How to fix timthumb.php

You will get the update from the vendor If it is a paid theme, or you can do it manually
Go to your theme directory and find thumb.php / timethumb.php
Download following file and replace the code

http://timthumb.googlecode.com/svn/trunk/timthumb.php
Patch from woothemes : Download

#proxychains nmap google.com

How to install proxychains ?

#apt-get install proxychains

Proxychaiins configurations

Add Following line to /etc/proxychains.conf

socks4  127.0.0.1 9050

Now restart the proxy chains and use

how to test your current IP address ?

Open cmyip.com using elinks and proxy chain.

#proxychains elinks cmyip.com 

To know yor real IP address do the same command without proxy chains

#elinks cmyip.com 

By default Tor is not integrated in BackTrack 5. Why use Tor on Backtrack ? Normally Tor is used to protect the browsing security but Tor can be used for network scanning tools and other information gathering tools, in my next article i will explain how to configure Tor for console applications.

Follow the installation steps

Open /etc/apt/sources.list file and add following line

deb http://deb.torproject.org/torproject.org lucid main

Open command prompt and run follwing commands

gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
apt-get update
apt-get install tor tor-geoipdb
apt-get install privoxy

After installing Privoxy, Open /etc/privoxy/config and append follwing line

forward-socks4a / 127.0.0.1:9050 .

/etc/init.d/privoxy start

Configure your clients with Ip address 127.0.0.1 and port 8118

How to check

go to http://cmyip.com or  http://www.whatismyip.com to know your current Ip address

PSCP can run from the command line and has many options, which you can see via the –h option:

C:\>pscp -h
PuTTY Secure Copy client
Release 0.53b
Usage: pscp [options] [user@]host:source target
pscp [options] source [source...] [user@]host:target
pscp [options] -ls user@host:filespec
Options:
-p preserve file attributes
-q quiet, don’t show statistics
-r copy directories recursively
-v show verbose messages
-load sessname Load settings from saved session
-P port connect to specified port
-l user connect with specified username
-pw passw login with specified password
-1 -2 force use of particular SSH protocol version
-C enable compression
-i key private key file for authentication
-batch disable all interactive prompts
-unsafe allow server-side wildcards (DANGEROUS)

Here is a basic example of an user using PSCP to connect from Windows client to Linux server for transferring data to a specified path.

C:\>pscp -pw <password> -r -p <path of the file>  user@192.168.1.1:<path file to stored>

C:\>pscp -pw test -r -p "c:\New Folder\test.txt" sandeep@192.168.1.1:/home/sandeep/

In the above mentioned as we are providing the password its not a secure way of transferring file.  Here comes the use of authenticating with RSA keys.

Download PuTTygen and PSCP from here

Public Key Authentication With PSCP

Preliminary Setup

Setting up public key authentication to access a particular remote host is a one-time procedure. We will require PuTTYgen for this process.

Steps for Authentication using RSA

Download PuTTYgen on your Windows client machine and Generate a public/private key pair on the same.

Click the Generate button. You will be prompted to move the mouse over the blank area to generate some randomness. Do so. Shortly thereafter, the program will generate the key and display the result

Select all  of the text in the box labeled “Public key for pasting into OpenSSH authorized_keys file” (near the top of the window) by dragging the cursor. Right-click over the selection and choose Copy. Finally, click the “Save private key” button to save the private key to a file , lets save it as key.ppk

Install the public key on the remote host (here Linux Server) to which you want to connect. Paste the public key from the Clipboard into the the authorized_keys file of   the , which is located in the .ssh directory in your home directory on the remote host( If no such file is there we will have to manually create it). Figure 3 shows the vi editor being used for this purpose.

Repeat this procedure to install the same public key on as many additional remote hosts as you like.

Now to transfer files with basic public key authentication for file transfers with pscp.exe, use the -i flag on the command line and specify key.ppk as the flag’s argument

C:\>pscp -i <private key> <path of the file>  user@192.168.1.1:<path file to stored>

C:\>pscp -i "c:\New Folder\key.ppk" "c:\sandeep\test.txt"  sandeep@192.168.1.1:/home/sandeep/

“Did you see how will u look like in 20 years from now? lol —-> {bitly link }”

“ Hey!! is this photo urs? … OMG!!! —-> {bitly link }”

“ omg hahah have u seen this photo u got tagged in LOL —-> {bitly link }”

This messages are pop up with a bit.ly shortened url of  “http:// yaira .info” If you clicked any of the link it will ask for a facebook application access request. this is the last option to stay away from this kind of fake applications. If you click on “Don’t Allow” button, nothing will happen. Instead of that if you are clicking on “Allow” button it will grand the access to facebook chat.You can see the access type in the popup message. Here it is “Access Facebook Chat” Normally genuine applications will show the Icon and application name. Here the application name is “Check it”.

If you are permitted this Facebook application to access your Facebook chat, It will start spreading messages with infected links to your online friends.

There is an option to remove this Rogue application. By checking infected facebook accounts we come in a conclusion that this application is not retaining access. you can check it on your Privacy settings.

Go to “Accounts” > “Privacy Settings”

Find “Apps and Websites” in bottom and click on “Edit Your Settings”

Click on “Edit settings” Under “Apps you use”

Here you can see the applications retain access to your account

If you see an application named “Check it” Select “Remove app”

Also find and clean all applications which is not familiar.

First reboot the Machine

What you need to do is to get to the screen that allows you to select which kernel to boot.

set the arrows to select the kernel entry you want to modify.
press “e” to edit the entry
use the arrows to go to “kernel line”
press “e” to edit this entry

at the end of the line add the word

init=/bin/bash

press “ESC” to go back to the parent menu press “b” to boot this kernel

Your machine will now start the single user boot process.At this point all you need to do the following commands.

#mount -o remount,rw /
#passwd

If password command is not found.Type below details:

#mount -t <file system type:eg:-ext3> <device,:eg:-/dev/sda1> </usr>

Then type password command.

#passwd

You are successfully changed the password.

Now reboot

Now i am thinking why all this passwords!!!?

We already covered some topics in earlier articles some of them are linked here.

Here are some tips for servers hardening ( Some already mentioned in my previous posts)

1) Removing Unnecessary Software Packages (RPMs)

An administrator should be crystal clear about the primary function or role of the Linux server also should know what is on the server.Therefore, it is very critical to look at the default list of software packages and remove unneeded packages.

To get a list of all installed RPMs you can use the following command:

rpm -qa

Remove the unneeded packages from the list.

2) Disabling Run level System Services

In  Linux servers, some services are enabled to start at boot up by default.
it is safe to disable all services that are not needed as they are risks security and waste of hardware resources. Read more.

3) Reviewing Inittab and Boot Scripts

The inittab file /etc/inittab also describes which processes are started at bootup and during normal operation. For example, Oracle uses it to start cluster services at bootup. Therefore, it is recommended to ensure that all entries in /etc/inittab are legitimate in your environment.

I would at least remove the CTRL-ALT-DELETE trap entry to prevent accidental reboots:

The default runlevel should be set to 3 since in my opinion X11 (X Windows System) should not be running on a production server. In fact, it shouldn’t even be installed.

# grep ':initdefault' /etc/inittab
id:3:initdefault:

To have changes in /etc/inittab become effective immediately, you can run:

# init q

4) Securing SSH

Ssh is a great protocol and as it name stands for Secure SHell its secure but its prone to attacks with basic configuration. There are ways to make ssh even more secure than it is now.Read more

5) SSH login without passwords

Automated authentication onto server using RAS key authenticating mechanism . Read more

6) Kernel Tuning

Following are some tunable kernel parameters you can use to secure your Linux server against attacks .We need to add these entries inside /etc/sysctl.conf configuration file to make the change permanent after reboots.To activate the configured kernel parameters immediately at runtime, use:

#sysctl -p

Disable IP Source Routing

net.ipv4.conf.all.accept_source_route = 0

Disable ICMP Redirect Acceptance

net.ipv4.conf.all.accept_redirects = 0

Enable Ignoring Broadcasts Request

net.ipv4.icmp_echo_ignore_broadcasts = 1

Enable Bad Error Message Protection

net.ipv4.icmp_ignore_bogus_error_responses = 1

Enable Logging of Spoofed Packets, Source Routed Packets, Redirect Packets

net.ipv4.conf.all.log_martians = 1

The above mentioned are only few steps for harding . There are many more steps like providing strong password , locking user accounts after too many login failures , restricting use of previous used passwords , setting banners etc.

Hardening five or six servers can be done quite easily at a stretch but when the number of servers increases it just becomes tiresome and time consuming . So why don’t we think about a running a script that does all the hardening jobs and there wont be any waste of time. The script presented can be customized according to the requirement.

#!/bin/bash
chkconfig autofs off
chkconfig avahi-daemon off
chkconfig avahi-dnsconfd off
chkconfig bluetooth off
chkconfig conman off
chkconfig cups off
chkconfig dhcdbd off
chkconfig firstboot off
chkconfig gpm off
chkconfig haldaemon off
chkconfig isdn off
chkconfig iptables off
chkconfig ip6tables off
chkconfig irda off
chkconfig irqbalance off
chkconfig kdump off
chkconfig kudzu off
chkconfig mcstrans off
chkconfig microcode_ctl off
chkconfig multipathd off
chkconfig netconsole off
chkconfig netfs off
chkconfig netplugd off
chkconfig nfs off
chkconfig nfslock off
chkconfig nscd off
chkconfig pcscd off
chkconfig portmap off
chkconfig rdisc off
chkconfig rhnsd off
chkconfig restorecond off
chkconfig rpcgssd off
chkconfig rpcidmapd off
chkconfig rpcsvcgssd off
chkconfig sendmail off
chkconfig smartd off
chkconfig winbind off
chkconfig wpa_supplicant off
chkconfig xfs off
chkconfig ypbind off
chkconfig yum-updatesd off
chkconfig acpid on
chkconfig anacron on
chkconfig atd on
chkconfig cpuspeed on
chkconfig lvm2-monitor on
chkconfig messagebus on
chkconfig ntpd on
chkconfig network on
chkconfig oracle on
chkconfig oracleasm on
chkconfig readahead_early on
chkconfig readahead_later on
chkconfig syslog on
chkconfig sshd on
cat > /root/banner << EOF
|-----------------------------------------------------------------|
| This system is for the use of authorized users only. |
| Individuals using this computer system without authority, or in |
| excess of their authority, are subject to having all of their |
| activities on this system monitored and recorded by system |
| personnel. |
| |
| In the course of monitoring individuals improperly using this |
| system, or in the course of system maintenance, the activities |
| of authorized users may also be monitored. |
| |
| Anyone using this system expressly consents to such monitoring |
| and is advised that if such monitoring reveals possible |
| evidence of criminal activity, system personnel may provide the |
| evidence of such monitoring to law enforcement officials. |
|-----------------------------------------------------------------|
EOF
cat /root/banner
sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
sed -i 's/ca::ctrlaltdel:/#ca::ctrlaltdel:/g' /etc/inittab
echo PermitRootLogin no >> /etc/ssh/sshd_config
echo Banner /root/banner >> /etc/ssh/sshd_config
sed -i 's/#AllowTcpForwarding yes/AllowTcpForwarding no/g' /etc/ssh/sshd_config
sed -i 's/#X11Forwarding no/X11Forwarding no/g' /etc/ssh/sshd_config
sed -i 's/X11Forwarding yes/#X11Forwarding yes/g' /etc/ssh/sshd_config
sed -i 's/#StrictModes yes/StrictModes yes/g' /etc/ssh/sshd_config
sed -i 's/#IgnoreRhosts yes/IgnoreRhosts yes/g' /etc/ssh/sshd_config
sed -i 's/#HostbasedAuthentication no/HostbasedAuthentication no/g' /etc/ssh/sshd_config
sed -i 's/#RhostsRSAAuthentication no/RhostsRSAAuthentication no/g' /etc/ssh/sshd_config
service sshd restart
echo net.ipv4.conf.all.accept_source_route = 0 >> /etc/sysctl.conf
echo net.ipv4.conf.all.accept_redirects = 0 >> /etc/sysctl.conf
echo net.ipv4.icmp_echo_ignore_broadcasts = 1 >> /etc/sysctl.conf
echo net.ipv4.icmp_ignore_bogus_error_responses = 1 >> /etc/sysctl.conf
echo net.ipv4.conf.all.log_martians = 1 >> /etc/sysctl.conf
sysctl -p
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi

To avoid this to happen we need to edit  the inittab file /etc/inittab

The inittab file /etc/inittab  describes which processes are started at bootup and during normal operation also it tells  how the INIT process should set up the system in a certain run-level.

Open the file /etc/inittab in editor mode and search for the string

ca::ctrlaltdel:/sbin/shutdown -t3 -r now

comment this line to prevent accidental reboots.

#ca::ctrlaltdel:/sbin/shutdown -t3 -r now

To make the inittab changes effective immediately with out reeboting Linux execute the command

kill -HUP 1

This will restart the Linux master process (init) immediately to re-read modified inittab settings.

To list all the services that are started at boot up type command

chkconfig --list |grep on

We can see a quite a lot of services are enabled and disabled on the server for different run levels.

Some of the services like ( autofs,  avahi-daemon,  avahi-dnsconfd,  bluetooth,  conman,  cups,  dhcdbd,  firstboot,  gpm,   haldaemon,  isdn,  iptables,  ip6tables,  irda,  irqbalance,  kdump,  kudzu,  mcstrans,  microcode_ctl,  multipathd,  netconsole,  netfs,  netplugd,  nfs,   nfslock,  nscd,  pcscd,  rdisc,  rhnsd, restorecond,  rpcgssd,  rpcidmapd, rpcsvcgssd, sendmail,  smartd,  winbind,  wpa_supplicant,  xfs,   ypbind,  yum-updatesd) are not that necessary for the server  working. We can disable these services .

To permanently disable e.g. the runlevel service bluetooth, run:

chkconfig bluetooth off

To immediately disable the runlevel service bluetooth, run:

/etc/init.d/bluetooth stop