Tiberiu Bazavan
Tiberiu Bazavan - Tiberiu Adrian Bazavan - Adrian Bazavan - Bazavan Tiberiu Adrian - Bazavan Tiberiu - Bazavan Adrian
Sunday, April 20, 2008
Monday, February 25, 2008
Deny SSH attemnt to hack
yum install denyhosts
http://denyhosts.sourceforge.net/faq.html#1_1
When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the data collected and the files are in a human readable format, for each editing, if necessary.
DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).
When DenyHosts determines that a given host has attempted to login using a non-existent user account a configurable number of attempts (this is known as the DENY_THRESHOLD_INVALID), DenyHosts will add that host to the /etc/hosts.deny file. This will prevent that host from contacting your sshd server again.
The DENY_THRESHOLD_ROOT configuration value specifies the maximum acceptable times that the root user account can fail to login before being blocked. Typically this value is set lower than DENY_THRESHOLD_INVALID such that root level attackers are blocked earlier than other accounts. It is also a good practice to disable root logins within the sshd.conf file in conjunction with this setting. By doing so, no user can login to root@your-server and their host will be blocked from attacking other user accounts when the DENY_THRESHOLD_ROOT is reached.
The DENY_THRESHOLD_VALID configuration value specifies the maximum acceptable times a valid user (ie. a user that exists in /etc/passwd) can fail to login before being blocked. This parameter can be helpful for those with "fat fingers". Typically this value is set higher than DENY_THRESHOLD_INVALID.
Also, DenyHosts will note any successful logins that occurred by a host that has exceeded the deny_threshold. These are known as suspicious logins and should be investigated further by the system admin.http://denyhosts.sourceforge.net/faq.html#security
What steps can I take to make sshd more secure?
OpenSSH has many settings that can be adjusted in order to increase security. You may wish to refer to OpenSSH security websites or to the many books on the subject. However, here are some things that you may wish to consider based on my experience:
- Disable logins to root. This can be accomplished by setting the PermitRootLogin setting in the sshd_config file (typically, /etc/ssh/sshd_config).
PermitRootLogin no - Disable password logins entirely by editing the PasswordAuthentication setting. By doing so, each user with access to the server will need to create ssh keys (which is beyond the scope of this document).
PasswordAuthentication no - Run sshd on a different port. By default, sshd runs on port 22. Most sshd hackers will only attack port 22 so if you run sshd on a different port, the chances of being compromised are reduced dramatically. However, by running sshd on an alternate port requires each user to be aware of this (so if your server is accessed by many user accounts then this solution might not be feasible). To run sshd on an alternate port simply edit the sshd_config and set the Port setting appropriately:
Port 9922To access yourserver running on port 9922 you would connect using the -p command line option:
$ ssh -p 9922 yourserverAlternatively, you can edit your $HOME/.ssh/config file or your site-wide /etc/ssh/ssh_config file and add an entry similar to:
Host yourserver Port 9922 - Install DenyHosts!
Server Hacked
Usefull Linux Commands:
Find a file on a server:
Examples
find -name 'mypage.htm'
In the above command the system would search for any file named mypage.htm in the current directory and any subdirectory.
find / -name 'mypage.htm'
In the above example the system would search for any file named mypage.htm on the root and all subdirectories from the root.
find -name 'file*'
In the above example the system would search for any file beginning with file in the current directory and any subdirectory.
find -name '*' -size +1000k
In the above example the system would search for any file that is larger then 1000k.
Check to see what SSH commands was used on your server:
/root/.bash_history
=============================
How to extract the IP's from Linux logs.
============
if ($argc == 2 && file_exists($argv[1])) {
$file = file_get_contents($argv[1]);
$regex = '/([\d]{1,3}\.){3}[\d]{1,3}/';
$matches = array();
$num = preg_match_all($regex, $file, $matches);
fwrite(STDOUT, "Found " . $num . " matches:\n");
foreach($matches[0] as $match) {
fwrite(STDOUT, $match . "\n");
}
} else {
fwrite(STDOUT, "Please supply a file to process.\n");
}
exit(0);
?>
Save as 'find_ips.php', and run from the containing folder:
Typing in 'php find_ips ' and then dragging the text file to the Terminal window works great. You can pipe the results into another textfile:
====================
http://www.k6.ro/output.0.txt
Sunday, August 12, 2007
Tiberiu Bazavan
Tiberiu Bazavan afirmă că „pasiunea mea fața de internet este explicabilă, pentru că acesta furnizeaza unelte cu ajutorul cărora poți crea siteuri care pot avea un impact mondial la nivelul mediului online” . (Citat)
Anul 2003 se dovedește a fi o alta perioada de incercari, cand Tiberiu Bazavan inițiază pachete impresionante de proiecte, desfașurandu-și activitatea și ca freelancer și intrand in contact cu persoane importante: posesori de bănci, experți seo, experți publicitate, specialiști IT de renume. Parteneriatul România- Sua este insa întrerupt din motive de neconcordanța strategica și relaționala, însă Tiberiu Băzăvan dezvoltă o rețea de bloguri, peste 600 la număr, pe care mai târziu le va oferi spre vânzare prin rețeaua Sedo.com
X6.ro se pare că este cel mai important si de renume proiect al său. In februarie 2007 va pune bazele unuia dintre cele mai mari portaluri din Romania, folosindu-se de anii de experiența în mediul online internațional si de cunoștințele de promovare si strategie IT. Tot in anul 2007, lanseaza cea mai buna ofertă de publicitate online : K6.ro, care incă de la început se va număra printre cele mai profesionale firme de publicitate din România. Rompedia.ro si B6.ro – doua proiecte de succes în desfășurare, servicii ce oferă anunțuri gratuite online și cel mai mare portal de medicină din România.
Care este cheia succesului pentru Tiberiu Bazavan? Perseverența, abilitați de strategie si organizare, cunoștințe vaste în domeniul IT și de ce nu, X6 !?
La această biografie se va reveni periodic, deoarece Tiberiu Bazavan derulează în prezent o serie de proiecte.