If you use a Android Smartphone (other Mobile-OS same) you should take a minute to get back your privacy and security! This points helps to prevent, but there is no warranty for 100% protection! First every Smartphone offers a Factory Reset, search it on Settings and DO it! This prevent you from Firmware Spam by the Reseller! (Samsung, HTC..) Boot the Phone without inserting a SIM card, create a fake account to get Updates and Software over a PUBLIC WIFI Network (Coffee Shop, Freifunk) Install wanted Apps, then go to Settings now to accounts, PURGE the fake account. Disable / […]
Category: Security
Apache: Analyse Logs Spam Bots
If you admin a Apache Webserver, you see often weekly thousand of visits a day on your Blogs. Background: These are no real users, this visits are made by Spam Bots in my Logs like Xovi.de or xovibot.net Bots! On info pages this Company says Admins should disallow crawl by robots.txt, but they IGNORE the settings! This x-guys is in my opinion against German Law “Datenschutz”. "Mozilla/5.0 (compatible; XoviBot/2.0; +http://www.xovibot.net/)" Solution: On Linux Setup a Firewall like ufw and block these IP Ranges To find out the IPs do: $sudo cat /var/log/apache2/access.log|grep xovibot.net| awk '{ print $2 }' | sort | […]
WordPress: Secure Faster Effective Blogging
If you use WordPress or a other CMS for daily blogging, it’s useful to have a own User Acount on a PC. Advantages: Own Browser for Blogging with saved Passwords Own Link Bar for quick switching between the Social Media Platforms You won’t need to open Security Holes like API Software Interfaces for used Plugins Speeds up the WordPress Blog cause reduced Plugin loads You have the full control. cause most free API Plugins save your Passwords on foreign Servers One touch Bookmarks let you jump fast between the Social Media Platforms No Data are automatic transfered without your knowledge […]
WordPress: Change User Password manual on mysql prompt
If you don’t want to use Passwords generated by wordpress itself, you can do it manual on a MYSQL Console howto: Login to your Webserver with the Database via encrypted SSH!! Login to the MYSQL Server Conssole with $ mysql -u username -p Enter Password, and change database with mysql>use database-name-of-blog Now Set Password for the User mysql>UPDATE wp_users SET user_pass = MD5('NEWPASSWORD-16-DIGITS') WHERE user_login = "THEUSERNAME"; System shows Echo: mysql> ok.. Changed 1 Row.. Quit mysql> exit Logout of SSH
Password: Simple script generator on a linux console
If you need a password creator for your daily needs you can do this with a default tool called openssl / libressl and a small bash script: Howto: open a console open as user a editor like nano or vi with $nano pwcreate.sh insert this: #!/bin/sh /bin/bash -c "for i in {1..20}; do openssl rand -base64 32; done" exit 0 exit and save the script set it to runable with $chmod 755 pwcreate.sh test it.. with ./pwcreate.sh should echo like this: 6gUUuothdHwwaWHjA/UhyCiV3FWpPC1lBQTIY3IiQn8= ozqloLyWXQyBJlcVXPVLY2PBpRV04uVkWrP6c1epxCs= gjLE6MWeK+c6EBx1wV/uUxubtrLoeUpXb4GCIEQK3b8= X4RoYhASR6i4BfwDYoB2+/gNWY1P35MM6jJYaOEpV0M= dXoLBGrRC+oei6cm6N1bD8k/ntZi5grtKLEH6SytTXQ= 2DZ1yAi96xvGlHQLQoexUhPc2w1iIqoeVW8zHaMmsvU= Vmq4r5ZXC2EKu5Ze7SLBbKavpkLQC0RRrXEGlDmxfpY= FSXmp+cVKPvpq/JhyhuGHJ2ue3L6hLEcX6XfkUCrYqg= GvbWjPYvoOWJPOMOG6oihGFQv9wNgwZO2Go/ogJkmBM= z6P+VHsGBPKTpR6yzThKjyGVVwa/WWtuv/G/aO27bEM= qBozaA2PMMy+zhVrvUNVSbP2mg9KshsXYfTzuTvmlkI= ARYyGx2dE1yfPJydBlvaNXpKmRbZI7CHbcCPDHgTcNo= 7PrqMZqFJ7gqeGzWjdqFCdIHvnl3vgoYAxiL4wN2Jcw= q6Wwi1rG0j0WqXuUhdIpZ2C7BergeqSExDv87a/DIsw= d7R6nCuYo6lo+gFiwroaAeG5RxPxWrPDf8oJxv+toHU= 7EQZysp2leEqP6eDp8M6+DeT71gpyqYEiSzMvMLjMys= B7J3JdrDxFCW3rV09Ut+wLukVgSUk41SroBQTzrgirY= yXrgYLD2YK2DN+aZCF4N6WXO/IL5RC6JM2mxW3xAnbc= Wr/QF46wo5Dtobl5maojZc2jrF4bvO1sNWed8OpTsTc= […]
Security: Harden DSL Routers and Networks against attacks
Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points : Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…) You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy! Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control Reduce the count of devices who are connected direct to […]
Android: Remove builtin Bloatware without hacking rooting or root-firmware
Last Weeks i got a new Smartphone, it offered 8GB Rom for OS and Apps. Iam not a real fan of rooting, cause i didnt write/change the firmware, i found a other way to tune the System: Dont insert a SIM CARD! After first Boot DONT CREATE a Google Account! Then go i to Apps Manager at Settings and try to disable all unwanted Apps! By default the Manufacterer install a very small and Basic App-Links which is updated later by the Playstore to a newer and much bigger one! Most Apps are min 50%-80% bigger than the factory Apps. The disabling […]
Openwrt: Turn older Router into Wifi Accesspoint Repeater Extender Solar Powered
At the Summer Time you need perhaps a Wifi Extender for your Garden?? Solution: TP Link 841/N (low power/Battery 9V/Solar /Type-N-allows external planar Antennas!!), 3600+4300 (USB-NAS/CIFS/SFTP/Classroom Library with USB Strorage) Openwrt 15.XX Calmer as OS with Firewall, Webinterface and REALTIME Monitor for Traffic and Connections! Easy Setup, replace the OS by the TP-Link-Updater, reboot and Login to Openwrt You got professional Options! works as Firewall, Extender, Repeater, WIFI-to-WIFI Bridge, LAN-to-WIFI Bridge, NTP-Server, DNS/DHCP Server can isolate connected WIFI Clients can handle different WIFI SSIDs / Networks on same Hardware modded Hardware can be used with 5Volts of Power! (841 removed Resistor) […]
Ubuntu: Create USB Live System Stick for Live Mode or Emergency Help
For all Users, especially Newbies its VERY helpful to have a Rescue System on a USB Stick if a Major Update/Release Change fails or break the System. To this the Ubuntu-ON-RAM Live System is very useful at public shared PCs for Online Banking etc., cause after every reboot all old Firefox Data are safe deleted!! How to create this VERY helpful Tool Stick for free? All you need is the latest Ubuntu-ISO file (AMD64-15.04 – 64bit) a new 4/8GB USB Stick (take a good Brand! to get a high quality tool). Howto: Burn the ISO to DVD/CD (NON-Linux-PC) Boot your […]
Security: Webserver HTTPS with Self Signed Certificate Do it yourself in 5 Minutes!!
Today the Point of Security and encrypted Webserver Communication is rolling over every User who hosts own Websites on the Internet. Last decades HTTPS was only used by Online Login Pages like Shops and Banks to verify the Communication between a User PC and the Website. But after January 2015 the most Search Engines like google decides to force index of Websites with HTTPS Protocol. The Background is that a TLS encrypted Connection isn’t easy to track and to force “drive-by-load-Viruses” to the Website Visitors. But a lot of Webmasters of the Opensource Community were angry about this handling. Thats […]
Raspberry Pi: Howto build a Local Network Monitor for Intrusion Logging Watchdog
Today the count of network devices at home networks grows up weekly, cause more and more home devices like freezers, coffee engines, dishwasher and more got builtin wifi interfaces. To have a Control Unit you can use a raspberry pi2 as cheap Network Monitor Logger. The Raspian by default offers builtin free tools, like arp, arp-scan, nmap, ping to easy monitor a network. If you have learned some commands and the bash scripting you can fast create a Network Logger, perhaps with analyse tools to mail alerts if new “MAC” NIC Adresses are seen. Every network device uses a owned […]
Owncloud: Howto harden owncloud access with a ssh tunnel and squid
If you want to use a private secure owncloud (WebDAV Space Server) as Backup for all your devices you can harden the access thru a openssh Login with key auth and a squid as relay. Install apache2, php5, mysql-Server, openssh, squid3 config Apache2 to listen on https://localhost:443 setup squid3 and config the Proxy to listen only on localhost:3128 install owncloud to /var/WWW with forced “https” settings at the config.php create ssh-keys to auth with password protected key to the SSH Server If done, you can access the private Backup-Server via a Terminal/ Putty with the Tunneling Options $ssh -L 3128:localhost:3128 username@owncloudserver.home Open your Browser on your […]
DuckDuckgo: The alternate adfree Search Engine
If you dont like or trust the most known Search Engines on the Internet, then give duckduckgo a chance on your Desktop! Adfree Fast Secure Working like charme Clean Not “controlling” your mind by cookie calculation
Major Webserver Setup Rules: The “must” do!
If you want to setup a fresh secure Webserver then use this list dont ever upload data, files, images on the Webserver who are classified as “secret” setup daily full backup with Cron view daily the system logs, auth, www, errors … setup a local firewall with less opened ports 80,25 .. setup daily automatic updates by cron reduce the count of users who can login use no logical usernames force long passwords by rules min 15 digits setup a daily load monitor by “uptime” to log setup a realtime network monitor by “iftop” use “nmap” as local portscan to […]
Debian Ubuntu Laptop mods for SSD HDD and a full encrypted with luks
Major INFO 06-2015: Do not set tmpfs on ubuntu 15.XX or Systems with systemd!!! This block PC boot !! If you want to setup a Ubuntu/Debian Laptop with a full encrypted HDD use a “alternate” CD/DVD. After Setup you have to change some little Parameters to extend the lifecycle of the SSD Chips disable Swap if you have more than 4GB Ram enable a RAMDISK with tmpfs for logs, caches of Browsers install cpufrequtils for CPU freqscaling install laptop-mode-tools to set powersave mode for hardware modules install xbacklight to reduce backlight energy Steps: open a Console and change to root […]
Security Warning Sicherheitsproblem: Visa Card Model 2013 with RFID Chip
Sicherheitsproblem Visa Karte Modell 2013: Wie auch beim neuen Ausweis mit RFID Chip besitzt die neue Visa Karte einen Funkchip RFID der die Kartennummer per Funk zur Kassen senden kann. Grund wird eine Umstellung des Bezahlvorganges beim Einkauf sein, Missbrauch ist nun also per Hackersoftware und Smartphone denkbar! Quasi Taschendiebstahl auf 10Meter im vorbeigehen! Tip: Ausweise oder Ausweisbücher/mehrere Karten mit RFID in Alufolie einwickeln! Laut Gesetz liegt im Missbrauchsfall die Beweislast beim Kunden!!! Fachpresse: Link