Category: Security Infos

mj12bot hammer mediawiki

Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with :   cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 69.30.198.186 144.76.60.198 40.121.210.108 5.189.152.91 5.9.66.153 69.30.198.242 69.30.205.218 81.109.126.245 192.99.10.47 If this doesn’t help the use “Apache AUTH Basic” to block unwanted access!! It’s easy to setup.

WordPress Gutenberg Editor fails on modsecurity2

If you use modsecurity2 Plugin Filter on a Apache2 / Apache24 Setup then on my Blogs Gutenberg fails to SAVE Pages and Drafts. Workaround: Install the old but useful “Classic Editor Plugin” and replace Gutenberg for all Users! Background: It seems the lastest stable mod_security2 Rules not modified for Gutenberg post urls!

5G Mobile Network opens Pandora’s Box

5G will it make possible to attack mobile Devices and Cars 10 times faster Users will not recognize attacks or uploaded data the wider data bandwith will it make possible to attack much more efficient Remark: checkout if you really need this mobile network, cause slower is sometime safer against automated tools slower mobile network is cheaper disable mobile data if not neeeded to stay hidden and offline, calls option is still working

Major Bug: UFW stopped thru logrotate

On Debian Sid i have seen that ufw service is stopped on logrotate!! Its a bad known bug! Workaround: Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2) Disable unneeded Services ! like Samba, FTP… move config from /etc/logrotate.d/ufw to /root/ to disable ufw logrotate !! edit /etc/ufw/ufw.conf set LOGLEVEL to “off” restart the Server and check open Ports next Days from outside with: $sudo nmap -PN my.server.com

Goodby Smartphones

Today iam going offline with any of my Smarthones for Testing. Why? all current Smartphones based on nonfree Hard and Software less patched Hackers can remote force install Trojans as Updates (especially Stores by gov order) non rooted devices are black boxes rooted Images or Tools as Workarounds are often not published in which way the System OS is broken down, Hackers don’t work nonprofit ! Linux Laptops usage is often easier and much safer, you have full control and can run security tools to monitor Apps for free do always call home at background can’t control active background jobs […]

Health Status Data on Cloud Services

From the current News we hear that insurances offers humans to save the complete health status at a Cloud based App. This is by DEFAULT insecure! Smartphones get less OS Security Updates by Manufacter Users do NOT know to handle Updates Users can’t update Firmwares by default Apps most located at App Stores (Google, Apple) App Stores Analyse downloads and usage of Apps, with this getting personal Data to SELL!! No Health Insurance knows to securing Data Pools especially Clouds !! No one will help Humans if Cloud App Keys abused and Data stolen Humans can be forces to offer […]

Android Hidden Location Tracker

If you use a Android device google can track you via scanned and known wifi Networks without any connection! Android scans your area, shops, stores for public wifi networks, via LTE / GSM the OS verify the Data online at Google. As Result Google Maps sends you Popups to VOTE the last visited Places at Google Maps. That’s all WITHOUT GPS and WIFI connected only LTE/GSM ! Purge Google Account! (disconnect!) and disable all unwanted Google Apps especially Uploaders (Backups) then go Android Settings -> Wifi -> Advanced Wifi Settings! Disable the “local wifi scan” option switch at Android! Remark: […]

Apache MEMCACHED UDP Protection

Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to localhost or socket Admins MUST setup a FIREWALL like “ufw” (iptables) and MUST check own Server for OPEN PORTS with nmap The Problem is that Attackers can run Scripts against to your Server in a 10^6 Range like a BOTNET !! with ONE PC cause […]

ENFORCE Google to DuckDuckgo SEARCH

If you want to enforce the use of DuckDuckgo.com instead of google.com do: Edit at the PC the “hosts” File on: Linux /etc/hosts Windows C:\Windows\System32\drivers\etc insert at last: 54.229.105.92 google.com #ip of duckduckgo or 176.34.131.233 54.229.105.203 google.com #ip of duckduckgo 176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233 176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233 ..reboot and test on a Browser Session after google.com you see duckduckgo.com Remark: Most DSL Routers do offer the edit of the hosts File too, do same there and ALL devices redirected! Don’t forget to reboot! This Solution works only on IPv4 Networks, to enforce the […]