similar to: firewall based antivirus/trojan blocking and intrusion detection [dnk]

Situation: We are providing hosting services. I've grown tired of the various kiddie scripts/dictionary attacks on various services. The latest has been against vsftpd, on systems that I can't easily control vs. putting strict limits on ssh. We simply have too many users entering from too many networks many with dynamic IP addresses. Enter.... thinking about LIDS or Log Based

Can anyone recommend a ssh bookmark manager for centos? Thanks! d

Good day..... This is a slightly older issue for me. In the past I had tried to install Samba on a centos 4.0 box, and the useradd tool on Centos 4 would not add the "$" character to the usernames being created. This showed up whenever a domain trust was trying to be established for a computer that was logging into the samba share for the first time. Maybe I messed something

Good day -- I am having a go at installing VMware on my centos 4.2 machine. I am going through the configuration script and I am getting to the part where I need the c headers for my kernel. What package do I need to install to make these available, and where are they installed to? I have been searching for this with little luck. Thanks in advance. Dustin

Hi there -- i am just looking for clarification on the yum "group install" option.... How can you tell what are valid groups? IE I found the below example on google: yum groupinstall "MySQL Database" I have heard references to doing things like: yum groupinstall "Development Tools" But to the point - is there a list of valid groups for install? ----------

Can anyone point me to a good one for use? It would be cool if it was from a repo for updates, etc. Thanks in advance! Dustin

On a previous thread I was working on a custom install disk that would boot directly into a vnc install - well I have the disk working exactly as I need it EXCEPT for 1 thing... the option to do a media check pops up... however as per my original email - there will be no keyboard/mouse/monitor attached during install... so I can not press the "skip" option. Now to get the VNC install to

Hi all.... I had posted hte following on teh centos forums, and thought there might be additional people in here who do not browse those forum, so after 4 days I am posting over here as well (sorry for the double - but figured after 4 days it was safe to do so). Hi there.... I am trying to make a custom centos server cd that will essentially do the following: throw the disk in, boot the machine,

Can someone please tell me what the name and or website of the open source realtime daemon or script is that automatically puts ip addresses in the hosts.deny file when servers are repeatedly probed for login/password pairs on ftp ports etc please? It was mentioned in the last year on this list if I remember right. I had bookmarked at one time and I cant seem to web search or find it otherwise.

just wanted to get some feedback from the community. Over the last few days I have noticed my web server and email box have attempted to ssh'd to using weird names like admin,appuser,nobody,etc.... None of these are valid users. I know that I can block sshd all together with iptables but that will not work for us. I did a little research on google and found programs like sshguard and

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root

NUT http://www.networkupstools.org/package/windows/NUT-Installer-2.6.5-6.msi listed as trojan: https://www.virustotal.com/en/file/e4c8cd86efe6ca897583ed223c0cc0ef4458581485d23616c37ede3858586245/analysis/1481844790/ It is listed as "probably harmless" so I guess it is a false positive? Nevertheless it is not nice to see. Regards, Lars. -------------- next part -------------- An HTML

On Thu, Apr 16, 2015 at 10:01 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > This morning I discovered this in my clamav report from one of our > imap servers: > > /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: > Unix.Trojan.MSShellcode-21 FOUND > > > I have looked at this script and it appears to be part of the nmap > distribution. It actually tests

[OT ALERT] On 17/04/15 02:28, Valeri Galtsev wrote: > clamav is a scanner that is designed to detect viruses (virii I should use > for plural as it is Latin word) I believe this 'rule' in English is misunderstood by many and as a general rule of thumb... tl;dr: Words from Old English that came into modern English, use 'Old English' pluralisation: eg, sheep, fish etc. words

On 17/04/15 12:31, Valeri Galtsev wrote: > But being not native > English speaker, I use it ("not native English speaker") Figured as much, which is why I mentioned it ;) > as an excuse for > being unable to pronounce anything. Not as if most English speakers can pronounce many English words.... ... ttfn :) P.

On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: > It is amazing how much one can cripple what another person said by > scissoring his phrases ;-) English people (excludes USA people) should always try to speak simple, jargon-free, easily understandable and logically expressed English especially when conversing with non-English people. I greatly admire the linguistic abilities of

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17/04/15 16:04, Valeri Galtsev wrote: > > On Fri, April 17, 2015 9:51 am, Always Learning wrote: >> >> On Fri, 2015-04-17 at 08:00 -0500, Valeri Galtsev wrote: >> >>> It is amazing how much one can cripple what another person said >>> by scissoring his phrases ;-) >> >> English people

A friend passed along this interesting link: http://incolumitas.com/2016/06/08/typosquatting-package-managers/ about the strategy of using "typosquatting" (packages with very similar names to existing packages) to trick users into downloading/installing packages with malicious code). They made fake trojans (with empty payloads) for Ruby, Python and NodeJS and experimented to see how

Hello, I have the following problem: I successfully installed R (Version 2.1.3.0 for Windows) on my Notebook (Windows 7) in June. Now I used the same setup file for a PC (Windows XP) and got a message from the anti virus software (Avira), that the setup file contains the Trojan "TR/ATRAPS.Gen". The PC is never connected to the internet, this is why the anti virus software has

On Sat, April 18, 2015 11:16, Jake Shipton wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 16/04/15 16:01, James B. Byrne wrote: >> This morning I discovered this in my clamav report from one of our >> imap servers: >> >> /usr/share/nmap/scripts/irc-unrealircd-backdoor.nse: >> Unix.Trojan.MSShellcode-21 FOUND >> >> >> I