Pinned post

Remember. If you want your profile to be public here:

noc.social/explore

You need to go to Preferences->Profile and check "List this account in the directory".

Otherwise it won't show.

Pinned post

My 7yo: "When I grow up, I want to be just like my daddy. He doesn't work and just spends his day at the computer doing nothing."

Seeing quite a few scans for /.aws/credential

Trying to get the keys used by the AWS CLI tool. Check your logs and that you do not have them exposed.

You do not want that surprise AWS bill because your account got compromised.

trunc.org/learning/aws-credent

The unfamous user agent: Mozlila/5.0 (notice the typo, not Mozilla)

It is on everyone's web logs as part of many web attack campaigns.

Grep for it and you will confirm:

$ grep Mozlila /var/log/apache2/*log

$ grep Mozlila /var/log/nginx/*log

More details about it here:

trunc.org/learning/the-mozlila

Daniel Cid boosted

We love some good ole fashion research. here is the start of a cool series @dcid and I are working on to better understand the TTPs being used by bad actors to attack WordPress in 2022..

Enjoy.. :)

noc.org/articles/how-wordpress

Daniel Cid boosted

@dcid interesting that port 53 is hardcoded. I vaguely remember using a rule like:

# iptables -A FORWARD -p udp --dport 53 -m length --length 512: -j DROP

(i.e block UDP packets > 512 bytes on port 53)

Daniel Cid boosted

Nice @dcid builds on his remediation analysis and shows how a WordPress website was being used to DOS other sites noc.org/articles/php-backdoor-

A PHP backdoor on a compromised site being used to start attacks:

while(true)
{
$fp=fsockopen($trh2,$trp,$aaa1,$aaa2,1);
fwrite($fp,$spdat);
}

noc.org/articles/php-backdoor-

Daniel Cid boosted
Daniel Cid boosted
Daniel Cid boosted

Did you know that when your filesystem is full and nginx can't write to the log file, it will log that it was unable to log to the log file?

[alert] write() to "/var/log/nginx/access.log" failed (28: No space left on device) while logging request...

trunc.org/learning/everything-

There are logs and there are LOGS (all uppercase).

Some logs can be noisy and pretty useless while others might indicate a serious issue that you have to respond right away.

Today critical log: PHP Fatal errors:

trunc.org/learning/php-fatal-e

Daniel Cid boosted

Been slowly crawling out of my cave, and can't think of someone better to chat with than my friend Jennifer Bourne about past experiences and current projects..

Episode: jenniferbourn.com/podcast/prio

My main source of morning news ( news.ycombinator.com/ ) has been down since the morning.

5+ hours now.

Their IP is not even pinging, so it looks like the server is having a bad day...

Now twitter is blocking "search.noc.social" from being shared there.

Just gives this random error of "something went wrong".

If it could not get any worse...

Lesson of the day:

1- Never block one of the CDN IP addresses on your server.

search.noc.social should be back online properly now.

🤦 🤦 🤦

Daniel Cid boosted

Heads up! #Microsoft is on track to ban all commercial activity by #FOSS projects on Microsoft Store in about a week! This is even worse than their (eventually repealed) 2011 ban on #copyleft for their app store! 😡️ We demand rollback of this new policy: sfconservancy.org/blog/2022/ju

Daniel Cid boosted

Analysis of a HTTP-based DDoS.

-7,000 different attacking IP addresses.

-20,000+ requests per second.

-DDoS-for-hire?

trunc.org/learning/http-flood-

Daniel Cid boosted

Did you know that if you are using Signal to share a link with someone, it will use the "WhatsApp" user agent?

More on HTTP user agents here:

trunc.org/learning/http-user-a

Show older
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.