I don’t use Mac OS X, I’m I not cool?
How to secure server from SYN-flood attack using iptables
SYN-flood attack is commonly utilized as a mean to disrupt network communication and it is a form of (Distributed Denial-of-Service) DDOS attack. RFC4987 details common mitigation to deal with SYN-flood attack.
However in this post, I’m going to share you the method that I use to reduce the risk of SYN-flood attack from my department computers, with iptables
[bash]
/sbin/iptables -N syn-flood
/sbin/iptables -A syn-flood -m limit –limit 100/second –limit-burst 100 -j RETURN
/sbin/iptables -A syn-flood -j LOG –log-prefix "SYN-flood attempt: "
/sbin/iptables -A syn-flood -j DROP
[/bash]
RFC4987 suggests the use of SYN-cookie for added protection. You can enable SYN-cookie protection in Linux by running this command (as root):
[bash]
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
[/bash]
hope that helps…
Note: I’m not a full-time sysadmin as I’ve a different dayjob, but I was put incharged in securing part of my school’s computer network, so there.
Please update/patch and secure Litespeed web server
Due to the widespread of Litespeed 0-day attack which has affected local websites, it’s imperative for all sysadmin and website operator to patch/update and upgrade the security of the Litespeed web server.
This attack is dangerous particularly because the attacker can gain shell access with the same privileges of the web server or the user that runs the web server. Usually this allow the attacker to peek into database content and downloads it.
Patch now!, the security and privacy of your users are at the stake!
How to Enable Outgoing Keyserver port with iptables firewall
Keyserver is used for storing and distributing OpenGPG keys. The Ubuntu project also maintains its own keyserver ( http://keyserver.ubuntu.com ) for distributing public-key to users.
keyserver uses HKP Keyserver protocol which listens on port 11371
Here’s how to enable the keyserver port on iptables:
[bash]
iptables -A OUTPUT -p tcp -d <key server ip> –dport 11371 -j ACCEPT
[/bash]
Rant: About Starting up an E-commerce Site….
A bit of advice when starting up an e-commerce (especially storefront) site, please use proper e-commerce software for the job. Do not ‘force’ a general-purpose (CMS) to be an e-commerce site via plugins (or *cough* *cough* ‘component’), it’s gonna be a pain-in-the-ass to secure ’em.
So do yourself (and the sysadmin guys) a favor, use a proper e-commerce software platform or just turn to blogger.com for selling your stuffs…
How to convert AVI video files to Animated GIF using ffmpeg (in Linux)
Here is the command-line you can use to conver AVI video to Animated GIF, which then can be embedded in forum or profile signature.
ffmpeg -i video_original.avi gif_animation.gif
Note that ffmpeg must support the video encoding of the AVI file, (usually DiVX or XviD).