Mar 19, 2015
What the hell is executing on mysql
SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST order by time;
seen from Netherlands
seen from Singapore
seen from Australia
seen from United Kingdom
seen from Italy
seen from Italy
seen from China
seen from Italy
seen from United States
seen from United States
seen from China
seen from China
seen from Australia
seen from China
seen from Australia
seen from Sweden
seen from United States
seen from Malaysia
seen from China
seen from Singapore
What the hell is executing on mysql
SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST order by time;
Stoping spam with postfix
Well Ihad some small troubles with spamers on postfix I found some commands to parse logs and get the user. Sometimes the user password was compromised, we need search the users what is sending spam like:
zgrep 'sasl_method' /var/log/mail.log* | grep "postfix/smtpd" | awk '{print $9}' | sort -n | uniq -c | sort -n | tail
that return is
4342 [email protected] 20980 [email protected]
Wow i see that two users login alot of times with the mailserver. That users are sending spam!
Lets check the ips was autheticating:
zgrep $1 /var/log/mail.log* | grep "postfix/smtpd"| grep -v reject | awk '{print $7}' |uniq -c | sort -n | tail 127 client=unknown[180.249.13.35], 127 client=unknown[5.34.35.160], 127 client=unknown[95.46.242.232], 128 client=ip-46-73-42-28.bb.netbynet.ru[46.73.42.28], 131 client=host-static-89-35-202-29.moldtelecom.md[89.35.202.29], 134 client=unknown[78.175.102.232], 136 client=unknown[124.227.149.62], 137 client=unknown[176.196.97.244], 137 client=unknown[187.4.82.244], 139 client=ip-552f.proline.net.ua[93.126.85.47],
that ips are very strange, lets check the country from comes with whois or with geoiplookup
geoiplookup 93.126.85.47 GeoIP Country Edition: UA, Ukraine
That ip is not from mexico lets ban with this script:
#!/bin/bash IPT=/sbin/iptables SPAMLIST="spamlist" SPAMDROPMSG="SPAM LIST DROP" BADIPS=$(egrep -v -E "^#|^$" blocked.ips) # create a new iptables list $IPT -N $SPAMLIST for ipblock in $BADIPS do $IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG" $IPT -A $SPAMLIST -s $ipblock -j DROP done $IPT -I INPUT -j $SPAMLIST $IPT -I OUTPUT -j $SPAMLIST $IPT -I FORWARD -j $SPAMLIST
Otro uso mas de machine learning
Contribute to robobrowser development by creating an account on GitHub.
Python hashing and test functions for user passwords stored in OpenLDAP.
OPEN: nc -zv gateway.sandbox.push.apple.com 2195 Connection to gateway.sandbox.push.apple.com 2195 port [tcp/*] succeeded! CLOSED: nc -w 5 -vz gateway.push.apple.com 2195 nc: connect to gateway.push.apple.com port 2195 (tcp) timed out: Operation now in progress
how check tcp connection open