Here some IP’s of some Botnet Servers of mj12bot.com: the Botnet ignores robots.txt and hammers on Mediawiki’s! A sorted output of a Log done with : cat /var/log/apache2/other*.log|grep MJ | awk '{ print $2 }' | sort | uniq -c | sort -n Output for ufw Firewalls: 162.210.196.97 144.76.3.131 148.251.195.14 5.9.158.195 173.208.157.186 176.31.255.65 178.63.34.189 […]
Category: IT-Security
5G Mobile Network opens Pandora’s Box
5G will it make possible to attack mobile Devices and Cars 10 times faster Users will not recognize attacks or uploaded data the wider data bandwith will it make possible to attack much more efficient Remark: checkout if you really need this mobile network, cause slower is sometime safer against automated tools slower mobile network […]
Firefox Stop Home Calls
During my last Network Monitoring found out that MANY of “free” Software calls home permanent Article: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections .. if you want to be safe, block all OUTGOING Traffic by a Firewall or local DNS Server and use a Proxy with Auth Mechanism!
Major Bug: UFW stopped thru logrotate
On Debian Sid i have seen that ufw service is stopped on logrotate!! Its a bad known bug! Workaround: Set all Services like Dovecot, Postfix to listen on LOCALHOST (127.0.0.1) if not needed over Internet Enable ONLY encrypted AUTH (Login) to Postfix! (TLS 1.2) Disable unneeded Services ! like Samba, FTP… move config from /etc/logrotate.d/ufw […]
Goodby Smartphones
Today iam going offline with any of my Smarthones for Testing. Why? all current Smartphones based on nonfree Hard and Software less patched Hackers can remote force install Trojans as Updates (especially Stores by gov order) non rooted devices are black boxes rooted Images or Tools as Workarounds are often not published in which way […]
WordPress Bug Backdoor delete Files
Current a Major Bug is published up to WordPress lastest Release 4.9.6! The real Nonsense is that the WordPress Core Team did know it since Nov. 2017 !! And changes NOTHING! More Details here reported and a public review here
Health Status Data on Cloud Services
From the current News we hear that insurances offers humans to save the complete health status at a Cloud based App. This is by DEFAULT insecure! Smartphones get less OS Security Updates by Manufacter Users do NOT know to handle Updates Users can’t update Firmwares by default Apps most located at App Stores (Google, Apple) […]
Android Hidden Location Tracker
If you use a Android device google can track you via scanned and known wifi Networks without any connection! Android scans your area, shops, stores for public wifi networks, via LTE / GSM the OS verify the Data online at Google. As Result Google Maps sends you Popups to VOTE the last visited Places at […]
Social Media Giants Data Abuse
Today on Net News faces that Social Media Giants like facebook seems out of control, the new GDPR DSGVO won’t stop them printing gold by data abuse. Time to disconnect.. or replace your apps and Internet foot prints..
Apache MEMCACHED UDP Protection
Current a lot of sites blogging about memcached attacks on Servers here some details: Memcached Servers need a installed and running Service called “memcached” Websites need a php-plugin like php7.0-memcached to connect via API to the memcached Service The Memcached Service uses a own Config File at debian /etc/memcached.conf By default it MUST listen to […]
ENFORCE Google to DuckDuckgo SEARCH
If you want to enforce the use of DuckDuckgo.com instead of google.com do: Edit at the PC the “hosts” File on: Linux /etc/hosts Windows C:\Windows\System32\drivers\etc insert at last: 54.229.105.92 google.com #ip of duckduckgo or 176.34.131.233 54.229.105.203 google.com #ip of duckduckgo 176.34.131.233 bing.com #ip of duckduckgo or 176.34.131.233 176.34.131.233 yahoo.com #ip of duckduckgo or 176.34.131.233 ..reboot […]
Nextcloud Owncloud Opensource Risk’s
If you are current using Nextcloud / Owncloud or other PHP-Kits for File Handling you should know these remarks: Based on this Article You must know: Details of Security about your current used PHP Versions (7.X) Details of your used Database Version (MySQL..) Details of hardened OS and Webserver Version (Apache,Firewall,fail2ban,file policys, selinux, apparmor filter) […]