I needed only one Apache HTTPD server visible over the Internet, and subdomains provided by internal webservers. I proceeded with mod_proxy.

On SLES10, go to /etc/apache2 and create a file named proxy.conf:

# Sample configs
# by hardwyrd
# 05/22/2009
#
# Disclaimer:
# Use at your own risk. It works for me, it might not work for you.
# If you decide to use or follow this config, you agree that I am not responsible for the damage
# to your system.

# Listen on internal interface only. Only mod_proxy uses this.

Listen 192.168.10.1:8080

# Set the user for mod_proxy
User nobody
Group nobody

# Turn on proxy requests
ProxyRequests On

Order deny,allow
Deny from all

# Declare your subdomain rechable from the internet.

Order deny,allow
Deny from all

# Allow only from specific IP addresses or allow all if this is accessible from the net.
Allow from all

# You can add as many
declarations as you can.

Create a virtual host on the public-facing Apache server. In SLES10, the config is at /etc/apache2/vhosts.d:

# Sample configs
# by hardwyrd
# 05/22/2009
#
# Disclaimer:
# Use at your own risk. It works for me, it might not work for you.
# If you decide to use or follow this config, you agree that I am not responsible for the damage
# to your system.

# A virtual host config is needed so that we can redirect the subdomain requests coming in at port 80 to the internal Apache server.
# Create equivalent virtual host entries for every
declaration in the proxy.conf .


ServerName your-subdomain.your-domain.tld
ServerAlias your-subdomain.your-domain.tld
ProxyPass / http://your-subdomain.your-domain.tld/
ProxyPassReverse / http://rspace.focusoutsourcing.com/


To enable the public Apache server forward the requests to the proper internal Apache server, you can use an internal DNS server with the correct A record for the domain pointing to the IP of the internal Apache server. Or, the quickest way is to add the subdomain to the hosts file (/etc/hosts).

#/etc/hosts
192.168.10.22 your-subdomain.your-domain.tld

On the internal Apache server, create a standard virtual host for the subdomain.

That’s it! Only one apache server will be visible to the public, and yet serve multiple subdomains, spread among various internal Apache servers.

Enjoy!

Technorati : apache, mod_proxy, web+server, linux
Site Search Tags: apache, mod_proxy, web+server, linux

Microsoft announced last December 15 of yet another major flaw in version 7 of its Internet Explorer browser which allows remote code execution on the target computer (as if the others do not already).

Dubbed as Microsoft Security Advisory (961051), the advisory went on to discuss the issue as follows:

The vulnerability exists as an invalid pointer reference in the data binding function of Internet Explorer. When data binding is enabled (which is the default state), it is possible under certain conditions for an object to be released without updating the array length, leaving the potential to access the deleted object’s memory space. This can cause Internet Explorer to exit unexpectedly, in a state that is exploitable.

It appears also that its not only IE7 that’s affected. It affects versions up to IE8 also. Even the BBC has snatched this issue as well.

What was weird for me was that the Full Disclosure community did not make any reaction to this disclosure by Microsoft. Or it might be too early as the secinfo experts and enthusiasts are scrambling to verify this if at all.

My take on this is - what’s new? Honestly, I’m not surprised at all.

Technorati browser, internet, explorer, IE, major, flaw, microsoft, security
Site Search Tags: browser, internet, explorer, IE, major, flaw, microsoft, security

This is the first time that I’m going to be posting an article about the DNS issue found by Dan Kaminsky came about. Not because of the severity of this problem, nor is it about how prolific Kaminsky and his skills about hacking is. This post is about how fast something develops within the Internet.

The DNS problem found by Kaminsky, and featured all over the web caused tremendous concern among a lot of security experts, and administrators. Read more to get an idea about DNS and what it does.

In just 2 days since Halvar Flake posted his “speculation” on how Dan Kaminsky can perform a massively successful DNS cache poisoning attack, CaughQ’s Druid and Metasploit’s HD Moore joined efforts in delivering what appears to be the first exploit code specifically targetted at Dan Kaminsky’s DNS bug which Dan happened to be trying to keep hush-hush since its discovery.

The exploit was released and announced at Full Disclosure today at around 3AM local time (11AM Manila Time). Here’s a portion of the mail header for the sent time.

Received: from cpe-24-28-73-141.austin.res.rr.com (HELO ?10.3.3.33?)
(druid@24.28.73.141)
by mail.caughq.org with SMTP; 24 Jul 2008 03:08:35 -0000

Druid and HDMoore’s exploit code, coded on Ruby, appeared to have taken details from Halvar Flake’s “speculation” to implement the attack. Although a lot of people believed that Halvar Flake’s speculation may have been a little off, but it appeared that Halvar may have almost nailed it on the head thus prompting CaughQ and Metasploit to take a look, thus arriving at the latest exploit code.

Disclosure header received at Full Disclosure:


____ ____ __ __
/ \ / \ | | | |
----====####/ /\__\##/ /\ \##| |##| |####====----
| | | |__| | | | | |
| | ___ | __ | | | | |
------======######\ \/ /#| |##| |#| |##| |######======------
\____/ |__| |__| \______/

Computer Academic Underground
http://www.caughq.org
Exploit Code

===============/========================================================
Exploit ID: CAU-EX-2008-0003
Release Date: 2008.07.23
Title: bailiwicked_domain.rb
Description: Kaminsky DNS Cache Poisoning Flaw Exploit for Domains
Tested: BIND 9.4.1-9.4.2
Attributes: Remote, Poison, Resolver, Metasploit
Exploit URL: ------ removed -------
Author/Email: I)ruid
H D Moore
===============/========================================================

Description
===========

This exploit targets a fairly ubiquitous flaw in DNS implementations
which allow the insertion of malicious DNS records into the cache of the
target nameserver. This exploit caches a single malicious nameserver
entry into the target nameserver which replaces the legitimate
nameservers for the target domain. By causing the target nameserver to
query for random hostnames at the target domain, the attacker can spoof
a response to the target server including an answer for the query, an
authority server record, and an additional record for that server,
causing target nameserver to insert the additional record into the
cache. This insertion completely replaces the original nameserver
records for the target domain.

Quoting Dan Kaminsky, “the cat is out of the bag.” Sorry Dan, I don’t think you can stop this now. And I think you know who to blame for this, that is if he/she/they/it can really be blamed?

The rate/speed of development is just truly amazing. The extent?

Technorati DNS, Kaminsky, working+exploit, hacking, metasploit, caughq
Site Search Tags: DNS, Kaminsky, working+exploit, hacking, metasploit, caughq

The first leg of my Manila trip was ok. Got fed up with the traffic at EDSA last night when I tried to go to Makati from my stay at Ortigas. A couple of taxis did not take me. Now, I’m in a mining town virtually owned by PHILEX Mining. The place is called the Padcal Operation. Everything here, from hospitals, schools, electricity, roads, cooking gas supplies were provided by PHILEX free to all the town inhabitants which are also its miners and their families. It was a tiring trip from Manila to here but it was great. And tomorrow, my training will begin.

I’ll be training five PHILEX Mining IT staff on Novell ZENworks Desktop Management. It’s just amazing that a location this remote, about an hour from Baguio city proper across rugged but well-paved terrain, technology is at its finest. The PHILEX Mining site is a huge area which, to my estimation, would actually comprise a couple of medium-sized towns/municipalities. However, its various sections and buildings interspersed across the vast area, wireless technology provided a vital data and communication backbone.

I was even surprised to find out that they have cable TV here. Still provided by PHILEX for free. They got the cable from DreamTV Satellite. And yes, they have internet here or else I wouldn’t have posted this. I dunno yet who the provider is, however, it’s a safe bet that this also runs piggyback on Dream’s own cable tv/satellite.

For now, I have to sign off and post updates later.

Technorati Tags: Benguet, Baguio, trip, Novell, ZENworks, training, PHILEX, mining
Site Search Tags: Benguet, Baguio, trip, Novell, ZENworks, training, PHILEX, mining

Whew, it certainly is a very busy week for me. Just this week, my trip to Manila and Baguio is confirmed. However, I’m not going for a vacation.

Despite the destination being a known vacation spot and all that, I’m not going to Baguio to relax. This coming January 29th I’m going to conduct a training for Philex Mining on how to deploy and use Novell ZENworks Desktop Management. For the whole week, I’ve been busy preparing training and discussion materials and doing simulations. There’s nothing better than making sure that your material works everytime you do the training. Sadly, as much as I wanted to, this training is not open source-related. However, there’s a big chance I can swing them over to give Linux and open source a try. The one thing I appreciate with ZENworks despite it being a proprietary product is that it does install on top of Linux, either SLES or Red Hat.

It really is a full week for me. For one, we just finished checking the mail server of a big client. They’ve had issues with POP3 authentication. Turns out its a DNS problem. All their machines point to external DNS servers owned by an ISP. Everytime their Outlooks authenticate to their POP3 server, their workstations shoot the hostname requests to the ISP DNS. If the requests push through and are received by the POP3 server, it then shoots the reply back to the ISP DNS. No wonder their POP3 accesses are having timeouts. We’ve recommended having an internal DNS server and they’ve already put it into their own development plan which will be put into action by February. We’ve checked traffic from the internet to their mail server and so far incoming mails are received and we can send mail through IMAP without any problems.

That very same ISP I was talking about, is having problems with their network and they are currently suffering from intermittent connections. It is also a mobile services carrier. Just last week, they’ve had big problems with mobile phone signals wherein calls and SMS not going through.

For my trip, I’ll be stopping by Manila for a day to take the Certified Linux Professional practicum exam. I’m hoping to be able to pass. The sad thing is that with my very hectic schedule, I did not find any time to do any review nor got the time to study throughly. It’s anybody’s guess whether I’ll pass this or not. I’ll give myself a 25% chance of passing. My regular daily schedule by the way is consumed by doing client visits, reviewing products from Novell and Alcatel-Lucent, doing product presentations, planning and doing SLES deployments and Alcatel-Lucent OmniPCX Office IP-PBX deployments, planning for technical demos, and if a little time could be spared, keeping watch of the company mail server and proxy server. Yeah, its quite a handful. But I get by somehow.

Before I go on the trip, I’ll be giving a talk about Linux at the Quantum and Information Technology Convention organized by Xavier Computer Enthusiasts League (XCEL) and the Ateneo Information Management Society (AIMS) of Xavier University. That’s going to be tomorrow January 25th (26th in the US).

Along with members of various Linux and opensource enthusiasts, I’ll be meeting with Ms. Yolynne Medina, Channel Consultant and Networking Staff for the International OpenSource Network (IOSN) on January 26th to talk about the current status of the local groups and their plans and directions. I’d be happy to help out in this arena.

On the 27th, after arrival in Manila if time permits, I’ll be meeting Greg Moreno and hopefully also Bobby Santiago of the Philippine Ruby Users Group. I just hope there’s going to be a Ruby meeting so I can also attend .

This week alone is quite tiring with all the things I need to do to resolve some pending works and preparing for the trip. Hopefully the training will go seamlessly so I can relax and enjoy the trip. I also hope that I’ll have a little more extra time later, should some Ubuntu Philippines guys would like to meet up (hint, hint).

Enjoy!

Technorati Tags: Baguio, Manila, trip, Linux, OpenSource, Ruby, SLES, Ubuntu,
Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,
Site Search Tags: Baguio, Manila, trip, Linux, Ubuntu, SLES,OpenSource, Ruby, Philippine+Ruby+Users+Group, Novell, Alcatel-Lucent, IOSN, QITC,

The following article contains opinions and personal views of the author and will be taken as such. There is no guarantee to the accuracy, timeliness of some of the information that may be found within the article. The methods that are discussed here might not be applicable in your case. The author will not be held liable for any damage caused by using the method/(s) described in this article . Use the methods at your own risk. - hardwyrd

If you’ve downloaded documentations, help files, and how-tos, I’m pretty sure you’re very familiar with CHMs. CHMs — or Compiled HTML Help (or Manual) files, were pretty much popularized by Microsoft (shudder…) and was(is) in use by Microsoft Help. CHMs are pretty much compact in its own allowing plain HTML help files to be crammed into a single file and yet have its layout and objects intact.

On Linux however, this file format is not natively supported. You’d have to use a reader app to get to the info contained in CHM files. One of those popular CHM readers is gnoCHM. Another, also popular CHM reader is xCHM. xCHM is the one we will take a short look for today.

xCHM is pretty much a basic and simple CHM reader. It features a very simple interface, with standard browsing buttons that you can find in virtually any type of internet browser. The reader afterall is like a browser on its own showing you the contents of a compiled “web site”. Using xCHM is a no-brainer. Since xCHM is not a part of the standard install of your favorite distro (not that I’m aware of), we need to get the package and install it ourselves. For this session, I am using SLED10, however, at the bottom of this article you will find steps in installing it in Ubuntu or Debian.

Getting xCHM
You can get the latest stable xCHM build from its website at Sourceforge. Or you can copy and paste the following to your browser:

http://xchm.sourceforge.net/

In the xCHM site, you can choose to download pre-built binaries for your specific distro, or you can get the source and compile xCHM yourself. I will feature building xCHM from source. Should you want to feel “gung-ho hard core” about this exercise, you may get the package using wget by doing the following in your terminal:

wget http://jaist.dl.sourceforge.net/sourceforge/xchm/xchm-<version-number>.tar.gz


Once you have downloaded the xCHM source, we will need another set of package for it. xCHM uses the wxWidget GUI Library. If your distro doesn’t have this included, we will need to get wxWidget from its website. You may go “gung-ho hard core” again and do the following in your terminal:

wget http://prdownloads.sourceforge.net/wxwindows/wxWidgets-<version-number>.tar.gz

Let’s Build!
Once you finish downloading wxWidget, we will need to extract it and compile it.

# tar xzvf wxWidgets-<version-number>
# cd wxWidgets-<version-number>/
# mkdir buildgtk
# cd buildgtk
# ../configure --with-gtk
# make
# make install
# ldconfig

With a working wxWidget install, we can now proceed to installing xCHM. Again, we will need to extract the xCHM source package and install it.

# tar xzvf xchm-<version-number>.tar.gz
# cd xchm-<version-number>/
# ./configure
# make
# make install

That’s all there is to it!

To test if xCHM works, just type xchm in your terminal or open a chm file directly by typing xchm /path/to/your/file.chm.

For Ubuntu / Debian users, you may get wxWidget by first adding the wxWidget trusted key.

# curl http://apt.wxwidgets.org/key.asc | sudo apt-key add -

Modify your /etc/apt/sources.list to include the wxWidget repo.

# wxWidgets/wxPython repository at apt.wxwidgets.org
deb http://apt.wxwidgets.org/ DIST-wx main
deb-src http://apt.wxwidgets.org/ DIST-wx main


Do an update of your apt cache.

$ sudo apt-get update

Install wxWidget.

$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n

Once wxWidget is installed, you may proceed in installing xCHM from your Ubuntu repo. Make sure that you search first if xCHM is present, then proceed to installation.

$ sudo apt-cache search xchm
$sudo apt-get install xchm


You can also do wxWidget and xCHM installation in one command sweep after you have added the wxWidget repo.

$ sudo apt-cache search xchm
$ sudo apt-get install python-wxgtk2.8 python-wxtools python-wxaddons wx2.8-i18n xchm

No sweat. ENJOY!

Screenshots

Technorati: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu
Site Search Tags: xCHM, chm+reader, CHM, reader, Linux, gnochm, SLED10, Ubuntu

This blog has been up since 2005 and despite it being intermittently updated, I never truly considered monetizing it since the number of visitors are very few. However a few weeks ago, I decided to take a look at the AdSense service since I am also an avid user of Google’s other services. That’s the very reason why these past 3 weeks you’ve seen some new items and the Google Ads on two areas of my blog.

Recently however, a big development came about. It’s not really a very big deal but it is definitely something to take note of. Last September 20, I received an email from the Google AdSense team notifying me that my AdSense account has been disabled. This has definitely surprised me and ticked that hell out of me. The email is as follows:

From: Google AdSense
To: –my email–
Subject: Google AdSense Account Disabled
Cc: Google AdSense
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Google-AdSense-Creation-Method: AdSenseFrontend
X-Google-AdSense-Message: ads-status

Hello <my full name>,

Your AdSense account was found to be related to an account previously
disabled for invalid click activity and we have therefore disabled your
account. Publishers disabled for invalid click activity are not allowed
further participation in AdSense and do not receive any further
payment. The earnings on your account will be properly returned to the
affected advertisers.

As outlined in our program Terms and Conditions, Google reserves the
right to terminate any publisher’s participation at any time.

Sincerely,

The Google AdSense Team

How come that my AdSense account was disabled and I’m accused of engaging in “invalid click activity” ? What I did in response is go to the AdSense site and fired up the Contact Form with the message:

Hello,

First, thank you very much for allowing me to participate in Google AdSense albeit in a very short time span. It allowed me to see the features that AdSense provides and the convenience it is for publishers to monetize their sites.

I am emailing you in response to a notification email I received dated September 20, 2007 regarding my AdSense account being disabled due to participation in "invalid click activity".

I would like to make some points clear.

1. I am not aware that invalid clicks has been made on AdSense ads that were put on my site, http://baudizm.blogsome.com.

2. I have never personally clicked on any of the AdSense ads that were put on my site, and I am perfectly aware of the terms as agreed upon prior to completing my application with AdSense.

3. I am using a NAT-ted home network where I share my connection with the rest of my family who are also internet users thus might explain sharing the same IP address with them.

4. I have not campaigned or asked anybody to click on any of the ads that were placed on my site. If you can notice on the ad demographics on my account, the clicks were very few and far between.

5. I did not even participate or click on ads from other AdSense Publishers.

I believe that despite me being new to the AdSense service, I have been done a great injustice and disservice. I have expected Google AdSense to be a great service and I have done my very best to adhere to the agreements and rules set upon by Google for the said service. I cannot believe that even one or two delinquent clicks, might bring down an erstwhile honest endeavor of monetizing a personal site. This is my first try to monetize my own site despite the years it has been up and I had put my trust on Google's AdSense service to be able to provide the monetizing service that I could look up to. However, AdSense failed me miserably. I have a very hectic day job providing Pre-Sales and Technical Support for a local IT reseller and I am perfectly aware of your rules and conditions.

If there is going to be a way that Google will rectify this situation, then I will be very glad to listen. However, I am utterly disappointed at how this matter has been handled. I am a very busy man. Surely this might be negligible, considering that the ad revenue (if there is at all) from the ads at my site only earned 40 cents in a span of almost 3 weeks. However, even that is proof that my site did not engage in unscrupulous "invalid click activity".

The email I received from Google regarding my AdSense account also led me to believe that my AdSense account will have no chance of being restored nor will I be allowed to apply for another account, quoting:

"Publishers disabled for invalid click activity are not allowed
further participation in AdSense and do not receive any further
payment. The earnings on your account will be properly returned to the affected advertisers."

This recent development is truly disappointing and disheartening on the part of an honest new publisher.

Sincerely,

<my full name>
Certified Novell Salesperson 2007
Freelance Consultant and WebDev.
(Linux/OSS, Windows,LAN/WAN/Struc Cabl.)
Registered Linux User #400165

This got me ticked off at Google AdSense. If I will not receive any message from them, its not worth it. I am not asking them to have my AdSense account restored however, if they will, then I will appreciate it. But looking at the number of accounts that they are dealing with on a daily basis, that possibility is slim. I am just hoping for some more information (logs showing the IPs, time the click was made, and so on) to be provided to me regarding the “offense” that they allege I had made. I am working on an enterprise IT environment and I know too darn well what the Google AdSense terms meant and it is stupid or ignorant of me if I go against the terms I have agreed to in the first place prior to completing my application at AdSense.

We shall see in the coming days what AdSense will say about this.

Technorati : Google, AdSense, ad, invalid, click, account, disabled
Site Search Tags: Google, AdSense, ad, invalid, click, account, disabled

Many of us who happen to spend a huge amount of our time on the internet do so and rely on our browsers. We rely on our browsers for virtually anything we do on the internet. From communications, to research, to purchasing anything, and just about any service that is available off the internet.

To keep our browsers up to date with fixes and patches, we follow a distinct routine of updating our browsers as soon as patches and fixes become available.

However, Polish hacker Michal Zalewski released another set of flaws for patched Internet Explorer and Mozilla Firefox browsers.

The published flaws are not pretty. And these flaws are not good for users unless the publicized flaws will be corrected in the browsers themselves.

Zalewski announced the flaws at Full-Disclosure

I have tried his simple online demos of the exploits and could now see that a lot of these malicious coders will try to incorporate these exploits into their arsenal. Add to that the viral and nuisance “marketing” sites will be using techniques derived from these revelations from Zalewski.

It wont be long, I’ll be disabling JavaScript support should this remain unfixed in upcoming browser releases. Or perhaps, I’ll go Opera provided it will not be running under IE mode or Firefox mode.

Firefox, Internet Explorer, browser, security, flaw, hack
Site Search Tags: Firefox, Internet, Explorer, browser, security, flaw, hack