Windows : How to enable ICMP echo request
As you might noticed on latest version of Windows, ICMP requests are blocked by default with the built-in firewall. Use this simple command to enable echo request : netsh firewall set icmpsetting 8 enable
Category Archives: Security
Web : Prevent image hot linking to your site
This article is about stopping theses sites who hot link your images, steal them and your bandwidth! I assume you are running Apache as Web server and have some basic knowledge of httpd.conf, htaccess and rewrite rules. You have two choice, either put the rules directly inside your httpd.conf vhost or inside an Apache configuration… Read More »
Qmail : HowTo generate a certificate for POP3-SSL and IMAP-SSL
This tutorial is about generating a SSL certificate to secure POP3 and IMAP communications between clients (MUA) and Qmail server (MTA). 1. Go to Qmail config directory : cd /var/qmail/control 2. Generate key : openssl genrsa -des3 -out servercert.key.enc 2048 3. Decrypt the key (get rid of the passphrase) : openssl rsa -in servercert.key.enc -out… Read More »
Linux : Automated login with SSH keys
There is a ton of reasons why you would use SSH keys to log into your Linux/Unix systems automatically : – Faster than entering password – More secure than password – Automate login for backup using Rsync – And a lot more ! Actually, this is pretty easy to do – so let’s start generating… Read More »
Apache : Unable to configure RSA server private key
Apache startup failed – look at /var/log/httpd/ssl_error_log and show the following error : Unable to configure RSA server private key SSL Library Error: x509 certificate routines:X509_check_private_key:key values mismatch The private key and the certificate do not match. You can compare the certificate and the key with the following commands : View the certificate modulus using… Read More »
Linux : TCP Treason uncloaked
If you see those dmesg output message, this mean that someone is attacking your server. Probably by sending fragmented packets. TCP: Treason uncloaked! Peer 0.0.0.0:00000/80 shrinks window 76154906:76154907. Repaired. This may be avoid by manually blocking this IP in IPtables or if this is a DDoS attack, automated script may be used. See above (use with… Read More »
Linux : How to block IP address with IPtables
Here is a quick how to block a specific IP address with the IPtables Linux firewall. Open the IPtables script : vi /etc/sysconfig/iptables To block INBOUND IP address, add the following : iptables -A INPUT -s 0.0.0.0 -j DROP To block OUTBOUND IP address : iptables -A OUTPUT -p tcp -d 0.0.0.0 -j DROP (replace… Read More »