Unsure who is sending spam? Try this

Anyone who has hosted peoples websites before, has had  either a blog hacked, or some guy thinking he is going to send mass mailouts using PHP or similar happen. Its extremely hard to trackdown and deal with, and yet it can get your server listed at spam service denying legitimate email from getting through. This… Continue reading Unsure who is sending spam? Try this

Does your VPS have MD5 enabled for passwords?

We recently discovered that the way we install a VPS differs slightly from the usual CD install. This is not something we do specifically but something that can be improved on in the set-ups of CentOS5.3. When you install from a CD it automatically enables MD5 encryption in passwords (which should be the norm), however… Continue reading Does your VPS have MD5 enabled for passwords?

nginx hacking using proxy

It sucks getting hacked Every now and then servers get hacked. Often because of an exploitable webapp, or because (most commonly) a weak, easily guessable password was used on a well known user account (like 'root' or 'info' or 'test'). Once hackers gain access they often install some kind of malware. e.g. something that goes… Continue reading nginx hacking using proxy

Introduction to the new Linux Sysadmin

Recently we have had a few support requests come through from people who are new to Linux, and are unsure how to maintain a server at all. Package Management If your Linux distro is RedHat based (ie Centos, , then you will be using yum and RPM.   RPM is for doing individual package manipulation (installing,… Continue reading Introduction to the new Linux Sysadmin

Is your WordPress install exploitable?

WordPress is a great application.  e.g. we are using it here for this brand new blog. The irony is that the first post on this blog is a security alert on a WordPress exploit. There is a good summary of the issue at http://it.slashdot.org/story/09/08/12/1353211/WordPress-Exploit-Allows-Admin-Password-Reset Are you running WordPress?  We do not install it on accounts… Continue reading Is your WordPress install exploitable?