Category: Firewall

mj12bot hammer mediawiki

Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with :   cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 69.30.198.186 144.76.60.198 40.121.210.108 5.189.152.91 5.9.66.153 69.30.198.242 69.30.205.218 81.109.126.245 192.99.10.47 If this doesn’t help the use “Apache AUTH Basic” to block unwanted access!! It’s easy to setup.

Major Bug: UFW stopped thru logrotate

On Debian Sid i have seen that ufw service is stopped on logrotate!! Its a bad known bug! Workaround: Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2) Disable unneeded Services ! like Samba, FTP… move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !! edit /etc/ufw/ufw.conf set LOGLEVEL to “off” restart the Server and check open Ports next Days from outside with: $sudo nmap -PN my.server.com

Postfix: Automatic UFW Firewall Updates

If you use a Mail Server with Postfix you got daily Spam Attacks by Scripts: How to fix? Install ufw Firewall Run a Scanner Script as  cronjob On Debian/Ubuntu: Install ufw: sudo apt-get update && sudo apt-get install ufw && sudo ufw enable && sudo  ufw logging off Scan Script: sudo nano /home/user/firewall-update.sh: #!/bin/bash # scan rejected cat /var/log/mail.log | grep rejected | cut -d"[" -f3 | cut -d"]" -f1|grep -v '^$' > /tmp/firewall.txt # insert to Firewall while read line; do sudo ufw insert 1 deny from $line to any; done < /tmp/firewall.txt # scan "denied" cat /var/log/mail.log | […]

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the “WannaCry” Crypto Ware Howto protect yourself? Enable the Firewall on Windows Systems!! Always! Update daily the Virus Scanners and Windows Patches! Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol! Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense) Check with nmap Portscanner Tool the taken Rules and check if the work! For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa) For […]

Freifunk: Setup Router Software Bugfix

If you want to share Public Wifi at home for friends and you don’t want to share the Wifi Password, you can setup cheap a Public Openwrt Wifi Router as Access Point. Advantages: Public Setup needs no Wifi Password You are not responsible, cause the Internet is pulled thru a VPN of Freifunk Network It’s anonymous! It’s free of Charge! Supported by a big Community Can installed on very cheap old Routers like the TP-Link 841 (find the Singleband Router on Amaz or EbXX 12$ or Powerfull Dualband Router TP Link C7 at 50$) Can by used at EVERY Freifunk […]