Archive

Posts Tagged ‘user’

Comcast Business Class gateway forwarding port 22 for SSH

March 13th, 2014 No comments

For as long as I’ve had Comcast, and other providers for that matter, I’ve been able to configure my internet gateway/router to allow port 22 (SSH) access to an internal machine. It came as a surprise to me earlier this week that I was blocked when I tried to use their web admin console to change the internal forwarding to a newer machine. As usual, Technical Support was less that helpful and said that it was not possible to do so, and never should have been as Comcast uses that port to administer the gateway. To make matters more disturbing, I was told that I could not have similar SSH access to the gateway, and that replacing their hardware, while permitted, would prevent my use of a static IP.

Back to the solution, as I know that I had only setup this forwarding about a year ago, and it was working only minutes before I tried to change it, I knew that the configuration was possible if I could figure out how it was being blocked. The message in the web console was a javascript alert(); and gave me a starting point. I opened up Firefox and used Firebug to look for the message. Here are a few interesting findings from:

http://HOSTNAME/user/feat-firewall-port-forward-edit.asp

var RemoteManagementPortsCgiBase = “8080,8080,1\|8181,8181,1\|2323,2323,1\|22,22,1\|”;

msg += “Public Port Range conflict with Remote Management Ports.\n”;

if (msg.length > 1)
{
alert(msg);
return false;
}
return true;
}

If you even a little bit of javascript (or simple computer programming for that matter), the solution is clear…. if the ‘msg’ value is empty you will not see the alert or be prevented from making the change you desire.

Lesson to be learned by the Comcast developers (or most likely = subcontractors), always validate submitted form data in your application code, NEVER rely upon javascript alone to verify user entered data!

I also find it interesting that they are also preventing 8080, 8081 and 2323… perhaps that’s their other back doors in these gateways for their access. The same approach should work for those ports if you need it!

Basic password protection for Apache2 on Ubuntu

February 2nd, 2014 No comments

This is a relatively trivial topic, but comes up quite often. For securing content on a server, you’ll often want to password protect entire domains or paths. Add the following to the correct block in your httpd.conf and you should be ready to go.

If you have a complex environment, you may want to consider having individual password files for each asset.


<Location />
AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Location>

To create/clobber a new file for the first user:
sudo htpasswd -c /etc/apache2/.htpasswd YOURUSER

To add additional users:
sudo htpasswd /etc/apache2/.htpasswd YOURUSER
(repeat for new users without the -c as that creates/clobbers the file)

Install MySQL database on Ubuntu and add new user.

June 16th, 2013 No comments

Installing MySQL on Ubuntu requires only a few simple steps.

  1. sudo apt-get install mysql-server
  2. sudo netstat -tap | grep mysql
  3. sudo vi /etc/mysql/my.cnf
  4. sudo service mysql restart

To look for some simple performance and security suggestions:

  1. sudo apt-get install mysqltuner
  2. mysqltuner

Adding a new user is equally easy…

  1. mysql --user=root --password=mypassword mysql
  2. CREATE USER 'myusername'@'%' IDENTIFIED BY 'mypassword';
    GRANT ALL PRIVILEGES ON *.* TO 'mydatabase'@'%' WITH GRANT OPTION;
    FLUSH PRIVILEGES;

NOTE: This allows access to the user from ALL hosts, it can be limited by replacing the '%' with a specific hostname (such as ‘localhost’ if desired) for security.

REFERENCES:

Masquerading browser User-Agent strings

October 31st, 2011 No comments

As it’s Halloween, it’s only relevant that I share a method of covering your browsers identity.

  • For MSIE, you must modify the registry. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent]
  • For Chrome (on Windows, and I assume other OS’s), you can use a startup parameter.
    C:\Users\{USERID}\AppData\Local\Google\Chrome\Application\chrome.exe --user-agent="Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_7_0; en-us) AppleWebKit/533.21.1 (KHTML, like Gecko) Version/5.0.5 Safari/533.21.1"
  • For Firefox and other Mozilla based browsers, you can mofiy the configuration in (user.js) or use a variety of add-on extensions, such as:

Interested in knowing your current User-Agent, just visit one of the following:

Many robots and spiders that are used by search engines also identify themselves by their User-Agent, if you see this activity in your logs you can often learn more about it at:

REFERENCES:

Happy Halloween!