Microsoft oh why do you do it – Just STOP

Once again Microsoft cannot leave things alone.

Windows 8 – oh my gosh here we go again we have to learn a whole new way of doing things what crap!

As a server guy I have a lot of servers with self signed SSL Certificates.

Microsoft in their infinite wisdom has decided to issue a patch or update that now blocks all SSL Certificates of less than 512 bits.

My self signed Certificates use 2048 bit encryption but somehow in the patch/update Microsoft issued on or about 10/10/2012 they did not think to test the patch and it now blocks all self signed SSL certificates.

When I would go to one of my servers https:www.xyz.com I would receive the following error:

There is a problem with this website’s security certificate.

The browser would not let me select “Continue to this website (not recommended)”.

Normally the web browser would allow me to continue and I could even select to install the self signed Certificate if I chose too.  But alas after the Microsoft Update – no way, the browser would not allow me to continue no matter what I tried.  After searching I found the culprit in the form of a Microsoft update.

QUICK REMEDY:

LOCATE AND FIND UPDATE/PATCH KB2661254
RIP THIS OUT – or at least Un-Install it
Reboot the computer.
Things will go back to normal.

The quick remedy to solve this problem is to search for patch KB2661254 and rip this out, uninstall, reboot the computer and things will go back to normal.

I cannot stress it enough, eBay and Microsoft have to rank as the highest offenders by imposing their “improvements” on the general public when NO one asks for them.  How about giving us a better product with better security and functionality rather than window dressing.  You can paint a pig blue but it is still a pig.

 

 

Posted in Uncategorized

Virtual KVM or KM…

Once in a while someone creates something that is really cool and useful.  This can be said of Synergy

In their own words Synergy is…

Synergy lets you easily share your mouse and keyboard between multiple computers on your desk, and it’s Free and Open Source. Just move your mouse off the edge of one computer’s screen on to another. You can even share all of your clipboards. All you need is a network connection. Synergy is cross-platform (works on Windows, Mac OS X and Linux).

Coding Crew being a huge fan of the open source community always promots those that take the time to give to the rest of us.  Synergy is one of those products that really is useful and it is open source.  Being open source, we recommend that you make a donation to the authors to help them with their project.

Currently at one of our work areas we run a Quad monitor setup.

  • Dell Precision T7400 workstation, 64-bit OS, network connection, running on two bottom 24″ monitors
  • Dell Precision T5400 workstation, 64-bit OS, network connection, running on upper left 24″ monitor
  • Dell Precision T3400 workstation, 32-bit OS, network connection, running on upper right 24″ monitor
  • One Dell Keyboard
  • One Gearhead 2.4 Ghz Wireless Optical mouse.

We sought a solution to eliminate three keyboads and three mice in the work area and a standard KVM switch appeared that it might do the trick and just not use the video on the KVM switch.

Luckily before we bought a KVM switch someone introduced us to Synergy.  The T7400 and T5400 are running 64-Bit OS and the T3400 is running a 32-bit OS.  We down loaded the respective packages to each machine and configured them as per Synergy’s documentation.  Configuration was so easy you really don’t need documentation but being propeller heads we read the documentation anyway.

Once installed and configured we can now move between screens to change computer using the same mouse and keyboard for all three machines.

This Virtual KM package gets three thumbs up from us – Thank you Synergy

 

 

Posted in Uncategorized

Fenix TA21 – Flashlight

Another entry in our equipment reviews – the Fenix TA21 LED Flashlight.

For years starting in Law Enforcement we used Surefire Flashlights and Streamlight Flashlights – then like a Phenoix up from the ashes comes Fenix Flashlights.

Surefire for years had been the standard for pocket and tactical flashlights.  Another trademark of Surefire was that they were the most expsensive production flashlights on the market bar none.

Streamlight in my opinion has made the finest duty carry flashlight for years, a light by which all other duty carry flashlights can only strive measure up to and that is the SL-20X, aluminum bodies full size rechargable flashlight.

When you grab a SL-20X, you know you have a flashlight in your hands, it is incredibly solid with no ratteling parts or rotating parts.  Each time you press the ON switch the light produces a prefocused beam of blazing light.  The SL-20X is anodized aluminum and only comes in black.  With both a AC/DC charger sleve the light can be charged almost anywhere and always ready when needed.  The light itself is solid enough to be a formidable impact weapon which makes it ideal for use on patrol.

Maglite does not even compare to the SL-20X, the two are not the same caliber lights, they do not function the same and anyone who makes the comparison between the two has no practical street experiance using both lights.  I will not knock Maglite as they have a good product for the market they sell too but for a professional, the Maglite is not a logical option.  The one feature of the maglite that turns me off is the adjustable beam.  I have had many Maglites in my day and none of them ever maintains a focused bean unless you focus it each time you turn the light on.  When on patrol you need a light that is prefocused and precise each time you turn it on.  You don’t have time and it’s a safety issue to have to fiddle with the body and head to focus the beam.  Over time the Maglite also becomes lose and the threads on the focus head become lose and worn.  It is the incredibly sensitive focus head and its design that makes the Maglite a non-contender in our best equipment inventory.  In all my years of using flashlights I have never found the wide beam of the Maglite to be of any use.  The oversized rounded head of the Maglite also makes it much harder to hold when having to use the flashlight as an impact weapon and I don’t like the ON/OFF switch on the C cell and D cell size Maglite.

 

Features:

TA21

•  Cree XR-E LED (Q5) with lifespan of 50,000 hours
•  12 modes of output with mechanical revolving dimmer system (Patent)
•  12 modes of output with 2 x 3V CR123A batteries:
Mode I(4 Lumens, 170Hrs) ->
Mode II (18Lumens, 37Hrs) ->
Mode III (35Lumens, 18Hrs) ->
Mode IV (50Lumens, 12Hrs ) ->
Mode V (80Lumens, 7Hrs ) ->
Mode VI(120Lumens, 4Hrs) ->
Mode VII (160Lumens, 2.5Hrs) ->
Mode VIII (195Lumens, 2Hrs) ->
Mode IX (225Lumens, 1.5Hrs) ->
Mode X (230Lumens Strobe , 3Hrs) ->
Mode XI (18Lumens Flash, 370Hrs) ->
Mode XII (SOS, 30Hrs) ->Repeat Cycle
•  OP textured reflector, throws beam over 200 meters
•  Constant current circuit – maintains constant brightness
•  Powered by 2 x 3V CR123A Lithium batteries,or 1 x 3.7V 18650 Li-ion battery
•  168mm (Length) x 25.4mm (Diameter) x 39mm (Head)
•  168-gram weight (excluding batteries)
•  Reverse-polarity protection circuit board
•  Made of durable aircraft-grade aluminum
•  Premium Type III hard-anodized anti-abrasive finish
•  Waterproof to IPX-8 Standard
•  Toughened ultra-clear glass lens with anti-reflective coating
•  Tactical tailcap switch with momentary-on function
•  Anti-roll, slip-resistant body design
•  Included accessories: lanyard, body clip, two spare o-rings, and rubber switch boot

If you want to buy a Fenix, Surefire or Streamlight flashlight from an authorized dealer that can service any and all of your flashlight needs please visit Mike Green at The Army Store in Dallas, TX.  His website can be located here – The Army Store.

Posted in Uncategorized

AutoCAD Replacement

As a daily AutoCAD user I have come to learn how powerful AutoDesk’s AutoCAD really is and I have developed an appreciation for the program.  The one thing I hate about AutoCAD is that every year they come out with different versions which causes me to have to buy an upgrade or new package.  Most of the revision changes are not earth shattering and really do not warrant an upgrade, honestly most code enhancements should be provided free as patches and updates.

While I have several other CAD/CAM programs in my inventory, I use AutoCAD for a lot of work because I am comfortable with it and it is down and dirty easy to use.  I am a keyboard and mouse user, meaning that I drive much of the program from the keyboard as I find it to be just faster.

As stated above the problem I have with AutoCAD is that it is a per seat commercial license and that license is not cheap.  The yearly version upgrades are slightly discounted but the overall price is still pretty hefty.  On my personal computers such as my laptop and my home computers I have been looking for a CAD solution that is a bit more economical.

One of the most talented engineers I have met in my years of manufacturing called me the other day and told me to give DraftSight a GNU CAD program a try.

I can sum up DraftSight in one word – WOW!

DraftSight is a product of Dassault Systems – their web site can be found here – Dassault Systems

This CAD package is apples for apples the same as AutoCAD.  This package is GREAT, if you need a CAD package but do not want to use AutoCAD or want an alternative to AutoCAD give DraftSight a try.

The photo below does not do the package justice, but DraftSight has 99% of the same features as AutoCAD and for the average user DraftSight will work for most applications.

DraftSight has impressed me and I have begun to use it more and more as time goes on.  I flip flop between AutoCAD and DraftSight all the time to test the differences.

DS is avaliable for Windows, Mac and Linux

The standalone license does require activation before you can use the package.

# # #

Posted in Uncategorized

Photoshop Alternative

I was working on site the other day with my laptop and I needed to manipulate some photos I was taking.

On my work station at my office I have a licensed copy of Adobe Photoshop CS5, but I do not have a copy of CS5 on my laptop.

I called a friend and he suggested I try GIMP.

GIMP stands for GNU Image Manipulation Program.

This program is GREAT, it is right up there with Photoshop.  While Photoshop is the granddaddy of all photo manipulation programs on the commercial market the actual program itself is so powerful that many users will never fully utilize the capabilities of the commercial package.

So far in my testing GIMP has done everything that Photoshop does for me.

Some of the features of GIMP are:

Customizable Interfaces
Photo Enhancement
Digital Retouching
Hardware Support
File Formats
Cross Platform OS support, Linux, Windows and Mac

The program has the look and feel of photoshop so that users will not be lost when using the program.

GIMP works in LAYERS just as Photoshop, it allows for cropping, color changes, enhancements and full manipulation of all images.

If GIMP keeps pace with photoshop I might be done buying Photoshop.

GET IT HERE – GIMP

# # #

Posted in Uncategorized

Websites that we find interesting #1

In the daily course of our CodingCREW activities we come across websites we find interesting.

This week the two websites we like are:

www.25yearsofprogramming.com and www.shelldorado.com

25yearsofprogramming.com has lots of useful information that I would conuncil webmasters on about securing a web site.  The information on this web site is dead on accurate and we see no reason to reinvent the wheel when it has so clearly been illustrated here for all to read.

http://25yearsofprogramming.com/blog/20070705.htm – This page is dedicated to prevention from being hacked and what to do if you have been hacked.  There is a lot of information on this web site for those that use cPanel, since we do not spend a lot of time with cPanel we find this is wise counsel for those that might use cPanel.

The one statement I cannot stress enough is “Just keeping up to date has not always been enough to keep osCommerce secure.”  CodingCREW and its members have extensive experience in security and securing osCommerce and osCommerce core based shopping carts.  If you have an osCommerce “core” shopping cart you are all ready compromised and don’t know it or you will be compromised unless you have taken proactive countermeasures.  osCommerce and osCommerce core carts are fine products but they do require special security precautions and a proactive approach to security to keep them safe.

If you currently use osCommerce or a osCommerce “core” shopping cart and want the CodingCREW to review your installation for compromise or to review your security nexus, please contact us direct at info@codingcrew.com

Shelldorado.com is a web site we like strictly because we like the name.  A play on the word Eldorado, shelldorado is a great name.  Shelldorado also has some interesting information for Linux coders when it comes to using the command line.

The one page we find very interesting is this page, http://shelldorado.com/articles/mailattachments.html – it deals with sending emails and email attachments from the command line.  We find this information very useful.  We like the name Shelldorado, because it reminds us of one of the greatest movies in the John Wayne library Eldorado.  Eldorado is a good all around kid safe movie that is an icon of the Wayne legacy.

The CodingCREW

Posted in Uncategorized

cPanel & Addon Domains – “holy security risk Batman !!!”

The other day we were engaged to work on a dedicated box that had WHM & cPanel installed on it.  The box had been compromised and it was our job to plug the holes and clean up the box.  While it is well know that cPanel is a hugely popular website administration package my experience with cPanel has been somewhat limited because we work from the command line most of the time and have no real reason to use cPanel.

Facts we knew before taking on this project:
Box is a dedicated box set up as a standard LAMP server.
Box is hosted with a reputable host with fantastic and fanatical technical support.
Customer has one or more web sites compromised.
Customer has over 700 Top Level Domains on box.
Customer has CPanel and WHM (Web Hosting Manager) on the box.
A majority of the websites on the box are “Wordpress” blog, shopping carts and low “dynamic” sites.

We dug into the box we noticed there were several Top Level Domains TLDs set up in the home/ directory – nothing out of the ordinary here.  But – under the home/public_html/ directories of the TLDs we found literally hundreds of other TLDs each with their own respective “web directories” and their own /public_html/ directories – now this was unusual for sure.

A quick call to the customer and he says “oh yea, that’s how multiple domain accounts are set up on the server, they are added to the server as “addon” domains go to cPanel “help” and they tell you all about it.”

Thinking this was a really goofy way of setting up web sites we immediately felt this whole “website inside a website” situation might be one reason this server became compromised in the first place.  We had to educate ourselves about cPanel and their whole “addon” domain feature.

From the start we had feelings this whole “addon” domain scenario had to be a huge security risk.

A few “Google” searches and phone calls to other system administrators painted a clear picture that indeed this whole cPanel “addon” domain feature is a HUGE security risk.

cPanel and WHM are proprietary server/website administration tools and as such are paid for solutions.  Generally a host will provide cPanel with shared hosting account at little or no cost to the customer.  Reseller accounts and dedicated servers will usually offer the WHM option to administer the server and cPanel to administer the individual domains.  Resellers might find that the WHM option is an additional cost but dedicated servers will generally include the WHM bundled into the overall monthly hosting fee.

OK back to the “Shared,” hosting accounts with cPanel, many times people will purchase individual hosting accounts with a cPanel and will then either set themselves up as a “reseller” or offer the account for sale as a “reseller,” account.  cPanel was never intended to be a “reseller” account administration tool but because of the “addon” domain feature many people gloom onto these type of accounts and try to use them as resellers accounts or sell them as such.

Anytime you see hosting offered with “unlimited accounts” and/or “unlimited bandwidth” you have to stop and ask yourself – is this too good to be true?  eBay and the Internet abound with slick propaganda type advertising promising  “unlimited” hosting accounts on a non-dedicated server for next to nothing in price.

In short – if you have to ask…
then you need to proceed on with the task below illustrated in the photo.

Please do us all a favor and stick that knife right on in the outlet.
YES, unlimited accounts and/or unlimited bandwidth is too good to be true.

Many times these offerings of unlimited hosting accounts are nothing more than a hosting account on a shared server that has cPanel and the seller tells you that using the “addon” domain option is the way to set up your “unlimited accounts.”

The whole cPanel “addon,” domain option in our humble opinion should be scrapped.  What the “addon” domain option does is allows the account holder to set up a Top Level Domain (TLD) and then create individual additional TLDs inside of the first TLD.

While this concept might make sense from an organizational stand point, it creates a huge security risk for the TLD and all the “addon” domains.

One not accustomed to how a LAMP server works might think it was easier to group “like” domains for administration purposes not realizing the security risks.

If you set up three TLDs; 1)Beer.com 2)Cheese.com and 3)Bread.com

Then took all your other TLDs and put them under the “master” TLD as “addons” it might look like this.

Beer.com                            Cheese.com                       Bread.com
Ale.com                               Swiss.com                          Cornbread.com
Light.com                            Cheddar.com                     White.com
Dark.com                             Japoleno.com                    Wheat.com

The path of the beer.com website might be /home/beer/public_html/

In this example the path of the “addon” domains would look something like this…

ale.com would be /home/beer/public_html/ale/public_html
light.com would be /home/beer/public_html/light/public_html
dark.com would be /home/beer/public_html/dark/public_html

cheese.com would be /home/cheese/public_html/
swiss.com would be /home/cheese/public_html/swiss/public_html
and so on and on…

For brevity sake and the rest of this document we will deal only with the TLD of beer.com

Anyone security minded would notice the inherent flaw with the above outlined structure, which is EVERYTHING contained in the /public_html/ of the Top Level Domain of beer.com is exsposed to the Internet.

ANYTHING inside of the public_html/ folder is exposed to the public and Internet – hence the directory name of public_html/.  Because of the nature of the /public_html/ directory anyone can traverse the entire contents once inside of the first TLD.

If the TLD of beer.com or ANY other “addon” TLD under beer.com is compromised then all the other TLDs of light.com, dark.com and ale.com are also subject to compromise.

The above scenario is exactly what we found when we got inside this clients box.  The client had started out on a “shared” server with cPanel and was instructed to set up his additional “addon” TLDs under the primary TLD for the cPanel; then not knowing any better the customer continued this practice for years until he moved to a dedicated server as his business grew.

Upon moving to the dedicated server the customer did not know any better so he just used the WHM as an organization tool to set up the Primary TLDs and then populated all his other TLDs as “addon” domains under subject specific Primary TLDs.

This particular customer had set up their box with 5 “primary”, top level domains and 700 other TLDs set up as “addon” domains.

1.com – 100 “addon” domains
2.com – 65 “addon” domains
3.com – 90 “addon” domains
4.com – 223 “addon” domains
5.com – 222 “addon” domains

When we examined the box we found that 1.com and all 100 “addon” domains were compromised along with 3.com and its 90 “addon” domains, as well as a hand full of “addon” domains under other “primary” TLDs.

If one has availability of WHM it makes no sense to use “addon” domains via cPanel.  Take the time and set up individual TLDs using WHM – your box will be much more secure and you will not risk all your intellectual property by putting all your eggs in one basket.

In this posting we will not discuss the SEO and DNS issues associated with “addon” domains but if you Google “cPanel addon domains seo” you can find enough information on the subject to keep you reading for the next year or so.

To be blunt – if anyone uses the “addon” domain option for hosting serious websites in production environments then we don’t really care if you have good SEO or not because the whole “addon,” domain philosophy is probably how you run your entire operation and we hope you do not get more exposure.

It is only logical thought that if you put TLD home directories of TLD domains within the public_html of a “primary” TLD then you are basically creating an umbrella effect.  The apex of umbrella is the “primary” TLD and all the “addon” TLD’s are children under the umbrella of the “primary”.

cPanel is a mature package that has a long standing reputation of being one of the top tier website administration packages on the market and the concept of the “addon” domain option is easy to envision but in practical use, “addon” domains are a security risk to the entire security of the box.

Save yourself some headaches and trouble, do not allow “addon” domains to be part of your hosting services.

Posted in Uncategorized

Mobile SSH apps

Are you a System Administrator that needs to occasionally access boxes while on the go or are you just a user that needs SSH access from your web enabled celular phone?  Finding an SSH application that actually works that is ported for your mobile phone platform can be frustrating.  Because I have a background in Linux platforms I will discuss GNU/GPL options for SSH rather than commercial applications.

Keep in mind that NO SSH Application for a mobile phone will ever replace a physical terminal but there might be times you find yourself on the road or not near a termainal where you might need to log into a box and address something.  From time to time I visit my in-laws and they have dial up for their Internet so any solution I can find as an alternative to dial up is better and faster. 

We will address two smart phone platforms, RIM’s Blackberry and Android powered phones running the open source Android OS.

Let’s start off with the Grandaddy of them all Research In Motions Blackberry platform.

MidpSSH Mobile SSH Client for BlackBerry is the oldest of the SSH applications for the BlackBerry platform.

This SSH application is a bit clunky but works.  Download the app into your BlackBerry and set up your SSH connections to the boxes and that is about it.  This project is not as proactive as other open source projects and there are few new vevision or releases, but none-the-less, this application works.  It takes a bit of getting used to when you first use this application, so make sure you experiment with this application before you count on it in an emergency.  One of the problems with this application is that on most Linux boxes when working from the command line everything is case senstive.  MidpSSH does not handle typing very well as a system administrator would like.  When you type the application wants to capitalize the first character in the line each time you start a new line.  You have to type the character then backspace and type the character again, this way the character will stay lower case.

For those on non-touch screen BlackBerry’s the MidpSSH application may seem a bit “unfinished”, and un-refined.  The application has served us well in emergencies when we have had to log in to restart services or perform minor critical tasks.  There are more refined proprietary SSH applications such as Iconfident, NanoSSH and Rove Mobile but these are paid for solutions and the main focus of our post here is GNU open source SSH applications.

MidpSSH will store sessions for instant recall later, and it will store log in information for quick access.  Adjusting the font size is a bit quirky but can be done by altering the application settings.  Overall for a open source application to allow for periodic SSH into remote boxes we give MidpSSH our stamp of approval.

Android phones rule – open source means choice and flexability.  There is an SSH application for the Android phone that the CodingCREW highly recommends – connectbot.  connectbot is a great application, it is clean and works perfectly.  This application can be downloaded from the Android Market or you can review it on the connectbot website

 

connectbot website

connectbot is a dream come true.  We first tried connectbot in the cell phone store before we purchased an Android powered cell phone.  Right there in the store while talking to the salesman we downloaded connectbot and fired it up on the demo phone.  We came to the cell phone store prepared, we knew we wanted to look at Android powered cell phones with slide out qwerty keyboards running at the minimum Android “Cupcake,” OS.  We had a test box set up just for this test, after downloading connectbot hooked up right away on the first try. 

connectbot was at the top of the list in the Android market and with a click it was downloaded licky split into the phone.  Start the application and it is very easy to figure out how to set up with no need to review the instructions.  Enter a few settings and create your sessions then you are done.  The application is clean, easy to use and most importantly it is 100% functional – performing for us with zero problems.

Now we would not want to replace our laptops or dedicated terminals with this SSH application on a mobile phone but, there have been times when we have used connectbot for extented periods of time in remote locations to SSH in to a box and we have done some heavy maintinance directly from the phone using the slide out qwerty keyboard.

Honestly, connectbot has performed so well for us on the Android platform that we have not reviewed any other GNU applications for the Android OS, our thoughts are why mess with perfection?

What about iPhone?  The CodingCREW does not acknowledge the iPhone because until recently the iPhone was limited to the AT&T Network.  For those of you that don’t know (mostly those on networks other than AT&T), Consumer Reports lists AT&T as the worst carrier for 2010.  Those locked into AT&T contracts know first hand that AT&T is the worst carrier avaliable, those NOT locked into AT&T contracts, take our word for it, you are better off with the carrier you have. 

Now Verizon has the iPhone, and  there are SSH Apps for iPhone, but we will NOT review them here at this time.  Any tech that has worked with AT&T in any capacity knows what a challenge it is to get anything done when dealing with this corporate giant.  Call for DSL or ISP support and you get someone in India or some other nether region that is not even in the United States. 

What is good about AT&T? . . . in short, NOTHING, EXCEPT THE SERVICE PEOPLE IN THE FIELD.  We have met several AT&T service personnel that are hold overs from the “baby bell” days and let me tell you, these people are worth their weight in gold.  If you need serious DSL support with lines, settings, etc., I recommend you schedual a service call and talk to a service tech in person.  It is these over worked and forgotten foot soldiers in the trenches that have feet on the ground in your neighboorhoods and they are the only reason that AT&T is still a viable option for any service.  If AT&T can figure a way to outsource the local service people they will do it and it will be the end of AT&T.

Posted in Uncategorized

TOR Network – SysAdmin’s Nightmare

Have you heard of the TOR Project – probably not unless you are a paranoid conspiracy theorist with something to hide.  The TOR Project utilizes an “Onion Router” scheme to provide users anonymous web surfing.  TOR originally stood for “The Onion Router,” – in my opinion TOR is short for torment or torture for System Administrators.

We will NOT waste our time here outlining any of the so called “good things” about TOR or the “legitimate,” uses of TOR, what we will address is what TOR means to you as a System Administrator.  TOR dedicates 90% of their web site to crafty propaganda as to why TOR is a legimate project; but from our view point we cannot find the upside to anything as it relates to TOR.

TOR is a system administrators nightmare and should be viewed as a bonafida THREAT to any legitimate system administrator.  Because TOR obfuscates the IP Address of the web surfer it is nearly impossible to use an IP Address to differentiate between a legitimate web surfer and a hacker trying to crack your box.  TOR effectivly blocks any tracability or accountability when it comes to people using the TOR network of exit nodes.

Like any other onion, TOR will bring tears to your eyes if you are a system administrator
Tor is nothing but a conduit for criminals – delivering hackers to your front door with no warning.

The CodingCREW found out the hard way and the best advice we can give is to block all TOR nodes from your networks to be safe.  Boston University operates a TOR exit node and one of our customers recently was attacked and subsequently compromised by a hacker utilizing the Boston University TOR Node.  As system administrators we count on the help and professionalism of other system administrators to work in concert with us to ensure network safety for our networks and the public as a whole.  We never imagined that Boston University would openly support the criminal hacking of our networks, but that is exactally what happened.  When we contacted Boston Uiverstiy abuse and Incident Response Team we were informed it was not their problem they were a TOR exit node.  All we have to say about Boston University is that we never imagined that a institution of higher education would foster and enable criminals to prey on society through the Internet.

After suffering from a calculate and coordinated attack originating from multipul TOR nodes and after hours of SysAdmin time we became educated as to what exactaly the TOR Project is and how it works.  In a nut shell – the TOR Project allows criminals and hackers an avenue to surf the web in which it makes it almost impossibile for anyone to know who they are or where they originate from.  The perspective of the CodingCREW and all of our customers is; we cannot think of one legitimate reason why an individual would need to block their identity for legitimate and legal business on the Internet as it relates to our networks.  In as such, we found on the TOR Project website the only thing we think is worth while to publish; how to block all TOR Nodes from accessing our networks.

Burried way down deep in the TOR Project website are instructions for system administrators on how to block TOR Nodes from their networks “should they elect to do so.”  In our opinion the only thing worth reading on the TOR website is the section under “FAQ – Abuse” titled “I want to ban the Tor network from my service.”  TOR provides one sentence with two links to help you as a system administrator block TOR nodes from your network.  This information is critical to anyone serious about blocking TOR, HERE is a link to the TOR node IP Address list, and HERE is a link to information on how to block DNS-based TOR exit nodes.  The above listed links and information is the only information published by TOR that is worthy of republication on our networks.   

A TOR user can enter into the TOR network from Russia, Turkey or China and traverse the world only to  pop out from a TOR exit node that one would not normally suspect as a risk, or source of hacking and the TOR exit nodes allow this with no regard for responsibility and no accountability.  We feel that it is in our best interest to protect our networks from access by any and all TOR nodes.  TOR is nothing more than a conduit for which criminals can hide their identity to conduct their criminal activities.  There is much talk on the net about how TOR is a faviorate of child pornographers I wonder why?  I guess because TOR is a strictly volentary program that users have to make a concious knowing and educated decision to participate in the TOR Project, this means that Boston University supports the proliferation of child pornography because it is a known fact that TOR is widley used for such internet traffic.  Honestly, one needs to ask the question of whether Boston University is criminally liable for openly aiding and abetting criminals by allowing them to utilize universtiy resouces with no regard to the safety of the public at large.

Mark our words – if you don’t know about TOR and you don’t educate yourself to take the appropriate actions, you will find out about TOR the hard way as we did through a criminal attack.

Posted in Uncategorized

website-security.info – check it out.

Recently we had a customer that was the victim of an iframes attack.  The attacker placed some 4600+ files in the public_html/ directory and altered some 4600+ files within the public_html/ directory.  We wrote a script to delete all the injected files but that still left some 4600+ files that were altered by the cracker that needed to be tended to. 

Intial thought was to replace the altered files., but the attacker only appended two lines of code to each file that was altered.  Since only two lines of code were appended to the altered files I went on the hunt for  a script that could perform a “find and replace” on all the alterted files.  While searching for a script I ran across this nifty little site. www.website-security.info

These guys have a great little “find and replace”, script located here SCRIPT

Give these guys a look see, they also have a neat little script that checks for back doors called “Malicious Code Finder.”  The MCF can be found here SCRIPT

I ran the MCF on several boxes I admin and the results were very interesting to say the least.

Anyway, look these guys up, I recommend their site.

TagTech
CodingCREW.com

Posted in Uncategorized