little foxes at the keyboards little foxes making clicky-clacky little foxes on the servers little foxes all untame there's a black hat and a white hat and a grey one and fun for everyone! and they're all making clicky-clacky and they're all in your mainframe
So I'm tired of my goddamned WordPress blog (yep, this one) getting compromised and being used as a platform for spammers or phishers and so on.
Getting pwn't every so often is pretty much just a fact of using popular shrinkwrapware and being a lazy updater. But that's no reason to change our ways when we can just mitigate the damage - namely getting your web server's IP on to all those friendly RBLs and interrupting legit e-mail notification delivery.
The good news is you can use disable_functions in your php.ini to disable functions globally.
The bad news is you can't set disable_functions on a per-domain or vhost basis unless you're using FPM/suEXEC or the like.
The worse news is suhosin, a really sweet PHP security patch that I've written about before and which would give us the ability to do this has been abandoned for about two years now and there is no official support for php 5.4 and later.
You may have noticed a bitcoin miner chugging along on your Zimbra server.
Doing a little searching, it seems you're not cool if you haven't.
A serious vulnerability (CVE-2013-7091) in the administration web interface was patched with the release of version 8.0.6. It was subsequently discovered and a PoC was crafted then released by rubina119 and marketed as 0day. While there has been some argument over whether that stretches the definition, I'm sad to say it was 0dh3y enough for me and countless other lazy buggers that never update their Zimbra. Go team!
If you were like me, you might have seen something like this:
top - 17:56:57 up 93 days, 15:06, 1 user, load average: 6.09, 5.90, 5.87
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4489 zimbra 20 0 458m 2184 920 S 255.4 0.1 7731:52 minerd64
Check for any additional gifts that may have been left behind.
Obviously, you should have your admin interface listening on a private IP or restricted port wherever possible. Where it isn't, you might like to add some additional layer of security, for example HTTP auth.
This whole thing has me interested in Bitcoin mining again; I've got all sorts of servers that are mostly unused I'm not paying the hydro for. :p
At least we found something cute this time like hash crunching instead of something destructive like spamming or DoS. Right guys?
Having periodic connectivity issues and seeing this in your dmesg?
e1000e 0000:02:00.0: eth0: Detected Hardware Unit Hang:
MAC Status <80080783>
PHY Status <796d>
PHY 1000BASE-T Status <7800>
PHY Extended Status <3000>
PCI Status <10>
e1000e 0000:02:00.0: eth0: Reset adapter
e1000e: eth0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: Rx/Tx
This occurs during normal operation of some 82573-based NICs due to a problematic power saving feature. Fortunately, this can be fixed permanently by altering the NIC's EEPROM. If your card is affected you will see the value 0xDE in the second-last position of the second line when you run:
# ./fixeep-82573-dspd.sh eth0
eth0: is a "82573E Gigabit Ethernet Controller"
This fixup is applicable to your hardware
executing command: ethtool -E eth0 magic 0x108c8086 offset 0x1e value 0xdf
Change made. You *MUST* reboot your machine before changes take effect!
I'd often wondered why AjaxChat sometimes inserts an apparently invisible character that breaks links if one attempted to copy and paste them. Today I was able to select one while using Opera for debugging, thanks to the font it used not covering it. I wasn't really sure what to do with it at first, I don't have any character map-like tools installed and Google search didn't recognize it as a query. Eventually I noticed it was producing search suggestions and among them was ​.
The zero-width space (ZWSP) is a non-printing character used in computerized typesetting to indicate word boundaries to text processing systems when using scripts that do not use explicit spacing, or after characters (such as the slash) that are not followed by a visible space but after which there may nevertheless be a line break. Normally, it is not a visible separation, but it may expand in passages that are fully justified.
In computing and typesetting, a soft hyphen (U+00AD soft hyphen, HTML: ), also called a discretionary hyphen or optional hyphen, is a kind of hyphen used to specify a place in text where a hyphenated break is allowed without forcing a line break in an inconvenient place if the text is re-flowed. The soft hyphen's semantics and HTML implementation are in many ways similar to the zero-width space.
This is a significant step up from the drop-in kernels I have posted previously. Thanks to a massive cleanup this is the first Xen PV kernel I've been able to build with heap randomization and stack smashing protection. Other improvements include: