Categories
Vulnerability

I remove Google AdSense until Adobe Flash Player new version coming.

同一記事の日本語版
Update information      Edit(Feb.5)    Edit2(Feb.7)

   Hey guys! I remove Google AdSense until Adobe Flash Player new version coming. Google AdSense is nothing wrong. But it sometimes includes bad sites. At this time, I mean until CVE-2015-0313 fixed, it might have a site which is infected hxxp://www.retilio.com/skillt.swf, Trend Micro calls it SWF_EXPLOIT.MJST. This bad swf spreads rapidly through popular sites, for example, Dailymotion, etc.

   When Adobe Flash Player new version reaches to us, I’ll restore Google AdSense to my sites. m(_”_)m

Edit(Feb.5):
   Hi, they released Adobe Flash Player new version. Now (16:00JST), I’ve confirmed I have the new version 16.0.0.305 on my IE, FireFox and Google Chrome. I strongly recommend everybody updates to the new version immediately.

   I’ll restore Google AdSense to my sites within a few days.

Edit2(Feb.7):
   Google AdSense has been restored.

Categories
Vulnerability

ShellShock, shock shock shock!

同一記事の日本語版
Update information      Edit(Sep.30)    Edit2(Oct.6)

   Whew!!
   Have you coped with the threat from ShellShock, yet? My server is on Windows OS. Hence I think the vulnerability gives no effect to mine. But it’s a very serious one. NVD gave the impact score 10 to this. I have a CentOS 6.5 on my VMware, so I updated its bash to bash-4.1.2-15.el6_5.2.i686.

   If you still have the following messages after updating and doing env x='() { :;}; echo
vulnerable' bash -c "echo this is a test"
, your bash need more updating.
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for 'x'
this is a test

   I got the information form Masanari Iida’s comment on Red Hat Customer Portal.

   Several links which I am curious about, actually tons of articles about it on the Internet:

   By the way, I had the ShellShock attacks six times and blocked their IPs until yesterday, and today two more from other IPs until now on the Apache error log. I found that all of them my Apache returned HTTP Error Codes to.

Edit(Sep.30):
   On “Bash bug: apply Florian’s patch now” he said “I very strongly recommend manually deploying Florian’s patch unless your distro is already shipping it.” and how to check the patch applied or not.

   When you do foo='() { echo not patched; }' bash -c foo within the shell, the patch is already applied if you have “command not found”. If you have “not patched”, your bash is still vulnerable.

   On its comment vdp wrote “These ‘toughen the feature’ patches still feel quite scary.” and a suggestion. I agree with him.

Edit2Oct.6):
   Today, I’ve found this (Japanese).

   Woooo!
   It says that it’s not enough to check the bash by the code foo='() { echo not patched; }'
bash -c foo
. Nonetheless, they have less critical than CVE-2014-6271 or CVE-2014-7169. But still dangerous.

Categories
Uncategorized

CVE-2012-1823

同一記事の日本語版

   I watched “さくらのVPSに来る悪い人を観察する その2” and “SSH ハニーポットでの悪い人の観察“, then rolled on the floor, laughing. I first found this on “徳丸浩の日記” which reads the slide show is very interesting and very popular lately, so I went to the slide show to be sure it and agreed with it.

   The slide show is related to CVE-2012-1823. Actually, the attacks the slide#36 shows come everywhere whether the vulnerability exists or not. My server is no exception. I don’t create SSH server, and my PHP doesn’t have the vulnerability nor isn’t CGI version, so all attacks failed though.

   Ozuma5119 is a genuine white hacker. If you’re up for this topic, visit the linked sites though they are only in Japanese. Please use some translation services m(_”_)m.

Categories
everyday life

I can’t accept this is happening, but it is true.

同一記事の日本語版

   On December 20th, Reuters broke “Exclusive: Secret contract tied NSA and security industry pioneer“. On December 23rd, Mikko Hypponen wrote “An Open Letter to the Chiefs of EMC and RSA“.

   I can’t accept this is happening, but Mikko wrote such a letter shows us the article is almost true. For NSA, it might be their regular jobs. But for RSA, what a shame!! Of course, we should read not only Reuters side articles but also the opposite side ones like RSA RESPONSE TO MEDIA CLAIMS REGARDING NSA RELATIONSHIP.

   It is a sad fact that RSA’s credibility was destroyed.

Categories
WordPress

An access control after such a long time-#2.

同一記事の日本語版

   About seven months ago, I made an Apache extra conf file “access-denied.conf” like this. Today, I’ve modified it to control accesses to the directory “wp-admin”.

   I opened the access-denied.conf and changed the text like this.

Old:
<Files “wp-login.php”>
  Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> New: <Files "wp-login.php">   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> <Directory "drive_DC:/WEB/htdocs/wp-admin">  <<--- drive_DC:/WEB/htdocs/ is my DocumentRoot.   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name   <Files "wp-admin-ajax.php">     Require all granted   </Files> </Directory>    I excluded the file "admin-ajax.php" from this deny rule, because the plugins which use the Ajax features need it (Ref:「Re: WordPress使いならこれだけはやっておきたい本当のセキュリティ対策10項目」). Actually, I examined plugins on my WordPress, and found some of them used the hook wp_ajax_(action). So, I needed to exclude the file from the rule.

   The rule works well. (^^)

Categories
WordPress

An access control after such a long time.

   Today, I set an access control for my wp-login.php after such a long time. The reason why I want the AWStats everyday report except for the number of unauthorized accesses for the file wp-login.php.

   About this, I’ve not care for a long time. Because, my sever applications are nearly always up-to-date and its user is just me. But recently, I have a lot of unauthorized accesses for the file wp-login.php than before. I think that the number of them increased after I wrote the post “Snow falling on my blog.“. It is too much and so boring.

   I made a file access-denied.conf like the following and put it into my Apache extra-conf directory. The file also includes some IP addresses I want to deny. Now, it works. Great!!

<Files “wp-login.php”>
Require ip xxx.xxx.xxx.xxx/xx  <<— my local IP addresses
</Files>

<Directory “G:/WEB”>   <<— G:/WEB is my document root.
<RequireAll>
Require all granted   <<— I forget to write here, so added on Mar.1st.
Require not ip xxx.xxx.xxx.xxx/xx
Require not ip yyy.yyy.yyy.yyy/yy
</RequireAll>
</Directory>

Categories
everyday life

I met a deer.

   Recently, I often go swimming as I told before and drive a narrow mountain road to reach to my pool. Today, I met a deer on my way, when I went swimming as usual. Around 6:15p.m., but already dark. When it was suddenly caught in car headlights, I almost ran it down to death. It was for the first time for me to meet a deer on this mountain road. I sometimes see wild animals, for example, tamukis (タヌキ), itachis (イタチ). It is a pity itachis are very often run down to death because they are small and they have a habit of suddenly crossing a road. A deer, however, is a complete different story. If my car hit it, the car might be broken. When go swimming, I have no cellphone and almost no money. Besides, few houses are located along the route. I am horrified by thought of a car accident occurring.

   Oh, Deer! Please care of yourself, and, it will also guard me. (^^;)

   By the way, one of my friends told me his pc became infected by a one-click ware while his net surfing. I disabled its network, examined his pc, and found a malware which uses mshta.exe and HTA for the wrong purpose. It makes a popup windows every 5 minutes. I strongly recommended him to recovery the windows OS.
   Be that as it may, he needs to stop popups to rescue some data on the hard-drive. I deleted entries on the task scheduler and the msconfig startup. Popups stopped. But who knows about his pc is complete safe or not?!

   Dear friends, be a careful surfer!!

Categories
Uncategorized

A phpMyAdmin kit containing a backdoor??

   I added my new translation to the page “Kirin tidings“.

   By the way, have you read PMASA-2012-5, yet? They say that one server from the SourceForge.net mirror system, namely cdnetworks-kr-1, was distributing a phpMyAdmin kit containing a backdoor. They currently know only about phpMyAdmin-3.5.2.2-all-languages.zip being affected. If you use “phpMyAdmin”, please check its files out. If they include the file server_sync.php, you have a problem. See more information about it, here and here.