Press "Enter" to skip to content

Month: August 2003

Techy: Handy Security Tips

August 9, 2003
6 Comments

If you have a new box you want to use for web hosting etc, then here are just a few of the things you can do to help make the box secure. This list is not comprehensive, nor do I take any responsibility for any harm that may come to your server if you use any of these commands. These are mainly “quick reference” commands in case I need them in a rush (for example: we’ve put a box online and need it at least “semi-secured” – we’ll spend a bit more time securing a box then just these commands, but they’re a good starting point)

Run commands as root/su:

Disable telnet
Modify /etc/xinetd.d/telnet (could also be /etc/xinetd.d/telnet and change disable=no to disable=yes

Disable code compilation
Add compiler group: /usr/sbin/groupadd compiler
Move to correct directory: cd /usr/bin
Make most common compilers part of the compiler group chgrp compiler *cc*
chgrp compiler *++*
chgrp compiler ld
chgrp compiler as

Set access on mysqlaccess chgrp root mysqlaccess
Set permissions chmod 750 *cc*
chmod 750 *++*
chmod 750 ld
chmod 750 as
chmod 755 mysqlaccess
To add users to the group, modify /etc/group and change compiler:x:123: to compiler:x:123:username1,username2 (‘123’ will be different on your installation)

Continue ReadingTechy: Handy Security Tips

Snippet: Smegging Brilliant

August 6, 2003
2 Comments

I’m just getting a few emails tricking through my mail system which indicates that my domain has been used in a “joe job” for sending spam. Basically, this means that a spammer has forged one of my domain names for sending out spam to people.

Damn.

If you’re not sure what a “joe job” is, have a look at the spam jargon file which defines it as:

To ‘joe’ someone is to forge e-mail messages or Usenet postings so as to make another person or domain appear responsible for it. Usually done in order to harass the person or domain being joed. Named for joes.com, an ISP which was damaged as a result of being joed.

At the moment I’m only getting vacation/auto-responder replies, but as soon as I get my hands on the spam and I’m able to trace it to the source…Grr….

Snippet: It’s 1.30am…

August 6, 2003
Leave a Comment

It’s 1.30am on the night of the hottest day of the year so far – so why on earth am I STILL working? I’ve handled around half a dozen technical support queries (most of them through our “Live Support service”), fixed a minor long standing bug in our helpdesk, checked settings in the billing system, rolled out Live Support to another site, have a “conference chat” with one of our suppliers and…

I’m a mug aren’t I? (and, no, not a cup of tea – mug such as “fool/loony”). I’ve got CODE to write AND blog entries to make (I’ve found a funny TV advertisement I want to blog about AND a new search engine which I quite like)…

Search: Choosing a good Search Engine Optimization Company

August 4, 2003
3 Comments

Huh, just came across something that slightly cheered me up. I just saw an advertisement (provided by Google Adsense: see top of the page) for a company offering one of the services I do for a job (search engine optimisation and placement). I went to their site to see how good they were (as I hadn’t heard of them before) and…

They’ve got a “Google PR” value of “0”, I can’t find their site on Google search for their company name (never a good sign) and finally some of the techniques they “suggest” are good for a site (such as “dynamic meta tags”) would, most likely, get your site banned from the search engine. A good SEO (search engine optimizer) will optimise a site in such a way that it’ll work as a “static site” OR dynamically driven (ok, some “hacks” may be needed to avoid query strings). I also checked their “recommend client” site: no optimisation (bar the “now-redundant” meta tags) and site can’t easily be found in Google!

Therefore, I’d like to suggest the following to anyone considering employing a search engine optimization company: First of all, can you easily find them in the search engines for a) their company name and b) one of their keyphrases (sometimes this is harder to figure out as it may not be easy to see what they are targeting).

Secondly: Do your research. If they suggest creating hidden pages/links, cloaking/fast redirects, duplicate pages (or anything else on Google’s “Do not do” list), then steer clear of them as the site could easily be reported for spam

Continue ReadingSearch: Choosing a good Search Engine Optimization Company