Tiberiu Bazavan

2008-04-20T02:39:00.001-07:00

mysql restart si stop

/etc/init.d/mysqld stop
/etc/init.d/mysqld start

Deny SSH attemnt to hack

2008-02-25T22:37:00.000-08:00

you need to install denyhosts

yum install denyhosts

http://denyhosts.sourceforge.net/faq.html#1_1

When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the data collected and the files are in a human readable format, for each editing, if necessary.

DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).

When DenyHosts determines that a given host has attempted to login using a non-existent user account a configurable number of attempts (this is known as the DENY_THRESHOLD_INVALID), DenyHosts will add that host to the /etc/hosts.deny file. This will prevent that host from contacting your sshd server again.

The DENY_THRESHOLD_ROOT configuration value specifies the maximum acceptable times that the root user account can fail to login before being blocked. Typically this value is set lower than DENY_THRESHOLD_INVALID such that root level attackers are blocked earlier than other accounts. It is also a good practice to disable root logins within the sshd.conf file in conjunction with this setting. By doing so, no user can login to root@your-server and their host will be blocked from attacking other user accounts when the DENY_THRESHOLD_ROOT is reached.

The DENY_THRESHOLD_VALID configuration value specifies the maximum acceptable times a valid user (ie. a user that exists in /etc/passwd) can fail to login before being blocked. This parameter can be helpful for those with "fat fingers". Typically this value is set higher than DENY_THRESHOLD_INVALID.

Also, DenyHosts will note any successful logins that occurred by a host that has exceeded the deny_threshold. These are known as suspicious logins and should be investigated further by the system admin.

http://denyhosts.sourceforge.net/faq.html#security

What steps can I take to make sshd more secure?

OpenSSH has many settings that can be adjusted in order to increase security. You may wish to refer to OpenSSH security websites or to the many books on the subject. However, here are some things that you may wish to consider based on my experience:

Disable logins to root. This can be accomplished by setting the PermitRootLogin setting in the sshd_config file (typically, /etc/ssh/sshd_config).
PermitRootLogin no
Disable password logins entirely by editing the PasswordAuthentication setting. By doing so, each user with access to the server will need to create ssh keys (which is beyond the scope of this document).
PasswordAuthentication no
Run sshd on a different port. By default, sshd runs on port 22. Most sshd hackers will only attack port 22 so if you run sshd on a different port, the chances of being compromised are reduced dramatically. However, by running sshd on an alternate port requires each user to be aware of this (so if your server is accessed by many user accounts then this solution might not be feasible). To run sshd on an alternate port simply edit the sshd_config and set the Port setting appropriately:
Port 9922
To access yourserver running on port 9922 you would connect using the -p command line option:
$ ssh -p 9922 yourserver
Alternatively, you can edit your $HOME/.ssh/config file or your site-wide /etc/ssh/ssh_config file and add an entry similar to:

Host yourserver

Port 9922
Install DenyHosts!

Server Hacked

2008-02-25T21:16:00.000-08:00

I got my server hacked.

Usefull Linux Commands:

Find a file on a server:
Examples

find -name 'mypage.htm'

In the above command the system would search for any file named mypage.htm in the current directory and any subdirectory.

find / -name 'mypage.htm'

In the above example the system would search for any file named mypage.htm on the root and all subdirectories from the root.

find -name 'file*'

In the above example the system would search for any file beginning with file in the current directory and any subdirectory.

find -name '*' -size +1000k

In the above example the system would search for any file that is larger then 1000k.

Check to see what SSH commands was used on your server:

/root/.bash_history

=============================

How to extract the IP's from Linux logs.

============

#!/usr/bin/php

if ($argc == 2 && file_exists($argv[1])) {

$file = file_get_contents($argv[1]);
$regex = '/([\d]{1,3}\.){3}[\d]{1,3}/';

$matches = array();
$num = preg_match_all($regex, $file, $matches);

fwrite(STDOUT, "Found " . $num . " matches:\n");

foreach($matches[0] as $match) {
fwrite(STDOUT, $match . "\n");
}
} else {
fwrite(STDOUT, "Please supply a file to process.\n");
}

exit(0);
?>

Save as 'find_ips.php', and run from the containing folder:

php find_ips.php /absolute/path/to/text/file

Typing in 'php find_ips ' and then dragging the text file to the Terminal window works great. You can pipe the results into another textfile:

php find_ips.php /absolute/path/to/text/file > output.txt

====================

http://www.k6.ro/output.0.txt

Tiberiu Bazavan

2007-08-12T04:19:00.000-07:00

Tiberiu Bazavan, pe numele complet Tiberiu Adrian Băzăvan se naşte in Videle, judetul Teleorman la 21 ianuarie 1982 ca fiu al profesorului universitar Ion Băzăvan şi al profesoarei universitare Amalia Băzăvan. Din anul 2001 urmează cursurile universitare la Universitatea de Medicină, din Craiova, dar în anul II renunţă la cursuri și înfiinţează compania ZettWalls. Tiberiu Băzăvan realizează prima afacere importantă in anul 2002, cand stabilește un parteneriat de succes alaturi de un coechipier din Sua. Grație pasiunii pentru domeniul IT si pentru promovare SEO, încheie o serie de contracte de colaborare cu diverși experți si oameni de afaceri din Sua si Europa.
Tiberiu Bazavan afirmă că „pasiunea mea fața de internet este explicabilă, pentru că acesta furnizeaza unelte cu ajutorul cărora poți crea siteuri care pot avea un impact mondial la nivelul mediului online” . (Citat)
Anul 2003 se dovedește a fi o alta perioada de incercari, cand Tiberiu Bazavan inițiază pachete impresionante de proiecte, desfașurandu-și activitatea și ca freelancer și intrand in contact cu persoane importante: posesori de bănci, experți seo, experți publicitate, specialiști IT de renume. Parteneriatul România- Sua este insa întrerupt din motive de neconcordanța strategica și relaționala, însă Tiberiu Băzăvan dezvoltă o rețea de bloguri, peste 600 la număr, pe care mai târziu le va oferi spre vânzare prin rețeaua Sedo.com
X6.ro se pare că este cel mai important si de renume proiect al său. In februarie 2007 va pune bazele unuia dintre cele mai mari portaluri din Romania, folosindu-se de anii de experiența în mediul online internațional si de cunoștințele de promovare si strategie IT. Tot in anul 2007, lanseaza cea mai buna ofertă de publicitate online : K6.ro, care incă de la început se va număra printre cele mai profesionale firme de publicitate din România. Rompedia.ro si B6.ro – doua proiecte de succes în desfășurare, servicii ce oferă anunțuri gratuite online și cel mai mare portal de medicină din România.
Care este cheia succesului pentru Tiberiu Bazavan? Perseverența, abilitați de strategie si organizare, cunoștințe vaste în domeniul IT și de ce nu, X6 !?
La această biografie se va reveni periodic, deoarece Tiberiu Bazavan derulează în prezent o serie de proiecte.