Home Blog Page 9

Mod_Security A Protection For Apache


What is Mod_Security?

ModSecurity is an embeddable web application firewall. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with no changes to existing infrastructure.

It is an open source project that aims to make the web application firewall technology available to everyone.


Detect requests by malicious automated programs such as robots, crawlers and security scanners
Protects against SQL injection and Blind SQL injection.
Blocks Cross Site Scripting (XSS).
OS Command Injection and remote command access.
File name injection.
ColdFusion, PHP and ASP injection.
E-Mail Injection
HTTP Response Splitting.
Universal PDF XSS.
Trojans & Backdoors Detection

How To Install:-

1. Login to your server as a root user.

2. Now, get the full download of the latest version of mod_security by following command

wget http://www.modsecurity.org/download/modsecurity-apache_2.6.2.tar.gz

3. Next we unzip the archive and navigate into the directory

tar zxvf modsecurity-apache_2.6.2.tar.gz

cd modsecurity-apache_2.6.2/

4. Now you need to determine which version of Apache you use:
APACHE 1.3.x users

cd apache1/

APACHE 2.x users

cd apache2/

5. Lets Compile the module now:

/usr/local/apache/bin/apxs -cia mod_security.c

6. Ok, now its time to edit the httpd conf file.

But then, First we will make a backup just in case something goes wrong (“PRECAUTION” is better than “CURE”). And also get the assistance of senior admins in case if you are not confident while setting the various parameters for server.

cp /usr/local/apache/conf/httpd.conf /usr/local/apache/conf/httpd.conf.backup

7. Now that we have backed it all up, we can edit the httpd.conf. Replace pico with nano depending on what you have by below mentioned command

ln -s /usr/bin/nano /usr/bin/pico

so that you can edit the file by pico
Or else you can go with vi editor

vi /usr/local/apache/conf/httpd.conf

8. Lets look for something in the config, do this by holding control and pressing W and you are going to search for

(although any of the IfModules would work fine)

9. Now add this

# Turn the filtering engine On or Off
SecFilterEngine On

# Change Server: string
SecServerSignature ” ”

# Make sure that URL encoding is valid
SecFilterCheckURLEncoding On

# This setting should be set to On only if the Web site is
# using the Unicode encoding. Otherwise it may interfere with
# the normal Web site operation.
SecFilterCheckUnicodeEncoding Off

# Only allow bytes from this range
SecFilterForceByteRange 1 255

# The audit engine works independently and
# can be turned On of Off on the per-server or
# on the per-directory basis. “On” will log everything,
# “DynamicOrRelevant” will log dynamic requests or violations,
# and “RelevantOnly” will only log policy violations
SecAuditEngine RelevantOnly

# The name of the audit log file
SecAuditLog /var/log/httpd/audit_log

# Should mod_security inspect POST payloads
SecFilterScanPOST On

# Action to take by default
SecFilterDefaultAction “deny,log,status:500″

# Require HTTP_USER_AGENT and HTTP_HOST in all requests
SecFilterSelective “HTTP_USER_AGENT|HTTP_HOST” “^$”

# Prevent path traversal (..) attacks
SecFilter “../”

# Weaker XSS protection but allows common HTML tags
SecFilter “<[[:space:]]*script” # Prevent XSS atacks (HTML/Javascript injection) SecFilter “<(.|n)+>”

# Very crude filters to prevent SQL injection attacks
SecFilter “delete[[:space:]]+from”
SecFilter “insert[[:space:]]+into”
SecFilter “select.+from”

# Protecting from XSS attacks through the PHP session cookie
SecFilterSelective ARG_PHPSESSID “!^[0-9a-z]*$”
SecFilterSelective COOKIE_PHPSESSID “!^[0-9a-z]*$”

10. Save the file.
Nevertheless to say For Pico editors Ctrl + X then Y and “Esc” :wq! for Vi editors.

11. Restart Apache.

/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd start

Additionally you can get mod_security rules here:-


Launching Of Reseller Account


Well this is a good opportunity for those who want to open their small web hosting business. Now you can buy our Reseller plan and run your own web hosting business or company at affordable prices. We are giving fully managed service to all our reseller and if any problem occurs in between then bullten web hosting solutions will be liable to manage it.

To know more about it have live chat with our sales representative and to see the price details follow the link below:-

Linux Server Security Tutorial Part 1


This article will help people securing their Linux web server. Its very essential to follow the steps below to protect your server from attacks and vulnerabilities.

Follow the steps below to perform security task (OS Centos):-

1) Install a firewall to monitor you incoming and outgoing traffic. Make rules within it to block illegal usage. I would recommend you to use APF or CSF

Read here about CSF:- http://configserver.com/cp/csf.html
Read here about APF:- http://www.rfxn.com/projects/advanced-policy-firewall/

Installation Guide:-
CSF:- http://configserver.com/free/csf/install.txt
APF:- http://www.rfxn.com/appdocs/README.apf

2) Check if their are updates for software installed. Its very necessary to update the software with the necessary patch.


yum check-update

Suppose it shows you list of update available then you need to run.

yum install update_name

(replace update_name is the software update available )

If you see result like no update available then it means your kernel and installed files are up-to-date

3) Change SSH port for logging. This is necessary step because an attacker can brute force ssh port to gain root access , so by changing SSH port from 22 to something anonymous like 132 or anything you would like, will hep you to secure your server.


vi /etc/ssh/sshd_config

Find line port 22 at the bottom of the the file and press “i” to edit the file and change port number to anything you would like. Then press “escape” and “:wq” to save the file.

Now you have to restart SSH


/etc/init.d/sshd restart

Make sure to add the port number in the firewall other wise it will block your SSH access.

4) Protect Against Fork Bombs. Fork bombs are programs that keep creating child processes until system resources are all used. They actually aren’t remote exploits because they require a local user to execute the bomb; however, users may be tricked into running a fork bomb. For example, the following example may look innocent, but running it on an unprotected system may take the whole system down


vi /etc/security/limits.conf

Add these two lines in the code:-

@users soft nproc 100
@users hard nproc 150

save it and you are done.If you don’t have a users group then check your accounts belong to which group or you can individually limit the user access also.

5) Install Rootkit Hunter (rkhunter).rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing MD5 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.


wget http://space.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz
tar -xzvf rkhunter-1.3.8.tar.gz
cd rkhunter-1.3.8

rukhunter will be installed on your server. Now you have to setup cron job and mail notification system


nano -w /etc/cron.daily/rkhunter.sh

Add the following text to rkhunter.sh

/usr/local/bin/rkhunter –versioncheck
/usr/local/bin/rkhunter –update
/usr/local/bin/rkhunter –cronjob –report-warnings-only
) | /bin/mail -s ‘rkhunter Daily Run (PutYourServerNameHere)’ your@email.here

Note:- You have to change PutYourServerNameHere and your@email.here with your original server name and email address

The above were some ways to harden server protection.Soon I will be writing more on securing Linux Server.

Free Premium Hosting For A year By Bullten Web Hosting Solutions


This contest is for all our members or bloggers who wants to get premium cpanel shared hosting absolutely Free for a year.

What is required to take part

1) Like our Facebook fan page :- http://facebook.com/BullTen
2) Follow us on twitter : http://twitter.com/BullTenWeb
3) Invite your friends to our Facebook fan page and tell them to like it.
4) Promote our website and fanpage to blogging sites and others if applicable
5) Contact us with the links where you have posted our website using our contact us page :- http://www.bullten.com/contact-us/

What Will You Get

The first 20 best bloggers with most invites will win a premium hosting worth 3000 Rs or 60$ per year

Winners Declaration Date:-
The contest will end by 10th of November 2011 and winner will be announced on our Facebook fanpage by 11th of November 2011.

DdoS Deflate A Protection Against DDoS Attacks


To start with I would first explain what is a DDoS attack.

Denial of service (DoS) attacks are attacks that are deliberate attacks on your network properties to deny service to legitimate users. When these attacks seemingly come from distributed sources, they become distributed denial of service (DDoS) attacks.

Few years back, it was common to use spoofing techniques where a hacker would actually use very few machines (or just one machine) and spoof mutliple IP addresses. To the attacked destination it would seem that the attack is coming from multiple IP addresses. However in the recent times, with the advent of infected PCs, increasing number of smart mobile phones, many botnets are available around the world, which can be used to launch a real DDoS attack.

How to Stop DDoS attacks.

Well till now there is no complete protection against this type of attack perhaps some tools and security platforms are used to mitigate its effect. Large organizations are paying thousands of dollars to protect their servers against DDoS but small business owners failed to do so. To overcome the threat of DDoS attack (D)DoS Deflate was released as a free DDoS protection software.

What Is DDoS Deflate:-

(D)DoS Deflate is a lightweight bash shell script designed to assist in the process of blocking a denial of service attack. It utilizes the command below to create a list of IP addresses connected to the server, along with their total number of connections.

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

How To Install (D)DoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/install.sh
chmod 0700 install.sh

How To UnInstall (D)DoS Deflate :-

wget http://www.inetbase.com/scripts/ddos/uninstall.ddos
chmod 0700 uninstall.ddos

How To Check The Number Of Connected Ips:-

sh /usr/local/ddos/ddos.sh

How To Edit Configuration File:-

vi /usr/local/ddos/ddos.conf

How To Restart DDos Deflate:-

sh /usr/local/ddos/ddos.sh -c

What is SEO And Why Its Important For Your Business?

In today’s time there is huge competition on internet net. Anyone doing business whether its online or not wants to capture most of the market by selling his products and services. In past it was very difficult to make your site known to the interested users. To overcome this issue search engine optimization technique was launched for the interested users. In this the website was optimized in such a way that makes it visible to maximum users as possible and now this method proved out to be the most successful for the business.

Most of the business owners now understand the importance of search engine optimization and they want their website to be listed on 1st page of the search engine when their business relevant keywords are searched. To make it easier many organization or companies are giving search engine optimization services to his clients. Not only this service is limited to SEO but there are two more parts which makes it profitable. Social media marketing and search engine marketing are the users choice now. SEM deals with the advertising of the products and services on major search engine like Google, Yahoo, Bing and so on whereas SMM or SMO is for targeting social networking sites like Facebook, Orkut, Twitter, LinkedIn and etc.

SEO is a technique or set of tools and ideas involved to get a website on the top of search engine. There is no exact method defined in this field because algorithm of search engine gets updated very often and major changes are seen. It totally depends on ones ability to perceive things and give it a try. This job totally depicts hit and trial technique. A deep analysis is needed in this job and one has to make his own implementation technique and follow it.

In present time the giant search engine named Google is the users choice for their website as 75% Users over the world are using it and then other search engines like Yahoo, Bing and etc. which covers a very small market are targeted. Usually search engine optimization is expensive but this dominating search engine Google.com is making it more expensive because of huge competition and thereby people only targeting it and wants to pay anything to see their website on its first page.

To end this topic I would write some points which one need to remember while making a Search Engine Optimization Plan

1) Analyze the site properly, what services and products they are offering.
2) Check what is the target audience and how to reach them.
2) Do a thorough competitor analysis, check what they are offering and what site they are targeting for their services
3) Choose right keywords for the service, which has good traffic. To start I would recommend you to choose medium or low competition keyword as targeting huge competition keyword will be useless and will take more time.
4) Divide Your plan on monthly basis i.e how much work you are going to do every month and that should continue for long.
5) Make a monthly report and check with the previous month report to know if your site is improving or not.
6) At last if the website is not improving then contact an SEO expert or follow Google Webmaster Central Forum for a solution.

New SEO Service From BullTen.com


Now you can avail search engine optimization service at bullten.com

To know more about its plan and pricing just follow the link below



What Is Slowloris DOS Attack And How To Mitigate Its Effect


What Is SlowIris Attack:-

In considering the ramifications of a slow denial of service attack against particular services, rather than flooding networks, a concept emerged that would allow a single machine to take down another machine’s web server with minimal bandwidth and side effects on unrelated services and ports. The ideal situation for many denial of service attacks is where all other services remain intact but the webserver itself is completely inaccessible. Slowloris was born from this concept, and is therefore relatively very stealthy compared to most flooding tools.

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way web servers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they’ll allow. Slowloris must wait for all the sockets to become available before it’s successful at consuming them, so if it’s a high traffic website, it may take a while for the site to free up it’s sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they’ll still be able to see the site. So it’s a bit of a race condition, but one that Slowloris will eventually always win – and sooner than later.

Web Server Vulnerable To This Attack:-

Apache 1.x
Apache 2.x
GoAhead WebServer

Web Server Not Vulnerable To This Attack:-

Cisco CSS

As we can see apache is vulnerable to this attack so we will take some precaution to mitigate its affect.We will use mod_antiloris to protect Apache server

What Is The Use Of Mod_Antiloris ?

With mod_antiloris module, apache is protected against the slowloris attack. The module limits the number of threads in READ state on a per IP basis.

How To Install Mod_Antiloris?

1) Download the installer from sourceforge and install

a) cd /usr/local/src
b) wget http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2
c) tar -xvjf mod_antiloris-0.4.tar.bz2
d) cd mod_antiloris-*
e) apxs -a -i -c mod_antiloris.c

2) Now we have to restart apache

service httpd restart

3) How to check whether mod_antiloris loaded or not

httpd -M | grep antiloris

Note if you are using cpanel server then you have to run the below command to make sure new modification are updated into configuration system file

/usr/local/cpanel/bin/apache_conf_distiller –update

Now you can check if your Apache is protected from Slowloris Dos attack or not . Launch a slowloris attack and check Apache status page to see if its effecting it or not.

Protecting Your Server With CSF Firewall


Well to get optimum security for your server its necessary to install a good firewall. ConfigServer Security & Firewall is a free software based security system developed as an SPI iptables firewall that is comprehensive, straight-forward, easy and flexible to configure.

For Detailed Features Follow the link below:-

How To Install ConfigServer Security & Firewall:-

rm -fv csf.tgz
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Now you check do your server has required iptables or not

perl /etc/csf/csftest.pl

If you server has control panel like direct admin or cpanel you can configure CSF from inside your control pane and track everything using GUI.

How To Uninstall CSF:-

On cPanel servers:

cd /etc/csf
sh uninstall.sh

On DirectAdmin servers:

cd /etc/csf
sh uninstall.directadmin.sh

On generic linux servers:

cd /etc/csf
sh uninstall.generic.sh

Cookie Filter In Asynchronous Code!! Google Analytics

Well I have found many people having dynamic ip and getting problem setting up cookie filtering in Google analytic so i came up with a small tutorial.

How to setup cookie filtering in asynchronous code:-

1) Setup a new page named example.html on your server and paste the code below

<script type=”text/javascript”>

var _gaq = _gaq || [];
_gaq.push([‘_setAccount’, ‘UA-XXXXXXX-X’]);

(function() {
var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true;
ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl’ : ‘http://www’) + ‘.google-analytics.com/ga.js’;
var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s);


Change UA-XXXXXXX-X with your unique property ID.

Next , create a filter —> click on edit profile and add filter

Name of Filter – Exclude me
Filter Type: Custom filter > Exclude
Filter Field: User Defined
Filter Pattern: cookie_filter
Case Sensitive: No

Now you are done just visit the page named example.html and you are done…:)