Posted on

…and the winner is…

The DesktopLinux.com survey results about the most favored Linux Desktop solution were published today.

The big winners of the Destkop environment are:

– Distribution: Ubuntu

– Destkop: Gnome

– Browser: Firefox

The Ubuntu/Kubuntu and Firefox thingie were pretty sure to win, i am sort of surprised that Gnome outbeats the Windows Like KDE. Standard Ubuntu ships with Gnome – so i guess this is the reason why Gnome takes the lead….

Btw. my prefs are Ubuntu / Gnome / Firefox / Evolution (so pretty close to the winner)

Here is the raw data

Posted on

WP and permalink recovery

Just tried to play around with the permalink features of WordPress and immediately was kicked out with a 500… Since i have have never been in need of mod_rewrite i didnt realize that this feature was not available by my host provider (Strato)

So in case this should ever happen to you:

1. Remove the .htaccess file in your wp root

2. You will know regain access to your WP site, but all the links are still messed up

3. Login to the Administration panel and set the permalinks to default

4. Once you update the permalink setting, you will be kicked out again immediately

5. Leave the browser window with the error open and remove the newly generated .htacccess file again

6. Now reload the error page and you should be back to your default permalinks

Posted on

3 more days to FrOSCon…

bluefrog1.png

FrOSCon is a two day conference that is all about free and open source software. There is quite a resemblance to the LinuxTag but FrOSCon is targeted more around free and open source Software independent of the operating system its running on.

As it was to be expected, several Linux and six BSD project groups will be present…

Check out http://froscon.de/?L=1 for further information…

If we get wireless access at the convention, the first pics will be up on Saturday 🙂

Posted on

Windows + XAMPP + NOOB + WEB = *cough*

Note: The initial IP and Domain have been replaced by x.x.x.y in order to spare the shame and keeping anybody from doing something stupid 😉

Today i ran a routine check on my Apache logs….the same as usual…

[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/mysqladmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/db
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/dbadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/web
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin2
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpmyadmin1
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/myadmin
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.2.3
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.6
[Mon Aug 20 07:36:43 2007] [error] [client x.x.x.y] File does not exist: /var/www/phpMyAdmin-2.5.7-pl1

This goes on forever … big deal….

But the host was pretty aggressive so i decided to take a closer look:

traceroute x.x.x.y

….

7 somebody.something.net (bla.bla.bla.bla) 18.017 ms 17.852 ms 17.231 ms
8 somedomain.de (x.x.x.y) 16.701 ms 16.391 ms 16.322 ms

So i take a look at somedomain.de and find this:

lol1.jpg

Looks like someones Windows Server was compromised or so to say…. owned.

Conclusion: Dont use XAMMP on the web, it may be superb for testing your stuff before sending it to the real world but not meant to survive in hazardous environments, especially with Windows up your back…

The least thing you could do is make sure your webservices aren’t running on blank or default passwords!

Posted on

Password Security

One thing is certain – letting users pick their own passwords is a major security risk.

As an administrator you can simply test your passwords by running john the ripper over your passwords.

If john spits out passwords in single mode immediately this is an indication that your passwords suck!

This is where password generating tools come into play.

APG is a simple tool for random password generation. I recommend at least 8 characters for efficient passwords.

So here is an example on setting up a random 8-character password:

apg -m8 -x8

This will deliver a 8 charcter password. The m/x parameters indicate the minimum/maximum characters

If you want to make a password pronounceable (thus easier to remember):

apg -a1 -m8 -x8

User shell access

While checking your users passwords you might also consider checking if any users have shell access they dont even need.

You can list all users that have somesort of shell access by greping your passwd file:

cat /etc/passwd | grep -v /bin/false

Note: Some Services use /usr/sbin/nologin which is the same as /bin/false

Posted on

Chaos Communication Camp 2007: so far….

..so good.

Network performance is terrible and keeps on flooding. There seems to be a problem with spanning tree and various dhcp servers running within the network. The streams from both lecutre shelters are having some flaws but apart from that, the atmosphere so far has been great.

Meeting, talking and cooking with hackers from all over the world and the weather has been dry and very sunny.Parties are going on from dusk till dawn – it´s a small city that never sleeps.