http://membrane.com/security/secure/Mic … ulous.html

Not to mention that it'd probably be a good idea to give them a detailed report on how insecure IE is. Print out reports, and tell them that their company's computer security is at risk. Just word it up to make it seem really serious.

Will I be lapidated if I say - I don't care about IE?
Especially IE6.

Please have a look now, I changed something in the src.
Does it still look like before?

Neither do I But we gotta do what we gotta do. IE is the standard one in this company

It's not fixed yet. If you'll keep trying, it's for other members, I'm fine with the current one since I know how to get it.

Thanks for explaning what the script does.

It's not allowed to install apps ... I already got my final warning .. Thank you

linuxhat wrote:

What about adding this line? Good honeypot if you watch the logs, might become very interesting.

What would this script do? Can you give us a brief explanation?

If I understand correctly, adding this line would identify our "web server" as an old Apache/PHP stack that can be exploited.  Unpleasant people out there are scanning automatically for servers running vulnerable software.

Without much effort, you might capture a real attack in your log file.  That would be most excellent.  Like catching a fox with a piece of bubble gum and a shoe string.

P.S.: Tell your boss to install Firefox so you can surf properly

Please have a look now, I changed something in the src.
Does it still look like before?

Did I miss something? It is?

[1] http://www.dd-wrt.com/dd-wrtv3/index.php

/xai

There is command in the beigning of this post as shown below but the [ code ] option is hiding it:

A verbose command for downloading the top 3 videos from youtube:

Cool.  But where would you run such a thing?  VPS? (expensive)

Yes, for example.
I could run it on my Router (Linksys WRT54G2 flashed with DD-WRT[1]) for a time.

Did I miss something? It is?

[1] http://www.dd-wrt.com/dd-wrtv3/index.php

/xai

Nice dan!

xai@w00t:~# diff -Naur webserver.sh webserver_alex.sh
--- webserver.sh        2009-07-14 16:33:44.000000000 +0200
+++ webserver_alex.sh   2009-07-14 16:34:58.000000000 +0200
@@ -20,6 +20,7 @@
   if [ -f "${docroot}/${url}" ]; then
   echo -e "HTTP/1.1 200 OK\r
   Content-Type: text/html; charset=ISO-8859-1\r
+  Server: Apache/1.2.6 PHP/4.0.6\r
   \r"
   cat ${docroot}/${url}
   echo -e "\r"

What about adding this line? Good honeypot if you watch the logs, might become very interesting.

/xai

What would this script do? Can you give us a brief explanation?

Alex,
Can you edit the 1st post to show the 1st verbose command:

wget http://www.youtube.com/ -O - 2> /dev/null | grep "<a href" | sed 's/.*<a href/<a href/' |cut -f2 -d'"' | grep "popular" | cut -f1 -d'&' | head -n 3 | sed 's/^/http:\/\/youtube.com/' | xargs -i clive {} \;

xai@w00t:~# diff -Naur webserver.sh webserver_alex.sh
--- webserver.sh        2009-07-14 16:33:44.000000000 +0200
+++ webserver_alex.sh   2009-07-14 16:34:58.000000000 +0200
@@ -20,6 +20,7 @@
   if [ -f "${docroot}/${url}" ]; then
   echo -e "HTTP/1.1 200 OK\r
   Content-Type: text/html; charset=ISO-8859-1\r
+  Server: Apache/1.2.6 PHP/4.0.6\r
   \r"
   cat ${docroot}/${url}
   echo -e "\r"

What about adding this line? Good honeypot if you watch the logs, might become very interesting.

/xai

As requested, here are some snippets from last night:

A verbose command for downloading the top 3 videos from youtube:

wget http://www.youtube.com/ -O - 2> /dev/null | grep "<a href" | sed 's/.*<a href/<a href/' |cut -f2 -d'"' | grep "popular" | cut -f1 -d'&' | head -n 3 | sed 's/^/http:\/\/youtube.com/' | xargs -i clive {} \;

For the web server, here are the contents of a config file that must be added to /etc/xinetd.d/ 
(The name of the file doesn't matter):

service www
{
    port           = 80
    protocol       = tcp
    wait           = no
    user           = root
    server         = /home/dan/uaelug/httpd/httpd
}

And here's the example web server in bash script (for educational use only).

#! /bin/bash

docroot="/home/dan/uaelug/httpd"

# First line holds the HTTP request
read request

# Keep swallowing lines until you get a blank one
# Note: HTTP lines are terminated with CR LF, and CR='\r'
while read line; do
  test "$line" == $'\r' && break
done

# Trim the request string and log it
url=${request#GET }
url=${url% HTTP/*}
echo $url >> /home/dan/uaelug/httpd/log.txt

# Serve the request if the file exists, otherwise 404
if [ -f "${docroot}/${url}" ]; then
echo -e "HTTP/1.1 200 OK\r
Content-Type: text/html; charset=ISO-8859-1\r
\r"
cat ${docroot}/${url}
echo -e "\r"

else
echo -e "HTTP/1.1 404 Not Found\r
Content-Type: text/html; charset=UTF-8\r
\r"
cat ${docroot}/404.html
echo -e "\r"

fi

Reference: http://www.debian-administration.org/ar … ell_script

Again -> Kudos to dan_r.