Here’s a little how-to for dealing with “w00tw00t” scans on webservers. Laws Hosting already implements this procedure, but its nice to know.

You might see these scans in your logs as:

.. "GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1" 400 ...

Using Iptables

The quickest method of making sure it never reaches your webserver (and thus wasting resources like processor, disk space [log files], etc) is to use iptables, and it can be done with a one-liner like this:

iptables -I INPUT -d xxx.xxx.xxx.xxx -p tcp –dport 80 -m string –to 70 –algo bm –string ‘GET /w00tw00t.at.ISC.SANS.’ -j DROP

Simply replace xxx.xxx.xxx.xxx with the IP of your web server. If you want to use this for a range of IPs (ie., you’re using failover IPs to host web servers), simply replace the “-d xxx.xxx.xxx.xxx” portion with:

where start.xxx.xxx.xxx and end.xxx.xxx.xxx are the first and last IPs of your web servers respectively.

If you wish to have a fancier option, one where it will for example blacklist an IP for a certain period, etc., have a look at SpamCle@ner’s website.

They go deeper into this subject and have provided two scripts near the end of their article. Simply save one of these scripts in a file named, for example, /opt/blockw00t.sh and make it executable with:

You can run it manually with typing “/opt/blockwoot.sh” in the shell or to automatically load it at boot time you can add it to your /etc/rc.localfile, or on Debian/Ubuntu systems add it to your /etc/network/interfaces like so:

As you probably know, Laws Hosting is a Linux UK Web Hosting company. TheWHIR recently published an articled entitled the Key Benefits of Linux Hosting. It’s kind of a lengthy article, so I thought we’d breakdown the main benefits listed in a short list found below. Voile!

• The most important feature of Linux hosting is its flexibility;
• Cost effective;
• Extensible;
• Stability;
• Takes less CPU power to operate functions;
• Fast processing time.

Even if you don’t use Linux to run your desktop PC, you can certainly take advantage of Linux UK Web Hosting offered at Laws Hosting. The operating system that you use for your desktop PC should not impact your choice of web hosts. Linux web servers make hosting easy. The primary hosting tasks are almost identical for both Linux and Windows web servers, but the advantages found with Linux hosting are vast. Learn more about such advantages and more below.

A Brief Look at Linux

• Linux is a free, UNIX-based operating system. Unix is a computer operating system that is powerful, designed for multitasking and built to be used by a number of people at once.
• Linux is Open-Source. This pertains to a type of program whose source code is usually free and is readily available to anyone interested in using and/or working with the program.
• The Linux operating system is specifically praised for its functionality, adaptability and robustness.

What Is Linux Hosting?

A simple explanation is “web hosting on a Linux-based server allowing developers to create their site within the Linux Operating System”. A Linux server enables web developers to use popular and powerful open-source programs like PHP, MySQL, PostgreSQL, Python, Ruby, SSH and many more to build their site.

Do I Need to Know How to Use Linux to Use Laws Hosting’s Servers?

No. A benefit of hosting your site at Laws Hosting is that you get to experience all of the advantages of Linux Hosting (explained below), but you don’t necessarily need to know how to use Linux thanks to the DirectAdmin control panel. All of our web hosting accounts are managed with this award-winning control panel. DirectAdmin makes web hosting account management a breeze even for those who are brand new to the Linux server hosting environment.

Main Advantages of Linux Hosting From Laws Hosting

Since a server’s operating system controls the basic, vital functions of the server, it is important to be aware of the advantages one will experience when choosing a Linux host.

• In addition to the amazing hosting support that Laws Hosting customers receive from our staff, keep in mind that Linux has a huge, active network of helpful developers. Those hosting their sites in a Linux environment will have access to this invaluable support community. With such a large number of developers, Linux is a very progressive platform; new ideas emerge rapidly and more innovative work can be done within the community. The many advantages of Linux Hosting ultimately stem from this huge developer community.
• A Linux host is perfect for those looking for a developer friendly environment. Laws Hosting offers our customers support for the open-source tools, like PHP and Perl scripting, that are needed to create their sites.
• Linux hosting has a well earned reputation for stability and security. This can once again be attributed to the gigantic open-source community of developers, all of which work tirelessly to find, patch and fix any bugs that are discovered.
• Open Source software is generally free. This cost-effectiveness factor allows users to spend their available resources on activities like promoting their site or project instead of on costly software.
• Those hosting their sites on the Linux platform experience faster page loads and better performance. The speed and performance of Linux can actually be attributed to another key benefit, its flexibility. Linux is flexible in the sense that it is highly suited for fine-tuned, task-specific system configurations. This gives system administrators the ability to configure Linux servers to perform at an optimal level.

Everyone  seems to have to more passwords than close friends these days and the combinations of numbers and letters are already difficult to remember but now experts at the Georgia Tech Research Institute are suggesting anything less than 12 characters could be quickly cracked.

The issue is the additional computing now on offer, in particular the processing power of the chips now the norm on graphics cards.

The researchers have discovered that the number-crunching power of modern graphics cards could offer a new way of cracking passwords, with their power on par with multi-million dollar supercomputers built just a decade ago.

The research found seven character passwords ‘hopelessly inaccurate’ and with processing power increasing year on year, a combination of upper-case, lower-case, numerals and symbols in a 12 character password offered better protection.

Do you think passwords are becoming an unsafe security measure?

There is a hack in phpMyAdmin, we have seen various blogs and hosts in panic, thankfully Laws Hosting wasn’t affected as we take extra measures in the way we install phpMyAdmin on our servers.

What we heard is that the systems acted totally normal, except for the fact that it ran ssh brute force attacks against several randomly chosen remote servers. So what happened?

The attacker used a vulnerability in phpMyAdmin, which once had been installed, used one or two times, and then forgotten (version 2.10.xx or so..). Sadly enough, whoever installed phpMyAdmin did not remove the setup.php file (which you are encouraged to do in the readme). This setup.php was the attackers starting point. He/she injected a ssh client running as root in /tmp/dd_ssh that started about 100 child processes.

The cleanup was as follows:

• Removed phpMyAdmin
• Removed all suspicious files in /tmp
• Restarted the network interfaces
• Changed all user passwords
• Installed fail2ban
• Changed /tmp to be non-executable

Suggestions for today:

• Keep your phpMyAdmin up to date
• Search for installations on all your servers NOW!
• Do NOT install in a folder named “phpmyadmin”, “sqladmin” or similar. Use a non-guessable name.
• Protect it at least using htaccess
• Last but not least: if you can access your server via ssh, there’s no need for phpMyAdmin. Setup a ssh tunnel, use your favourite mySQL GUI, and bingo, you’re safe.

We advise our clients not to install their own phpMyAdmin on their domains, and just use our versions that we supply.

The .co domain has arrived!

Colossal new domain extension .co has just become available. The country code for Colombia, .co is also a great choice for company, commerce or community websites.

Demand for .co domains is sky high, but hopefully your preferred name is still available for registration. So don’t hang about, secure your .co – before someone else does.

Find your .co domain name now >