Cybertool.mobi

Has it been 8  months since my last post?  Yeesh.  I need to get more simplistic when it comes to this whole blogging thing.

When I’m not working, reading, studying for exams, training for races, or plotting to save the world, apparently I’m writing PHP?  I know–scary thought for a server/network guy.  Just the same… Happy Gilmore was a hockey player, not a golfer.

I’ve updated the site to include a projects page, where my latest & greatest will be available for anyone who wants to check it out.

Speaking of which, I’ve recently built a mobile application called Cybertool.  It’s a collection of utilities that might help to diagnose and resolve network issues.  For a while, I’ve used a handful of different sites to fix DNS, mail, or firewall stuff.  Cybertool is an aggregate of those sites for your mobile device.  As an added bonus, there are tools like Cisco password decryption, a default passwords list, and a subnet calculator.  It’s still a work in progress, so there’s a small list of bugs to iron out yet, but I’ve worked really hard to make sure it’s invulnerable to XSS/SQL injection, and have hardened Apache (obviously from my previous post, as well as part II about mod_security which is coming soon).  All activity is logged and monitored, so don’t try anything funny!  It will get you banned faster than Paris Hilton at a spelling bee… faster than Kanye West at a charity event… you get the point.

Be sure to leave comments over at the Cybertool projects page.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Bullet-proof Apache: Nikto Security Scanner

apache

If you’ve ever been responsible for maintaining an Apache web server, you know how important security is.

Nikto provides an easy way to scan for known (and unknown) vulnerabilities within your Apache server.  Actually, it does a fairly comprehensive scan on over 200 web servers, not just Apache.  To run a security scan, download the tool, then extract the archive to the desired location.  To initiate a scan from the Nikto directory, type:

./nikto.pl -host [ip address]

Note: when specifying an IP address, make sure you use the external IP of your webserver, not the internal IP.

Here is what my results look like:

- Nikto v2.03/2.04
—————————————————————————
+ Target IP:          10.0.0.1
+ Target Hostname:    blurred for security
+ Target Port:        80
+ Start Time:         2009-01-26 16:44:36
—————————————————————————
+ Server: Apache
+ OSVDB-3092: GET /manual/ : Web server manual found.
+ OSVDB-3268: GET /manual/images/ : Directory indexing is enabled: /manual/images
+ OSVDB-3233: GET /icons/README : Apache default file found.
+ 3577 items checked: 3 item(s) reported on remote host
+ End Time:        2009-01-26 16:45:25 (49 seconds)
—————————————————————————
+ 1 host(s) tested

Test Options: -host 10.0.0.1
—————————————————————————

I would then look up the results and fix each issue until there have been no issues detected.  See the OSVDB-ID?  These IDs are found in the Open Source Vulnerability Database.  Each ID will contain a description, classification, and solution.

To aid in your research, I have created an OSVDB Firefox search plugin.  Install the plugin and then search for 3092, 3268, 3233, etc.

Hopefully this makes securing your web server quick & painless.

 

About Benjamin Perove

Benjamin has been associated with computer technology starting from a very early age, and has contributed to the success of many businesses and enterprises since 2001. He loves to crush pow at Keystone, play acoustic guitar, climb rocks, and ascend mountains on his road bike. Benjamin is an Avalanche fan and currently resides in Boulder, Colorado.

Add this site to your Firefox Search Bar

Twitter Updates


No public Twitter messages.

Recent Entries

Topics

Archives

This site is optimized for Firefox.