Blog <-> Facebook

So I finally got around to getting Facebook to automatically impoort my blog entries. Was easily done technically, all I had to do was decide if I wanted them to end up in the news feed or as status updates. Both had their advantages, but I decided going with news feeds because they provide better formating. Now I’m back to moving my website and email server to new hardware (websites are easy, email is a bit of a pain).

Continue reading

Free vServer during beta phase

I just stumbled accross this website: https://ssl.euserv.de/produkte/vserver/betatest.php where you can order a vServer for free during the beta phase. The beta phase is planned to last till the end of 2009. For more details, have a look at the link (there are a few thing not allowed to use the server for, mainly high traffic and illegal stuff). An order key is required, just have a look at the tags of this posting …. one of them is a bit “strange” 😉

Continue reading

Gaming & Tech

Yeah I know,  I haven’t posted in quite a while. Have been pretty busy with all kinds of stuff lately. so here is a short update on the more technical stuff I’ve been up to in the last few weeks: – I moved most of the services from my old server to my new server (actually to one of my vmware guests on my new server, si-ka.net is still missing, and I need to forward dopefish.de to www.dopefish.de) – I set up a gameserver host on a separate vmware guest. While this may not be the best solution performance-wise, it is defiantly the best solution security wise since gameservers require […]

Continue reading

save the forest (or something like that …)

I can’t be the only person who finds it bothersome burning a cd just to install linux. What a waste (it’s not like you use the cd all to often afterwards, except as a coaster). So here are the quick and dirty instructions for making a debian linux install usb stick (adjust /dev/sdb accordingly, failure to do so can pretty must kill any data on a harddisk): wget ftp://ftp2.de.debian.org/debian/dists/etch/main/installer-i386/current/images/hd-media/boot.img.gz wget http://cdimage.debian.org/debian-cd/4.0_r5/i386/iso-cd/debian-40r5-i386-netinst.iso zcat boot.img.gz > /dev/sdb mount /dev/sdb /mnt cp debian-40r5-i386-netinst.iso /mnt umount /mnt

Continue reading

Basic Server Hardening

Ok, here is a list of a few programs I’d advise anyone to use who is running a server on the internet (or thinking of doing so). aide or tripwire (they can check and report if files on your system get changed, configurable levels). If you use tripwire, don’t forget a “tripwire –check -I” after you do any updates. logcheck will check your system logs, and report anything out of the ordinary (“ordinary” is defined by a list of ‘normal’ rules, and anything you add) tiger goes farther than logcheck, it actively checks your system and reports anything strange (files not belonging to packages, users or groups that got added, […]

Continue reading

knock daemon with INPUT chain set to default ACCEPT

I know there are plenty of pages floating around the Internet about knock daemons that open ports in a firewall after a predefined series of ports are “knocked”. For some reason ALL the pages I found assumed that a) you want the filter in your INPUT chain, and that the INPUT chain defaulted to DROP or REJECT. In my case, I’m defiantly not going to have a iptables firewall with a default that drops packets. Every few weeks I try out some new software and can’t be bothered with adjusting my firewall every time. All I need it to do is keep pesky people off my ssh, that’s all. So […]

Continue reading

Hackit Contest

Ok, the contest is ready. I’ll start off with the information everybody has been waiting for: IP: 80.190.250.213 There is a webserver running with a brief description of the target and rules of the contest http://80.190.250.213/ The webserver is actually part of the contest since people are supposed to deface this page. To make it a bit more interresting, the ssh sessions are recorded with script and saved here for everyone to see (e.g. “less -r filename”). Rules and Target of the contest: As stated above, deface this page. To achieve this goal, everything is allowed. Do what you need/want to achieve the goal. Unfortunatly we will still need a […]

Continue reading

HackIt server nearly ready

I spent the last few days fine tuning the HackIt server I mentioned last week. After lots of thought on how I was going to punch holes into the security, I decided on a different approach. Since in the past contests I always found it fustrating to see people with high skills trying out stuff I would never have dreamed of, and in the end to get beaten by people who by sheer luck tried out the right thing at the right time … I decided to minimize the “luck” factor of the contest by not putting any holes in the server on purpose. What I am going to do […]

Continue reading

[Work in progress] HackIt Server

The last HackIt I set up was a few years ago, so I decided to have a go at it again. As before it will be a Linux server. And I will also have some fun with grsecurity kernel patches (including the additional Role-Based Access Control system). So nothing new up to here. I’m also going to be using most of the features I used back then too (like “trusted path execution” and no outgoing/server sockets for users, …) Last time it was separate hardware on my little DSL line (meaning back then all users had to share a 128kbit upstream). This time it will be a vmware box on […]

Continue reading