Gospel. Culture. Technology. Music.

Tag: Security


Log4J, Apache and ModSecurity

(I’ll be updating this post as more rules are available to stop new vulnerabilities.)

Credit to Christian Folini at coreruleset.org for providing the rule.

A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.

Log4J, NGINX and ModSecurity

(I’ll be updating this post as more rules are available to stop new vulnerabilities.)

Credit to Christian Folini at coreruleset.org for providing the rule.

A major vulnerability has been discovered in Java web apps basic logging function called Log4J/Log4Shell. The best remedy for this is to update Log4j itself, or update the web app platform running Log4j with a newer version provided by the vendor. But that may take a while in many instances to fully implement.

Security Mashup: Four Steps to Secure WordPress

After working through a number of WordPress sites over the years and either preventing hack attempts or intervening in cleaning up hacked sites, I’ve “engineered” a free way to keep your site secure with the use of these plugins in conjunction:

  1. iQ Block Country: This plugin will prevent certain countries that you set from accessing either the front-end of your site, or (in the cases I use it for almost exclusively) the back-end. For the purposes of the sites I manage, I block all except the United States on the back-end and leave the front-end open to all.
  2. Jetpack: this is a great plugin to utilize anyway just for stats collection, image/CDN offloading, but included within this plugin is the ability to turn on brute force login protection. Another very helpful prevent if these other tools don’t catch something.
  3. WordFence: this free tool (that actually does have a subscription service for even better protection) is a web application firewall for use directly within WordPress. One of the big things it prevents are brute force login attacks, XSS attacks and SQL injection attacks, amongst others. Now, a web app firewall (like ModSecurity or some other hardware appliance like a Barricuda or Cisco firewall) in front of the application itself would work even better at preventing attacks before they even got to your WordPress site (if setup correctly), but can be quite advanced to install and configure. Regardless, this plugin is a great way to keep those kinds of attacks at bay.
  4. Invisible reCaptcha: this utilizes the newer version 3 of Google’s reCaptcha to prevent automated bots from either spamming the comment sections of your posts or pages or from brute force attempts to login to your site as admin.

None of these methods are fool proof from attacks getting through some other threat vector, but I’ve found this to catch quite a bit of junk on all the sites I’ve set them up on.

And one last thing: make sure and secure your site with SSL?!? 🙂

Optimal NGINX SSL Settings

Recently I embarked on finding the optimal NGINX SSL security settings and stumbled across this post: https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

For a number of reasons, it recommends disabling SSLv3 (as a result of its insecurity), settings AES256 as the standard cipher to utilize and a couple of other things that can prevent attacks. Good stuff to tighten up security on an NGINX SSL implementation.

Motorola NVG510: Flaky Security?

Apparently, after resetting the Motorola NVG510, it allows you right into the restricted areas without a password. Well, let me rephrase that in anecdotal terms. It let me in with no password. I was able to add NAT rules, change the wireless settings and number of other things. After a few minutes, it then locked me out and forced me to login. It’s been that way ever since fortunately, but why in the world would it allow me in without a password? And no, I didn’t have the password saved in my browser. On top of the connection issues I’ve experienced with this RG, the security issue described here adds one more layer of flakiness that deserves some attention. Anyone else out there experiencing this?

Our Computing Environment is Already Compromised

“The former cybersecurity director at DHS had some sobering words last week about the battle for cybersecurity. ‘We lost,’ the former director, now chief executive officer of NetWitness Corp., said at the Symantec Government Symposium in Washington. ‘We lost the cyber war over the last 15 years. Our computing environment is already compromised,’ and things are likely to get worse going forward because we do not really understand security. ‘We lack any meaningful metrics or measures to say how secure a system is.’ It no longer is true that the best minds are on the side of the hackers. The dark side of cyberspace has been co-opted by organized crime, entrepreneurs of questionable integrity and, possibly, terrorists. Much of the process of illegal hacking has been mechanized to the point that it involves automation, not innovation. Part of the problem was identified by the U.S. Computer Emergency Readiness Team director. ‘We lack a common language for discussing many of the elements of security. We need to reinvent not only how we do incident response, but how we talk about events,’ the director said at the symposium.”

A Certain Someone Got Schooled

Top Webcam Email Alerts

I’m a nerd. I’m not afraid to hide it, clearly. As a nerd, I love technology. I have a webcam setup at home for security reasons, pointed across my front yard to catch possible intruders that wish to invade my property or cause other harm. I have a threshold setup on the software I run along with my webcam that, when hit, sends an email attached with a picture (or series of pictures) to an offsite email account.

Most of the time, I just get cars passing by, lightning during a storm, really any kind of movement or light change that causes enough of a fluctuation to trigger a webcam picture alert. Sorting through the emails on partly cloudy days is not always fun and many times, I just delete them all because it is too many to sort through. However, there are some rare occasions that I actually get something good, funny, or odd. Here is a sample of some of the best shots from the past two years that I have kept:
This guy thought he might try and get into my garage and steal some junk in the middle of the night last year in June.

Apparently, it proved to be too much of a risk for him with the flood lights along with neighbors who are not afraid to use a gun. Good, please leave. Whew.

I’m pretty sure this jumping spider knew he would send off an email alert and intentionally walked across the viewing range of the webcam.

It really isn’t that uncommon to see people walking across the yard. You would be quite surprised to know how many neighbors do this during the middle of the day 🙂 Anyway, this guy caught my attention only because he looks exactly like my wife’s brother. It was just the electric meter guy though.

I thought this was a fascinating photo study in the custodial/lawn service arts.

Finally, these are two shots from last nights’ thunderstorm that I thought were pretty awesome.

——————————–
Updated at 2:00pm on 08/02/2008:

I almost forgot … though we live in the city, we apparently are still on a rural mail route (can’t figure that one out). As such, we receive our mail (I would guess) about every other day on average, from a guy in a jerry-rigged minivan. He drives the thing from the passenger seat. Yet the wheel still resides on the drivers side … and I assume he has pedals on the passenger side as well. I’m still trying to figure out how he drives the thing without easily running into stuff. Very interesting to say the least.

Powered by WordPress & Theme by Anders Norén