Ran into this issue after getting rid of the www-data user and group. The solution is simple and doesn't involve adding the account/group, assuming the objective is to run Lighttpd as a different user (not www-data). If the intention is to run Lighttpd with the www-data account, simply add the account. Otherwise, keep reading...
Continue reading Solution: chown: invalid user: www-data:www-data
For those who don't know, WordPress 2.9.1 was released a couple days ago. As a result, the "WordPress 2.9.1 is available! Please update now." nag is plastered at the top of the admin interface. Since installing yet another unnecessary WordPress plug-in for something so simple seems pointless, I came up with a quick and easy to implement WordPress hack. Don't even bother continuing unless you're comfortable editing a core WordPress file.
From: Rob Fuller
To: pen-test@securityfocus.com
Date: Sun, 27 Dec 2009 20:29:11 -0500
Subject: ShmooCon Slugs - Ride Sharing
The firewall policies on Nullamatix.com DROP invalid connection attempts. Specifically, if an attempt to start a new tcp connection is not a syn packet, the packet is rejected. This morning I noticed a few dropped connection attempts from an unusual source, The U.S. Department of Defense. Here are the logs:
Most spammers aren't clever enough to populate the REFERER header. This code snippet is not only extremely easy to implement, but pretty effective, too. Open up your themes functions.php and drop in the following:
After the Lighttpd mod security post and the DDoS attack that followed, I began working on a script that parses the Lighttpd server-error.log and inserts matched records into MySQL. The result? Check it out here: security.nullamatix.com Daily Security Reports. With the abundance of ideas I have for the project, it's far from complete, but definitely worth a beta release. Plans for the future include, but aren't limited to:
The attack started around 03:05:07 EST on Saturday, December 12th, 2009. As far as I know, the attack is still going on. My service provider has null routed the target IP (old IP for www.nullamatix.com), at least until the attack subsides. Fortunately, Nullamatix.com is back up and running as of 14:30:00 EST on Sunday, December 13th, 2009. Here are some details of the attack.
Long time Nullamatix readers know how much I love reviewing log files. Logs can provide detailed incite into not only the overall health of a system, but information one can use to mitigate the risks of automated attacks. In this post, I'll go over a couple ways to harden a PHP enabled web server and hopefully prevent: fx29id1.txt, id23.txt, id.txt, id1.txt, fxid.txt, one.txt, fx1.txt, and several other automated attacks from successfully exploiting common weaknesses.
Continue reading 529 Attacks in 9 Days: id1.txt, RFI, & More
