Comments(0) Tar files creation command :
tar -cvf mystuff.tar mystuff/
tar -czvf mystuff.tgz mystuff/
extracting:
tar -xvf mystuff.tar
tar -xzvf mystuff.tgz
testing/viewing:
tar -tvf mystuff.tar
tar -tzvf mystuff.tgz
Note : .tgz is the same thing as .tar.gz
Comments(1) A quick and useful command for checking if a server is under ddos is:netstat -anp |grep ‘tcp\|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
That will list the IPs taking the most amounts of connections to a server. It is important to remember that the ddos is becoming more sophisticated and they are using fewer connections with more attacking ips. If this is the case you will still get low number of connections even while you are under a DDOS.
Another very important thing to look at is how many active connections your server is currently processing.
netstat -n | grep :80 |wc -l
netstat -n | grep :80 | grep SYN |wc -l
The first command will show the number of active connections that are open to your server. Many of the attacks typically seen work by starting a connection to the server and then not sending any reply making the server wait for it to time out. The number of active connections from the first command is going to vary widely but if you are much above 500 you are probably having problems. If the second command is over 100 you are having trouble with a syn attack.
To Block a certain IP address that on server .Please use following commands
—————–command——————————
route add ipaddress reject
for example route add 192.168.0.168 reject
You can check whether given IP is blocked on server by using following command
route -n |grep IPaddress
—————–command——————————
OR
use follwoing command to block a ip with iptables on server
—————–command——————————
iptables -A INPUT 1 -s IPADRESS -j DROP/REJECT
service iptables restart
service iptables save
—————–command——————————
Then KILL all httpd connection and restarted httpd service by using following command
killall -KILL httpd
service httpd start
Comments(0) Last month, Microsoft announced that when it provides advance information about what 
would be coming for its regular Patch Tuesday fixes, it would offer more details about what software titles were affected.
The Security Bulletin Advance Notification for June is out, and sure enough, we know more about what Microsoft will deliver to Windows users on the second Tuesday of the month.
You can expect six patches. Four fix Critical vulnerabilities, one is rated Important and the last Moderate.
The software affected includes Windows 2000, XP and Vista; Windows Server 2003; Internet Explorer 5, 6 and 7; Windows Mail in Vista; Outlook Express; and Visio 2002 and 2003.
Microsoft is saving the good stuff — the details about the flaws themselves — for Tuesday’s release.
Also coming Tuesday: Seven high-priority updates for various Microsoft products that aren’t security-related. There are no details as to which products those updates involve, however, the notification does indicate they are not for the Windows desktop operating systems.
Update: Mary Jo Foley says one of the patches will be a major one — Windows Server 2003 Service Pack 2.
Comments(0) 
In Russian you can sometimes meet pirated copy of Windows even on ATM. It warns that this copy of Windows need activation and the work of ATM gets interrupted.
Comments(0) 
The area of greatest risk associated with the new Windows DNS exploit resides within intranets, where Windows Server domain controllers are running DNS and might become compromised, according to Ken Dunham of VeriSign iDefense. Microsoft said its security team is hard at work developing a security update to fix the DNS vulnerability.
In what has become a string of vulnerabilities in recent weeks, Microsoft has confirmed limited, targeted attacks against its Windows Server Domain Name System (DNS) service.
Microsoft said its initial investigation reveals that the attempts to exploit this vulnerability could allow an attacker to run code in the security context of the DNS server service. That opens a door for phishing attacks, directory services issues, and e-mail disruptions.
The latest Microsoft zero-day vulnerability affects Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1, and Windows Server 2003 Service Pack 2. Windows 2000 Professional Service Pack 4, Windows XP Service Pack 2, and Windows Vista do not contain the vulnerable code and are not affected.
Proof-of-Concept Exploit
Microsoft said its security team is hard at work developing a security update to fix the issue. However, Christopher Budd of the Microsoft Security Response Center (MSRC) urged customers to deploy workarounds as quickly as possible because the company is aware of proof-of-concept code that can exploit the vulnerability. The SANS Internet Storm Center has confirmed at least two exploits.
Microsoft’s internal investigation reveals that the vulnerability occurs in the processing of remote procedure call (RPC) traffic by Windows DNS. The DNS service is only installed on Windows server systems, not on client systems, and is not enabled by default on all Windows servers. That safeguards a percentage of customers.
What’s more, even though the vulnerability is in the DNS service, Microsoft said it cannot be attacked over standard DNS port 53. An attempt to exploit the vulnerability has to be made over RPC, which uses traffic on port numbers above 1,024. However, on Sunday, Budd reported that it is also possible for a user with valid logon credentials to exploit the vulnerability over port 445.
Risks and Workarounds
The area of greatest risk potentially resides within intranets, where domain controllers are running DNS and might become compromised, according to Ken Dunham, director of the rapid response team for VeriSign iDefense. These servers store all the passwords for a Windows network.
“It is feasible that a bot may incorporate an intranet spreading routine to exploit vulnerable computers within the network to help it spread,” Dunham explained, noting that a bot can be programmed to spread through the recent ANI vulnerability to infect clients and then use the zombies to exploit the DNS service against the local domain controller to gain complete control over an entire network.
“Malicious actors that compromise DNS servers will likely reconfigure the server to silently redirect Web traffic to compromised Web sites for monetary gain or corporate espionage,” Dunham predicted. However, as Microsoft noted, there are workarounds. And for those who use Symantec security tools, the company already has released Bloodhound.Exploit.136 signatures to detect threats designed to exploit this vulnerability.
For now, Redmond is encouraging customers to evaluate the workaround that would disable remote management over RPC for DNS servers. Other recommended workarounds include blocking unsolicited inbound traffic on ports 1,024 to 5,000. In Windows 2003, Dunham added, data execution prevention is also helpful in blocking the exploit.
Comments(0) 1: Start the System Configuration Utility
Click Start, click Run, type msconfig, and then click OK.
The System Configuration Utility dialog box appears.
2: Configure selective startup options
a) In the System Configuration Utility dialog box, click the General tab, and then click Selective Startup.
b) Click to clear the Process SYSTEM.INI file check box.
c) Click to clear the Process WIN.INI file check box.
d) Click to clear the Load Startup Items check box.
e) Click the Services tab.
f) Click to select the Hide All Microsoft Services check box.
g) Click Disable All, and then click OK.
h) Restart the computer
Comments(0) When you try to start your Windows XP based computer, you may receive this error:
Windows could not start because the following file is missing or corrupt: \WINDOWS\SYSTEM32\CONFIG\SYSTEM
CAUSE
This issue can occur if the System hive for the Windows XP installation is missing or damaged.
RESOLUTION:
Use the Recovery Console Tool:
To restore a damaged registry hive, use the Recovery Console to restore the backup copy of the hive from the Repair folder. The Repair folder contains a copy of the system’s registry hives that were created after the first successful startup of Windows XP.
To replace the damaged registry hive and restore the backup copy of the hive from the Repair folder: Start your computer to the Recovery Console. In Recovery Console, change to Windows folder.
Type cd system32\config and press ENTER
Type dir system, and press ENTER
If you can run the preceding command successfully, type:
ren system system.bak and press ENTER
Type copy c:\windows\repair\system, and then press ENTER
You should receive a “One file copied” informational message.
Type exit, and press ENTER to quit Recovery Console and restart the computer in normal mode.
