Imperva ( ) isolated the four most prevalent Web application attacks:

1. Directory traversal = 37%
2. cross site scripting =36%
3. SQL injection =23%
4. Remote file include =4%


Is your firewall blocking connection from a host and still you want to unblock the IP address of the remote host? Here is one way of doing it:

1. Do a listing of firewall rules and grep the IP (eg.
$ /sbin/iptables -L INPUT -n –line-numbers | grep

-write down the line number.
-If the chain name is different or user defined, replace “INPUT” by the relevant chain name such as OUTPUT.

2. Delete the line number (eg. for line number 99 and chain INPUT)

$/sbin/iptables -D INPUT 99

@credit to:

Normally if you want to block all requests to and from an IP address, iptables is an ideal solution. A rule similar to this one would be handy

/sbin/iptables -A INPUT -s -j DROP

What if you want to block that IP without using iptables, route command would do the job

 /sbin/route add -host reject

-List files opened by a program listening on a certain port (lsof -i:port)
# lsof -i:3306

-Benchmark the performance of a webserver
#ab -n 100 -c 5
Send 100 request with 5 concurrent connections.

-Search for a string/pattern in all subdirectories of the given path
# find /my/path -exec grep “hairy” {} /dev/null \;

If your ftp server is behind a NAT router, the regular ftps configuration steps you find in most tutorials in the Internet may not work for you. Hope these steps help.
1. Chroot (chain or jail) users to their home directory by adding the line below to proftpd.conf
DefaultRoot ~
2. Generate certificate keys, in this case, in the directory /etc/proftpd/ssl/
$openssl req -new -x509 -days 365 -nodes -out /etc/proftpd/ssl/server.cert.pem -keyout /etc/proftpd/ssl/server.key.pem
3. Add this lines to proftpd.conf
TLSEngine                  on
TLSLog                     /var/log/proftpd/tls.log
TLSProtocol                SSLv23
TLSOptions                 NoCertRequest
TLSRSACertificateFile      /etc/proftpd/ssl/proftpd.cert.pem
TLSRSACertificateKeyFile   /etc/proftpd/ssl/proftpd.key.pem
TLSVerifyClient            off
TLSRequired                on
4. Allow a range of passive ports to be forwarded to your ftp server by the firewall and set those ports in your ftp config fil – proftpd.conf in this case.
PassivePorts 60000 60100
5. Masquerade the ftp server’s address to the external IP of the NAT server/router.
MasqueradeAddress x.x.x.x

It is not advisable to use password based login for ssh any more. One of the most secure ways of  remote login through ssh is to use public key authentication. But in order to do that you have to generate both private and public keys using ssh-keygen, for RSA the default file names would be id_rsa (private key) and (public key).  Since you have already generate those keys with a passphrase and want to change the passphrase now, execute the following command:

$ ssh-keygen -f id_rsa -p

type your new passphrase, you are done!

Who would have thought, a country like Cameroon with barely 6 computers per 500 people (1.2 per 100 people) has the riskiest domain in the World? That is what McAfee found out in its report published in 2009. So the next time you visit a site with .cm domain, of course most people visit such sites due to typographic error for .com, watch out for malware. Hackers are buying .cm domains in bulk. Read more.