Brute Force Attack cPanel

Check the logs: # nano /var/log messages PAM-hulk[13813]: Brute force detection active: 580 LOGIN DENIED Check cphulkd.log at /usr/local/cpanel/logs # nano /usr/local/cpanel/logs/login_log 72.177.xxx.xx – root [11/04/2014:05:48:13 -0000] "POST /login/?login_only=1 HTTP/1.1" DEFERRED LOGIN whostmgrd: brute force attempt (user root) has locked out IP 72.177.xxx.xx

Sandworm Vulnerability Affects All Microsoft Operating Systems

On Tuesday, October 14, 2014, iSIGHT Partners and Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all versions of Microsoft Windows and Windows Server 2008 and 2012. The vulnerability has been exploited in a small number of cyberespionage attacks against NATO, energy companies, a US academic organization and manyRead More…

Fail2Ban Setup on CentOS 6.6

Because fail2ban is not available from CentOS, we should start by downloading the EPEL repository: rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm Follow up by installing fail2ban: yum install fail2ban The default fail2ban configuration file is location at /etc/fail2ban/jail.conf. The configuration work should not be done in that file, however, and we should insteadRead More…

PCI-DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that ALL companies that process, store ortransmit credit card information maintain a secure environment. Essentially any merchant that has a Merchant ID (MID). General requirements for compliance Firewall Intrusion Drevention Systems Intrusion PreventionRead More…

Bash Code Injection Vulnerability (Shellshock)

Products Affected: Product/Channel Fixed in package Remediation details Red Hat Enterprise Linux 7 bash-4.2.45-5.el7_0.2 Red Hat Enterprise Linux Red Hat Enterprise Linux 6 bash-4.1.2-15.el6_5.1 Red Hat Enterprise Linux bash-4.1.2-15.el6_5.1.sjis.1 Red Hat Enterprise Linux bash-4.1.2-9.el6_2.1 Red Hat Enterprise Linux 6.2 AUS bash-4.1.2-15.el6_4.1 Red Hat Enterprise Linux 6.4 EUS Red Hat EnterpriseRead More…

How to Secure SSH with Google Authenticator’s Two-Factor Authentication

Source: http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/ Also, for CentOS: http://www.tecmint.com/ssh-two-factor-authentication/ Want to secure your SSH server with easy-to-use two-factor authentication? Google provides the necessary software to integrate Google Authenticator’s time-based one-time password (TOTP) system with your SSH server. You’ll have to enter the code from your phone when you connect.

Root Compromised

Check the server if it is root compromised. lsattr /usr/bin Root compromised output. All of those files are set to immutable and append only. That’s what the “ia” you see is. [root@mail ~]# lsattr /usr/bin s—ia——- /usr/bin/bzcmp s—ia——- /usr/bin/getkeycodes s—ia——- /usr/bin/enc2xs s—ia——- /usr/bin/mail-files s—ia——- /usr/bin/chage s—ia——- /usr/bin/mdeltree s—ia——- /usr/bin/nslookup s—ia——-Read More…