What is Domain Hijacking and how to Prevent it

Posted on September 18th, 2006 by Admin.
Categories: Hacking Truths, Server Security, Domains.

Greetings ,

What is Domain Hijacking and how to Prevent it …

Losing a domain is an incredibly frustrating experience for domain owners. This article will help explain how this happens, and how you can keep it from happening to you.

There are three main ways that people lose domain names:

1. An owner allows the domain registration to lapse

2. A domain is stolen after a hijacker gains access to the registry record

3. An owner does not keep up-to-date contact information in their record and their record is deleted after the registrar concludes that contact with the owner is not possible

The good news is that there are steps you can take to keep this from happening to you. The most basic way to avoid loosing your domain is to keep track of expiration dates and maintain your contact information. One smart way to do this is to consolidate your domains at one high-quality registrar. This allows you to manage a domain portfolio more easily and comprehensively. But remember, your domain can be deleted if your contact data is out of date. Registrars now have to verify ownership annually.

A second and related tip is to make sure that you are listed as the Administrative Contact, also known as the “admin-c”. If it is a corporate domain name, then make sure the business owner or a senior executive is the Administrative Contact; this person is authorized to modify the site, the records, and he or she can change the domain’s ownership.

Next, it is important to use a paid email account for your Administrative Contact email address whenever possible. Free email addresses can be suspended or deleted. If this happens, you will not receive notices from your registrar for renewal, and someone else could register that email address and then use it to request a domain transfer.

You can also place a registrar lock on your domain. This can help prevent it from being transferred, modified, or deleted by a third party. It is also important that you make sure your registrar gives you the ability to unlock your domain at any time without having to call or email them. Otherwise, when you sell a domain name you will have to wait for someone at the registrar to process your request, and then the transfer will take more time, and most importantly, it will take more time for you to receive your payment.

It is also important for you to be an educated email user. Never respond to emails that ask you to click on a link or respond without investigating the source and fully understanding the e-mail’s contents. Be especially careful with domain-related emails that look official but are from an unknown source. Contact your registrar to find out what is happening and if the email is from them. Domain hijackers have been known to send out mass transfer requests hoping that a small number of people will actually accept the transfer request. Do not let yourself fall prey to this type of scam.

Another step you can take to make sure you do not lose your domain is putting your registrar on your email list of “approved senders”. This will ensure that you receive emails from your registrar, including the all important registry renewal notices.

Finally, on a related note, it is a good idea to renew your domain early and for long periods of time. Registrars are allowing domain owners to register their domains for longer periods of time and at more competitive prices.
Protect your domains by following these guidelines:

1) Keep track of expiration dates and keep your contact information up-to date. (Consider domain consolidation.)

2) Make sure you are listed as the Administrative Contact so that only you can modify the domain record or change ownership.

3) Try to avoid using free-email addresses.

4) Make use of registrar locks over which you have control.

5) Be an educated email user: investigate email senders and email contents.

6) Place your registrar on your “approved sender” email list and have emails from them go straight to your inbox.

7) Renew your domain early and for long periods of time.

Cheers,

Kyle

0 comments.

Disable Telnet

Posted on September 18th, 2006 by Admin.
Categories: Hacking Truths, Cpanel Hosting, Server Security, Linux.

Greetings ,

To disable Tenlet to your BOX …

# vi /etc/xinetd.d/telnet

change disable = no to disable = yes

Save and Exit

# /etc/init.d/xinetd restart

Cheers ,

Kyle

0 comments.

Change Cpanel Version / update series from shell

Posted on September 18th, 2006 by Admin.
Categories: Cpanel Hosting, Linux.

Hello ,

To change Cpanel Version/ update series from shell, Edit /etc/cpupdate.conf file to change the update series from shell if WHM is not accessible to change the release, stable, edge version series.

CPANEL=daily
RPMUP=daily
SYSUP=daily

Change first line to
CPANEL=Stable
or
CPANEL=Release
or
CPANEL=Edge

then run /scripts/upcp to update the cpanel

Regards ,

0 comments.

Install PICO Editor in Linux

Posted on September 18th, 2006 by Admin.
Categories: Cpanel Hosting, Linux.

Greetings ,

If Pico is not installed on CPanel/WHM server then you can install that using the following easy steps
========================
/scripts/ensurerpm nano

Then:

cd /usr/bin
ln -s nano pico
========================

Cheers ,

Kyle

0 comments.

Change MySQL Root password

Posted on September 18th, 2006 by Admin.
Categories: Cpanel Hosting, MySQL.

Greetings Guys ,

Changing MySQL root passwd :–
# /etc/rc.d/init.d/mysqld stop
# /usr/bin/safe_mysqld –skip-grant-tables
# mysql -u root
mysql> use mysql;
mysql> update user set Password = PASSWORD(’98f738d’) where User =’root’;
mysql> exit
# /etc/rc.d/init.d/mysqld stop #yes this worked
# /etc/rc.d/init.d/mysqld start

Cheers ,

Admin

0 comments.

Disable PING to server

Posted on September 18th, 2006 by Admin.
Categories: Hacking Truths, Cpanel Hosting, Server Security.

Greetings ,

Well known internet tool to check if a machine is running is PING. Many users wants to disable PING to avoid detection or to keep away from Hackers.

You can use following command to disable PING:

echo “1″ >> /proc/sys/net/ipv4/icmp_echo_ignore_all

The following command we enable PING for you:

echo “0″ >> /proc/sys/net/ipv4/icmp_echo_ignore_all

Cheers,

Kyle

0 comments.

Disable PHP for particular user

Posted on September 17th, 2006 by Admin.
Categories: Cpanel Hosting, Server Security, Apache, PHP.

Greetings guys ,

To disable PHP for a particular user on a Linux server , Put the following code in a .htaaccess file for that user as :
php_flag engine off

Also you can add following code for that in tag of taht particular domain in server’s httpd.conf .

php_admin_flag engine off
Cheers ,

Kyle,

SGugal

0 comments.

Disable USB drive in windows

Posted on September 17th, 2006 by Jason.
Categories: Uncategorized, Fun.

Hello,

This explains how to disable ONLY USB storage devices(flash/Jump/external HD’s) completely without disabling keyboards, mice, etc.

I decided to go this route after trying every other option I could find on the internet. So far this is the only way I have found to completely kill USB drives without ways to get around restrictions. edit: WITHOUT PURCHASING THIRD PARTY SOFTWARE

First thing to do is this:

1.Run regedit and navigate to HKLM\system\currentcontrolset\services\USBstor.

2.Change the value of the dword “Start” from 3 to 4. If the dword “Start” doesnt exist, create it. This will prevent a previously installed USB device from loading when the device is plugged into the machine. ((As most of you know this a Microsoft suggestion, which does work perfectly at disabling previously installed devices, however, this alone will not disable USB storage completely. If a user plugs a new USB storage device into the machine the device will install and the dword value will be reset to 3. Now if you incorporate adding this into a script it alone will disable USB drives, but only after a user plugs a device in, removes it without uninstalling it, logs off then logs back on, thereby running the script. This means that there is a window of opportunity for users to have access to new devices, this may be acceptable for some, but not for others.))

3. The next thing to do is to change the permisions on the USBSTOR key. You need to DENY full control on the “system” group.

((What this does is denies everyone the ability to access the USBStor key, effectively killing the ability for any user (including admins) to install USB storage devices. Now the reason you deny the “system” group is because windows will use this account if no one is logged onto the machine yet. What I mean by this is if say you want to deny a group of users called “staff”, you would need to deny them using GP or a logon script. This will work great, but, if a “staff” group user plugs a USB drive in before logging in to Windows the device will be installed using in the backgroud using the “system” group, then when the user logs in the “staff” group policy is applied dening the user access to the USBstor key, but by this point it makes no difference because the devices is already installed and accessible and once a device is installed the usbstor key is no longer used.))

3. So now that these two steps are are done, *NO ONE* will be able to install USB drives.

If a user tries to use a previously installed drive the device will be blocked and nothing will happen, no prompts, nothing. This is accomplished through step 1, the dword value.

What happens if a user plugs in a “New” device that was not previously installed, the hardware wizard will run, asking for the location of drivers. Regardless of whether a user selects the “automatically” search and install or if they attempt to manually install 3rd party drivers, the HW wizard will prompt the user that “access is denied” once the drivers are selected. This is the result of step 2, denying “system”.

Now that we know how to disable USB storage devices we need to find an efficient way to do this without driving through the registry on each and every machine.

continued…

This is what I did to accomplish this method of killing USB drives quickly and easily.

I created 2 batch files, 1 batch to disable and another for administrators(tech support, ie.) that will re-enable USB drives if the need arises.

1: First thing is to get a copy of the tool “subinacl.exe”. This tool is included with MS Server 2003 RK.

((What subinacl allows you to due is set specific permissions on the exact group or user, etc.. that you need to, this includes permissions on registry Keys which is what we will be doing.))

2: Once you have a copy of “subinacl.exe” set up a folder for your batch files. In my particular case I wanted these batch files available on the network so I created a shared folder named “DisableUSB” on a server. Next I created a subfolder within “DisableUSB” called “subinacl”. Put a copy of “subinacl.exe” in this folder.

3. Next thing to do is create 2 “reg” files in the subfolder “subinacl”. I named the 2 files “dword3.reg” and “dword4.reg”. These files are going to be used to change the value of the dword “start” in the registry key Usbstor.

I assume most probably know how do create reg files, this is what should be in the files:

For “dword3.reg”
******
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\USBSTOR]
“Start”=dword:00000003

*change the 3 to a 4 for “dword4.reg”*

4. Now put these 2 files in the “subinacl” folder if they weren’t created there.

OK, all the pieces should now be in place. For this example we have a shared folder (on no particular server) called “disableUSB”. Within this folder is a subfolder “subinacl” that has subinacl.exe, dword3.reg, and dword4.reg within it.

5 . Now to create the 2 batch files. I created these 2 files under the main share folder (disableUSB). One is called “disableUSBdrives.bat” which, you guessed it, disables drives, and the other for re-enabling drives, “enableUSBdrives.bat”. Wow…

This is how disableUSBdrives.bat is set up:

@echo off
cls
regedit /s \\servername\disableUSB\Subinacl\dword4.reg
\\servername\DisableUSB\Subinacl\subinacl.exe /keyreg \system\currentcontrolset\services\usbstor /deny=system
pause
cls
echo.
echo **USB drives disabled**
echo.
Pause

*the path will differ of course. \\servername is just an example.

for “enableUSBdrives.bat” simply change change “dword4.reg” to “dword3.reg” AND “deny=system” to “grant=system”

Notice that the only real meat to these batch’s is running regedit and running subinacl. Everything else (cls,pause,echo) is optional, for my particular situation it was needed.

6. Go the machines that you want to disable USB drives on and run the disableUSBdrives batch from the network share.

And that’s it. USB drives gone.

Now of course running a batch from each machine is still time consuming, but In my particular situation it had to be done this way, and is obviously much faster than driving through the registry.

The most efficient way to incorporate this would be with logon scripting. Unlike with just using the dword start=4 trick, after this script is run, there is no way for joe blow user to use any of his nifty little Jumpdrives or his hot new hard drives.

Also note that folder names and locations can be set up in any way and anywhere as long as the batch files point to the right place.

Anyway. hope this helps someone.
Enjoy..

0 comments.

How do you repair a corrupt MySQL table?

Posted on September 17th, 2006 by Alex P..
Categories: Linux, web Hosting.

Error: Table ‘tbl_ name’ doesn’t exist databasename_tablesname.frm can’t open

If you get either of the following errors, it usually means that no table exists in the current database with the given name:

Table ‘tbl_name’ doesn’t exist

Can’t find file: ‘tbl_name’ (errno: 2)

A ) In some cases, it may be that the table does exist but that you are referring to it incorrectly:

Because MySQL uses directories and files to store databases and tables, database and table names are case sensitive if they are located on a file system that has case-sensitive filenames.

Even for file systems that are not case sensitive, such as on dedicated.php” target=”_blank” style=”color:#000000″>windows , all references to a given table within a query must use the same letter case.

B ) In some cases, it may be that the table exist but same error occurs then

1 ) Check the permission and ownership of database i.e. it should be same below

drwx—— 2 mysql mysql cpanelusername_dbname.

2) If the permission are corrects but same error occurs then it seems that your database table may be corrupts then there are following way to repair the DB

a) Go to whm >>SQL Services >> Repair a Database >> select database name and click Repair Database.

b) Go to cpanel >> mysql section MySQL

Account Maintenance >> search database then click on Repair.

c) You can repair it though shell

i) login in mysql to that particular user by using following command

> mysql –u databaseusername –p databasename

ii) select particular database

mysql> use databasename;

iii) Check whether database table is corrupted or not if following command output shows null value then it should be corrupts otherwise it is fine

mysql>show table status like ‘table name’\G;

iv)If it is corrupts then use the following command to repair that particular database table.

mysql>repair table tablename;

Regards,

Alex P,

0 comments.

Exim Extended login to catch Spammer

Posted on September 16th, 2006 by Admin.
Categories: Cpanel Hosting, Server Security, EXIM.

Greetings guys ,

To catch Spammer on your server you can enable extended loggin in exim to trace nobody mails. Try the following trick .

1. Edit /etc/exim.conf

2. On the second line add :

log_selector = +address_rewrite +all_parents +arguments +connection_reject +delay_delivery +delivery_size +dnslist_defer +incoming_interface +incoming_port +lost_incoming_connection +queue_run +received_sender +received_recipients +retry_defer +sender_on_delivery +size_reject +skip_delivery +smtp_confirmation +smtp_connection +smtp_protocol_error +smtp_syntax_error +subject +tls_cipher +tls_peerdn \

Make sure all that comes on a single line.

3. Save and exit.

4. Restart Exim.

Now notice the exim_mainlog carefully , and you have Spammer caught Redhanded .

Cheers ,

Admin ,

Sgugal Blog

0 comments.

Older » « Newer