Ben Tasker's Blog

Darkleech Apache attacks on the rise, but is it really that hard to detect?

Reports of CDorked.A infections are still on the rise by the looks of things. The attack is reported as 'hard-to-detect', but this should only be true for the more naive sysadmins out there.

Whilst it's true that CDorked changes nothing on disk, except the HTTPD binary, this change alone should be triggering alerts. On a production server, you should be storing checksums of known good files and comparing these regularly to see if anything's changed.

As some obviously aren't following this basic step, in this post we'll look at what you need to do to at least be made aware if CDorked gets onto your system - it'd be nice to be able to do a post on avoiding it, but the attack vector is still unknown!

Read more ...

Cookies: Taking Transparency a Step Further

Contrary to the belief of some, the EU E-Privacy Directive was never about stopping cookies. It was always about raising awareness of what they are, which ones are set and how they can be misused. It was, and still is, a cause of annoyance for many - especially as only four member states have currently adopted the provisions.

Whilst I don't think the implementation was correct, the underlying principle is sound - we should be ensuring users are aware of what data we're storing in their browser and how it's used. Most sites, in my opinion, don't go nearly far enough to achieve this, instead just scraping the minimum standard.

In this post, we'll be exploring what I think we're doing wrong, and what we should be aiming for.

Read more ...

Creating a DOS Games Server

This post assumes you've followed my guide to Setting up Xen on Ubuntu 12.04. and will talk you through the steps required to set up a web-accessible server for playing classic DOS Games (I've got Commander Keen, Duke Nukem 3D and Quake in mind!).

Read more ...

Changes to the site

Over the last week or so, I've implemented some improvements to the site. Some (like the change in default colours) are obvious, others a more subtle

Read more ...

I've gone Joomla 3!

Joomla! 3.0 was released in September 2012, and I've been planning an upgrade of the site ever since. As should be obvious by the change in layout, the migration is now complete. 

There are quite a few changes that have been made at the same time, some obvious, some far less so...

Read more ...