″
CHANGE TO: USE_DS=”1″

7. Configuring Firewall Ports:

Cpanel Servers
We like to use the following on our Cpanel Servers

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports -3000_3500 = passive port range for Pure FTPD
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,2082,2083, 2086,2087, 2095, 2096,3000_3500″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43,2089″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Ensim Servers
We have found the following can be used on Ensim Servers - although we have not tried these ourselves as I don’t run Ensim boxes.

Common ingress (inbound) ports
# Common ingress (inbound) TCP ports
IG_TCP_CPORTS=”21,22,25,53,80,110,143,443,19638″
#
# Common ingress (inbound) UDP ports
IG_UDP_CPORTS=”53″

Common egress (outbound) ports
# Egress filtering [0 = Disabled / 1 = Enabled]
EGF=”1″

# Common egress (outbound) TCP ports
EG_TCP_CPORTS=”21,25,80,443,43″
#
# Common egress (outbound) UDP ports
EG_UDP_CPORTS=”20,21,53″

Save the changes: Ctrl+X then Y

8. Starting the firewall
/usr/local/sbin/apf -s

Other commands:
usage ./apf [OPTION]
-s|–start ……………………. load firewall policies
-r|–restart ………………….. flush & load firewall
-f|–flush|–stop ……………… flush firewall
-l|–list …………………….. list chain rules
-st|–status ………………….. firewall status
-a HOST CMT|–allow HOST COMMENT … add host (IP/FQDN) to allow_hosts.rules and
immediately load new rule into firewall
-d HOST CMT|–deny HOST COMMENT …. add host (IP/FQDN) to deny_hosts.rules and
immediately load new rule into firewall

9. After everything is fine, change the DEV option
Stop the firewall from automatically clearing itself every 5 minutes from cron.
We recommend changing this back to “0″ after you’ve had a chance to ensure everything is working well and tested the server out.

pico /etc/apf/conf.apf

FIND: DEVM=”1″
CHANGE TO: DEVM=”0″

10. Configure AntiDOS for APF
Relatively new to APF is the new AntiDOS feature which can be found in: /etc/apf/ad
The log file will be located at /var/log/apfados_log so you might want to make note of it and watch it!

pico /etc/apf/ad/conf.antidos

There are various things you might want to fiddle with but I’ll get the ones that will alert you by email.

# [E-Mail Alerts]
Under this heading we have the following:

# Organization name to display on outgoing alert emails
CONAME=”Your Company”
Enter your company information name or server name..

# Send out user defined attack alerts [0=off,1=on]
USR_ALERT=”0″
Change this to 1 to get email alerts

# User for alerts to be mailed to
USR=”your@email.com”
Enter your email address to receive the alerts

Save your changes! Ctrl+X then press Y
Restart the firewall: /usr/local/sbin/apf -r

11. Checking the APF Log

Will show any changes to allow and deny hosts among other things.
tail -f /var/log/apf_log

Example output:
Aug 23 01:25:55 ocean apf(31448): (insert) deny all to/from 185.14.157.123
Aug 23 01:39:43 ocean apf(32172): (insert) allow all to/from 185.14.157.123

12. New - Make APF Start automatically at boot time
To autostart apf on reboot, run this:

chkconfig –level 2345 apf on

To remove it from autostart, run this:

chkconfig –del apf

13. Denying IPs with APF Firewall (Blocking)
Now that you have your shiny new firewall you probably want to block a host right, of course you do! With this new version APF now supports comments as well. There are a few ways you can block an IP, I’ll show you 2 of the easier methods.

A) /etc/apf/apf -d IPHERE COMMENTHERENOSPACES
> The -d flag means DENY the IP address
> IPHERE is the IP address you wish to block
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being blocked
These rules are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -d 185.14.157.123 TESTING

pico /etc/apf/deny_hosts.rules

Shows the following:

# added 185.14.157.123 on 08/23/05 01:25:55
# TESTING
185.14.157.123

B) pico /etc/apf/deny_hosts.rules

You can then just add a new line and enter the IP you wish to block. Before this becomes active though you’ll need to reload the APF ruleset.

/etc/apf/apf -r

14. Allowing IPs with APF Firewall (Unblocking)

I know I know, you added an IP now you need it removed right away! You need to manually remove IPs that are blocked from deny_hosts.rules.
A)
pico /etc/apf/deny_hosts.rules

Find where the IP is listed and remove the line that has the IP.
After this is done save the file and reload apf to make the new changes active.

/etc/apf/apf -r

B) If the IP isn’t already listed in deny_hosts.rules and you wish to allow it, this method adds the entry to allow_hosts.rules

/etc/apf/apf -a IPHERE COMMENTHERENOSPACES
> The -a flag means ALLOW the IP address
> IPHERE is the IP address you wish to allow
> COMMENTSHERENOSPACES is obvious, add comments to why the IP is being removed These rules are loaded right away into the firewall, so they’re instantly active.
Example:

./apf -a 185.14.157.123 UNBLOCKING

pico /etc/apf/allow_hosts.rules

# added 185.14.157.123 on 08/23/05 01:39:43
# UNBLOCKING
185.14.157.123

Thanks to R-fx networks for developing and maintaining APF Firewall.

• 1 Comment

Want to be notified instantly when someone logs into your server as root? No problem, check out this nice tutorial on email notification for root logins. Keeping track of who logs into your server and when is very important, especially when you’re dealing with the super user account. We recommend that you use an email address not hosted on the server your sending the alert from.

So lets get started!

1. Login to your server and su to root, I know the irony!

2. cd /root

3. pico .bashrc

4. Scroll to the end of the file then add the following:
echo ‘ALERT - Root Shell Access (YourserverName) on:’ `date` `who` | mail -s “Alert: Root Access from `who | cut -d”(” -f2 | cut -d”)” -f1`” you@yourdomain.com

Replace YourServerName with the handle for your actual server
Replace you@yourdomain.com with your actual email address

5. Crtl + X then Y

Now logout of SSH, close the connection and log back in! You should receive an email address of the root login alert a few minutes afterwards.

Note: This is a great tool for servers that have multiple admins or if you give someone SSH access for whatever reason, although you should give out the root password to as few people as humanly possible and be sure to change it often.

This will not magically alert you when a hacker runs the latest kernel exploit on your server and logs into SSH because they will create their own SSH/telnet connection. You should keep your system up to date, install a firewall and follow the latest security releases.

• 0 Comments

Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web Port80 Software has developed an IIS server module called ServerMask to combat the majority of issues explored here for the Windows Web Server.

The Server Header Tells All
Most Web servers politely identify themselves and the OS to anyone who asks. Using a network query tool like Sam Spade or this Header Check, you can discern the HTTP Server header. Just request a Web site’s home page and examine the resulting HTTP headers or “banners” sent back by the server. Among them, you will likely find something like this:

Server: Microsoft-IIS/5.0

There is not much mystery here. Apache’s default settings make it no less identifiable:

Server: Apache/2.0.41-dev (UNIX)

You can remove or obscure this HTTP Server header in a variety of ways, depending on your platform. Apache 2.x users who have the mod_headers module loaded can use a simple directive in their httpd.conf file, as follows:
Header set Server “New Server Name Goes Here”

Unfortunately, mod_headers cannot alter the Server header in prior versions of Apache, so 1.3.x users will have to resort to editing the defines in httpd.h and recompiling Apache to get the same result. IIS users can install IISLockDown and use the configuration option in URLScan’s INI file for removing or replacing the header. Be careful with URLScan if you are using Cold Fusion application server — the way the current version replaces the Server header wreaks havoc with CFM pages. In fact, removing the header is the way to go when using URLScan, since if you try replacing the header it moves to the bottom of the header order — which pretty much gives away that you are running URLScan on IIS.

Unsightly File Extensions
Displaying file extensions like .asp or .aspx in a site is a clear indication that you are running a Microsoft server and, in general, hiding file extensions is a good practice to mask the technology generating dynamic pages. You can change your application mappings (.asp becomes .htm or .foo, etc.), but such one-to-one mapping can make mixing server-side technologies painful and does nothing to alleviate headaches during site migrations. Doing without file extensions altogether is an even better idea, not only for security but also for ease-of-migration and content negotiation. Apache people will want to take a look at mod_negotiation. Watch out, though, for the Content-Location header in the server’s response, which can give away the file extension that is not shown in the URL. You might have to suppress this header separately using mod_headers. In a similar vein, Port80 offers a tool called PageXchanger that allows file extension hiding in IIS.

Half-Baked Cookies
The ASP session ID cookie, used by the Session object to maintain client state, is another dead giveaway:

Set-Cookie: ASPSESSIONIDQGQGGWFC=MGMLNKMDENPEOPIJHPOPEPPB;

You can disable ASP Session State so that this cookie is not placed, but you lose the convenience of using the Session object to maintain client state. You could also create an ISAPI filter to change the names of any session ID cookie. On the other hand, ASP sessions are resource intensive, and turning them off improves the performance and scalability of your ASP application, while also helping to anonymize your server.

Send These to the Recycle Bin
WebDAV: Another way of identifying Microsoft servers is their implementation (from Windows 2000 and IIS 5.0 on) of WebDAV — the HTTP Extensions for Distributed Authoring and Versioning. WebDAV itself is not unique to Microsoft or IIS; it is a proposed standard (RFC 2518) with an IETF Working Group. Microsoft’s WebDAV support, however, adds a lot of information to the headers sent back by the server, especially when an HTTP OPTIONS request is made. If you are not using WebDAV (to support Outlook Web Access or Web Folders, etc.), you can disable it entirely by editing the registry or by using IISLockDown and URLScan.

Public Header: Certain Web servers betray their identity by displaying the Public header in HTTP responses. Few popular Web Servers send this header in response to OPTIONS requests (while almost all respond with the similar Allow header). The presence of Public is a good indication you are connected to either an IIS box or Netscape Enterprise 3.6. The Public header can be removed with a custom ISAPI filter (IIS) or NSAPI plug-in (Netscape).

Integrated Windows Authentication: IIS users should not rely on “Integrated Windows Authentication” — especially not as a way of hiding anything on the server. This method betrays the very secret it would keep, since a script or visual hacker can identify the Windows box by means of the WWW-Authenticate headers sent by the server. When a file or directory is protected by NT Challenge-Response authentication, one of the authentication headers contains the string “NTLM” (NT LAN Manager) — a Microsoft-specific form of HTTP authentication.

Get Your Headers Straight
The number and sequence of your HTTP headers and the presence or absence of certain platform-specific headers provide handy ways for more sophisticated hackers to fingerprint your Web server. A relatively unexplored area of server profiling, this will become a more common exploit as administrators start to implement countermeasures against obvious HTTP vulnerabilities like the Server header. For IIS users, a custom ISAPI filter can alter the Microsoft-specific header order or sequence to emulate, say, a default Apache installation. Apache users can accomplish any header order emulation they wish by experimenting with the location and order of Header directives in mod_headers.

Whose Default is That?
Default messages, pages and scripts of all kinds often contain clues to server identity, and these should be removed or modified accordingly. Software behind the Web server often bubbles error messages back through the HTTP request/response cycle, and customized HTTP errors can mask application server, database server, Web server and OS identity. For IIS, CustomError makes it easy for developers to deploy custom 404 and other HTTP error pages. This article shows how to implement custom HTTP errors in Apache. Avoid this on a development server, since, when done properly, it prevents database and server-side scripting errors from being seen — making it tough for developers to debug their applications! Remove or hide any Web or application server administration pages, scripts or documentation installed under your server’s Web root, and make sure to replace those default home pages.

• 1 Comment

Chkrootkit is a powerful tool to scan your Linux server for trojans. We’ll show you how to install it, scan your server and setup a daily automated scanning job that emails you the report.

Installing CHKROOTKIT

SSH as admin to your server. DO NOT use telnet, it should be disabled anyways.

#Change to root
su -

#Type the following
wget ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.tar.gz

# Check the MD5 SUM of the download for security:
ftp://ftp.pangeia.com.br/pub/seg/pac/chkrootkit.md5

md5sum chkrootkit.tar.gz

#Unpack the tarball using the command
tar xvzf chkrootkit.tar.gz

#Change to the directory it created
cd chkrootkit*

#Compile by typing
make sense

#To use chkrootkit, just type the command
./chkrootkit

#Everything it outputs should be ‘not found‘ or ‘not infected‘…

Important Note: If you see ‘Checking `bindshell’… INFECTED (PORTS: 465)’ read on.
I’m running PortSentry/klaxon. What’s wrong with the bindshell test?
If you’re running PortSentry/klaxon or another program that binds itself to unused ports probably chkrootkit will give you a false positive on the bindshell test (ports 114/tcp, 465/tcp, 511/tcp, 1008/tcp, 1524/tcp, 1999/tcp, 3879/tcp, 4369/tcp, 5665/tcp, 10008/tcp, 12321/tcp, 23132/tcp, 27374/tcp, 29364/tcp, 31336/tcp, 31337/tcp, 45454/tcp, 47017/tcp, 47889/tcp, 60001/tcp).

#Now,
cd ..
#Then remove the .gz file
rm chkrootkit.tar.gz

Daily Automated System Scan that emails you a report

While in SSH run the following:
pico /etc/cron.daily/chkrootkit.sh

Insert the following to the new file:
#!/bin/bash
cd /yourinstallpath/chkrootkit-0.42b/
./chkrootkit | mail -s “Daily chkrootkit from Servername” admin@youremail.com

Important:
1. Replace ‘yourinstallpath’ with the actual path to where you unpacked Chkrootkit.
2. Change ‘Servername’ to the server your running so you know where it’s coming from.
3. Change ‘admin@youremail.com’ to your actual email address where the script will mail you.

Now save the file in SSH:
Ctrl+X then type Y

Change the file permissions so we can run it
chmod 755 /etc/cron.daily/chkrootkit.sh

Now if you like you can run a test report manually in SSH to see how it looks.
cd /etc/cron.daily/

./chkrootkit.sh

You’ll now receive a nice email with the report! This will now happen everyday so you don’t have to run it manually.

• 0 Comments

Allowing the root user to login directly is a major security issue, we’ll show you how to disable it so you can still login as root but just not directly, reducing the security issue.

This will force a hacker to have to guess 2 seperate passwords to gain root access.
(you do have 2 seperate passwords for admin and root right?)
What happens is you’ll first need to login as your admin user in SSH, then switch to the super user with the su command to get root.

We also will be forcing the use of SSH protocol 2, which is a newer, more secure SSH protocol
Just a couple more ways to help your server stay safe from the bad guys. If you’re using cPanel make sure you add your admin user to the ‘wheel‘ group so that you will be able to ‘su -‘ to root, otherwise you may lock yourself out of root.

1. SSH into your server as ‘admin‘ and gain root access by su

2. Copy and paste this line to edit the file for SSH logins
pico -w /etc/ssh/sshd_config

3. Find the line
Protocol 2, 1

4. Uncomment it and change it to look like
Protocol 2

5. Next, find the line
PermitRootLogin yes

6. Uncomment it and make it look like PermitRootLogin no

7. Save the file Ctrl+X then Y then enter

8. Now you can restart SSH
/etc/rc.d/init.d/sshd restart

Now, no one will be able to login to root with out first loggin in as admin and ’su -’ to root, and you will be forcing the use of a more secure protocol. Just make sure you remember both passwords!

• 0 Comments