Category Archives: Security

Filtering/sanitizing IP addresses lists on command line

Sometimes You have to obtain via command line on a list of IP addresses and you need to be sure it will not contain any IP addresses assigned to the machine You’re working on – especially, when You’re planning to use this list during automated modification of firewall rules.

Outdated Joomla websites with JCE used to attack Beneficial Data Processing Corp and Regions Financial Corporation

Seeing requests to //tmp/wegh.php in Apache logs is probably not a good sign. Few days ago I wrote about how important paranoid firewall-output filtering is on a shared hosting server, today I’ll take a closer look on the next Joomla hack found active today. This time the “hacker” tried to attack the IP addresses 161.113.4.6 Read the full article…

Seeing strange UDP connections to 216.82.176.7?

Today the CSF firewall on one of our servers controlled by DirectAdmin started showing blocked outgoing UDP connections to 216.82.176.7 on ports 25, 80 and 443. kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 LEN=1421 TOS=0x00 PREC=0x00 TTL=64 ID=12594 \ DF PROTO=UDP SPT=39792 DPT=80 LEN=1401 kernel: Firewall: *UDP_OUT Blocked* IN= OUT=eth0 SRC=X.X.X.X \ DST=216.82.176.7 Read the full article…