Remember. If you want your profile to be public here:
You need to go to Preferences->Profile and check "List this account in the directory".
Otherwise it won't show.
Seeing quite a few scans for /.aws/credential
Trying to get the keys used by the AWS CLI tool. Check your logs and that you do not have them exposed.
You do not want that surprise AWS bill because your account got compromised.
The unfamous user agent: Mozlila/5.0 (notice the typo, not Mozilla)
It is on everyone's web logs as part of many web attack campaigns.
Grep for it and you will confirm:
$ grep Mozlila /var/log/apache2/*log
$ grep Mozlila /var/log/nginx/*log
More details about it here:
We love some good ole fashion research. here is the start of a cool series @dcid and I are working on to better understand the TTPs being used by bad actors to attack WordPress in 2022..
Enjoy.. :) #security #wordpress
https://noc.org/articles/how-wordpress-gets-hacked-in-2022-initialrecon
@dcid interesting that port 53 is hardcoded. I vaguely remember using a rule like:
# iptables -A FORWARD -p udp --dport 53 -m length --length 512: -j DROP
(i.e block UDP packets > 512 bytes on port 53)
Nice @dcid builds on his remediation analysis and shows how a WordPress website was being used to DOS other sites https://noc.org/articles/php-backdoor-analysis-how-are-attackers-doing-ddos
A PHP backdoor on a compromised #WordPress site being used to start #DDoS attacks:
while(true)
{
$fp=fsockopen($trh2,$trp,$aaa1,$aaa2,1);
fwrite($fp,$spdat);
}
https://noc.org/articles/php-backdoor-analysis-how-are-attackers-doing-ddos
If you use Atlassian products, time to put on a helmet: https://www.theregister.com/2022/07/21/atlassian_critical_security_advisories/
published some notes about securing mastodon servers
#mastoadmin
Cool analysis by @dcid on a hacked web server that was being used by #wordpress to DDOS other sites... #security
https://trunc.org/learning/investigating-a-compromised-linode-server
Did you know that when your filesystem is full and nginx can't write to the log file, it will log that it was unable to log to the log file?
[alert] write() to "/var/log/nginx/access.log" failed (28: No space left on device) while logging request...
https://trunc.org/learning/everything-you-dont-need-to-know-about-nginx-error-logs
There are logs and there are LOGS (all uppercase).
Some logs can be noisy and pretty useless while others might indicate a serious issue that you have to respond right away.
Today critical log: PHP Fatal errors:
Been slowly crawling out of my cave, and can't think of someone better to chat with than my friend Jennifer Bourne about past experiences and current projects..
#startups #entrepreneur #entrepreneurship
Episode: https://jenniferbourn.com/podcast/prioritizing-what-matters-even-when-its-hard-with-tony-perez/
My main source of morning news ( https://news.ycombinator.com/ ) has been down since the morning.
5+ hours now.
Their IP is not even pinging, so it looks like the server is having a bad day...
Lesson of the day:
1- Never block one of the CDN IP addresses on your server.
https://search.noc.social should be back online properly now.
🤦 🤦 🤦
Heads up! #Microsoft is on track to ban all commercial activity by #FOSS projects on Microsoft Store in about a week! This is even worse than their (eventually repealed) 2011 ban on #copyleft for their app store! 😡️ We demand rollback of this new policy: https://sfconservancy.org/blog/2022/jul/07/microsoft-bans-commerical-open-source-in-app-store/
Analysis of a HTTP-based DDoS.
-7,000 different attacking IP addresses.
-20,000+ requests per second.
-DDoS-for-hire?
"Where do you see yourself in 5 years?"
submitted by omegaweaponzero
https://reddit.com/r/ProgrammerHumor/comments/vnmmuo/where_do_you_see_yourself_in_5_years/
Did you know that if you are using Signal to share a link with someone, it will use the "WhatsApp" user agent?
More on HTTP user agents here:
Founder of CleanBrowsing, Sucuri and OSSEC. Former VP Engineering, GoDaddy - CTO, Sucuri. Builder and breaker by heart...