Note: Please don’t disable the Windows Firewall unless and until you have the other appropriate firewall software installed on your system

There are mainly three methods for disabling the Windows Firewall. The first method is for any user with administrative privileges on an individual machine not remotely or collectively managed in any way. The other two methods are for use windows Administrators on fully managed systems or windows servers.

1) Using the Control Panel

This method is for any user with administrative access to unmanaged systems

1. From the Start menu, select Control Panel, then select Windows Firewall.
2. Select Off, then click Ok.

2) Using Local Policy

This method is for administrators with administrative access to unmanaged systems or locally managed systems where the machine is not part of a Windows 2000 or higher domain.

Go to Start menu >> select Run, here enter gpedit.msc.
Expand the Computer Configuration folder, then the Administrative Templates folder.
Expand the Network folder, then the Network Connections folder, then the Windows Firewall folder.
Select the Standard Profile folder.
Double-click the Windows Firewall: Protect all network connections option.
Select Disabled, then click OK.
Select the Domain Profile folder.
Double-click the Windows Firewall: Protect all network connections option.
Select Disabled, then click OK.
Close the Group Policy dialog box.

3) Using Group Policy

This method is for administrators with administrative access to managed machines that are part of a Windows 2000 or 2003 Active Directory domain.

Create a new Group Policy object, and give the object a descriptive name (for example, ITS-Turn off Windows Firewall).
Select the newly created group policy.
Right-click on the newly created policy and select Edit.
Expand the Computer Configuration folder, then the Administrative Templates folder.
Expand the Network folder, then the Network Connections folder, then the Windows Firewall folder.
Select the Standard Profile folder.
Double-click the Windows Firewall: Protect all network connections option.
Select Disabled, then click OK.
Select the Domain Profile folder.
Double-click the Windows Firewall: Protect all network connections option.
Select Disabled, then click OK.
Close the Group Policy dialog box.
In the Security Filter section, click Add.
Search for the objects that this group policy will be applied to, then click OK.
Close the Group Policy editor.

Hello,

The process of booting a Linux system consists of a number of stages as follows

1) BIOS

2) Master Boot Record (MBR)

3) LILO or GRUB

4) Kernel

5) init

6) Run Levels

The process of booting a Linux system consists of a number of stages

1)BIOS: Basic Input/Output System is the lowest level interface between the computer and peripherals which load boot sector from one of following devices

Floppy
CDROM
Hard drive

The boot order can be changed from within the BIOS. BIOS setup can be entered by pressing a del ,F1 , F2, or F10 key during bootup.

2)MBR:
The first sector of the hard disk is reserved master boot record (MBR).

When we the Operating booting from a hard disk, the PC system BIOS loads and executes the boot loader code in the MBR. Here MBR needs to know which partitions on the disk have boot loader code specific to their operating systems in their boot sectors and then attempts to boot one of them.

Fedora Linux is supplied with the GRUB boot loader which is fairly sophisticated and therefore cannot entirely fit in the 512 bytes of the MBR.
The GRUB MBR boot loader merely searches for a special boot partition and loads a second stage boot loader.

This then reads the data in the /boot/grub/grub.conf configuration file, which lists all the available operating systems and their booting parameters. When this is complete, the second stage boot loader then displays the familiar Fedora branded splash screen that lists all the configured operating system kernels for your choice.

3)Boot loader (GRUB or LILO)

Lilo and Grub are installed or at the MBR (Master Boot Record), or at the first sector of the active partition.

Boot loader will ask for the OS label which will identify which kernel to run and where it is located (hard drive and partition specified). The installation process requires to creation/identification of partitions and where to install the OS. GRUB/LILO are also configured during this process. The boot loader then loads the Linux operating system.

LILO: (Linux Loader)
In case of a multi-boot config, LiLo permits the user two choose an operating system from the menu. The LiLo settings are stored at /etc/lilo.conf
-LILO does not understand filesystems
- code and kernel image to be loaded is stored as raw disk offsets
-uses the BIOS routines to load

Grub (GNU Grub Unified Boot Loader)
- Understands file systems
- config lives in /boot/grub/menu.lst or /boot/boot/menu.lst

4)Kernel
-The kernel verifies hardware configuration and initialise devices.
(optionally loads initrd, )
-The kernel tries to mount the file system and the system filesmounts root filesystem specified by lilo or loadin with root= parameter

The file system type is automatically detected. The most used file systems on Linux are ext2 and ext3. If the mount fails, a so-called kernel panic will occur, and the system will “freeze”.
System files are usually mounted in read-only mode, to permit a verification of them during the mount. This verification isn’t indicated if the files were mounted in read-write mode.

-kernel prints: VFS: Mounted root (ext2 filesystem) readonly.
* runs /sbin/init which is process number 1 (PID=1)
- init prints: INIT: version 2.76 booting
- can be changed with boot= parameter to lilo, eg boot=/bin/sh can be useful to rescue a system which is having trouble booting.

After these steps, the kernel will start init, which will become process number 1, and will start the rest of the system.

5) init process
The init process is the last step in the boot procedure and parent of all the other processes. This process is the first running process on any Linux/UNIX system, and is started directly by the kernel. It is what loads the rest of the system, and always has a PID of 1.

Init is responsible for starting system processes as defined in the /etc/inittab file.

The init process is never shut down. It is a user process and not a kernel system process although it does run as root.

Run Levels

0 halt
1 single user
2 Not used (user-definable)

3 Full multi-user mode (no GUI interface)

4 Not used (user-definable)
5 X11 Full multiuser mode (with GUI interface)
6 Reboot

Based on the selected runlevel, the init process then executes startup scripts located in subdirectories of the /etc/rc.d directory. Scripts used for runlevels 0 to 6 are located in subdirectories /etc/rc.d/rc0.d through /etc/rc.d/rc6.d, respectively.

Default is defined in /etc/inittab, eg:
o id:3:initdefault:
The current runlevel can be changed by running /sbin/telinit # where # is the new runlevel, eg typing telinit 6 will reboot.

Sometimes you face the problem of bandwidth leakage, even you don’t see much traffic for your site your controlpanel shows heavy bandwidth usage. So you must check what is going wrong with your bandwidth.
There can be many reasons for this but first of all you should check for your images/video and take care for not being compromised or hotlinked. Some blackhat webmaster tries to save their bandwidth by hotlinking files at other sites.

What is Hotlink :
When you link to an image/video on someone else’s server instead of saving that image to your computer and uploading it to your blog/site. When you do this you are stealing bandwidth of the other linking site.
When your visitor loads the page with those images, they are actually loading image/video from the other site eating up the bandwidth of that site.

Some webmaster do such unethical practices as to save their bandwidth, as they have limited amount of bandwidth allowed each month and if it get exceeded then their host may suspend their account so they play such tricks. As a webmaster we should be aware of such illegal practices and should protect us.

How to Detect The Bandwidth Thieves :
Most effective way to check who are the culprits is through checking your web server logs for referrals to the images on your website. Trace the referrers in the logs to the actual referring website and check the offending web page. If you find your graphics displayed on their page, check the HTML source for that page and find out where the graphic files are hosted. If the IMG tag points to your website, it means they are using your bandwidth for their website.

How to protect yourself :
Using .htaccess, you can disallow hot linking on your server, so those attempting to link to your images are either blocked (failed request, such as a broken image) or served with different content may be with some funny image.
Note that mod_rewrite needs to be enabled on your server in order for this aspect of .htaccess to work. If you are using Wordpress, there is a hotlink protection plugin that you can install which fights bandwidth theft.

du command give you an overview of your file-directory space usage. It tell you about the space occupied by certain directory/file which may be causing overload on your server resulting in system crash or preventing users from logging-in, so for a system administrator this command is very helpful to monitor disk usage for avoiding system crashes.

You can use du –sh * to know which file/directory is eating up your disk space so as to take precaution;

Simply start with du -sh * look for the biggest directory, cd into it and once again fire the command. Repeat the process until you find the particular file.

You can also use du –sk * | sort –n for getting sorted outputted with biggest files/directory at the bottom.

User having read permission on certain directories can only fire this command for those specific files and directories thus, an ordinary user would generally not be able to use du command to determine disk space consumption for files or directories belonging to other users.

Every Web servers maintain some sort of system that stores information about which pages, images, and files are requested, who requests them, and how many bytes are transferred etc in a file called log file. With log file analysis tools, it’s possible to get a good idea about your visitors such as were they are coming from, how often they return, and how they navigate through your site, which pages are most visited etc.

These log files are used by administrator for effectively managing web server, getting feedback about performance of servers etc.

You can open and read log files in any text editor; for more user-friendly view you can use some stand-alone software or browser-based viewer which will give you more precise data in form of charts/graphs/tables.

The format of the common log file line has the following fields separated by a space:

Remotehost rfc931 authuser [date] “request” status bytes

151.99.190.27 - - [09/Jan/2007:13:06:51] “GET /~bacusHTTP/1.0″ 301 13276

For the above example:

remotrhost : 151.99.190.27
authuser : -
frc931 : -
[date] : [09/Jan/200713:06:51 -0600]
” request ” : ” GET /~bacuslab HTTP/1.0″
status: 301
bytes : 13276

Understanding log fields :

remotehost : Remote hostname or IP address number if DNS hostname is not available.

rfc931 : The remote login name of the user. (If not available a minus sign is typically placed in the field)

authuser :The username as which the user has authenticated himself. (If not available a minus sign is typically placed in the field)

[date] : Date and time of the request.

“request” : The request line exactly as it came from the client. (i.e., the file name, and the method used to retrieve it [typically GET])

status : The HTTP response code returned to the client. Indicates whether or not the file was successfully retrieved, and if not, what error message was returned.

bytes : The number of bytes transferred.

Rootkit :
It is collection of different tools/programs which enables administrator-level access for a computer or over network. It is popular tool generally used by a hacker.
Once hackers gets user-level access, either by exploiting a known vulnerability or cracking a password they may install this rootkit after installing hacker mask intrusion and gain root or privileged access to your computer and, possibly, other machines on the network.

Generally it consists of network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. It may also consist spyware and other programs that monitor traffic and keystrokes; create a “backdoor” into the system for the hacker’s use; alter log files; attack other machines on the network; and alter existing system tools to escape detection.

Once your system get infected by rootkit you may loose your control over your machine or network which may bring some disaster for your machine or network.
Webmasters calls such infected machines as “ ROOTED ” or “ COMPROMISED ” machines.

How to detect whether your machine is infected or not ?

As a webmaster you should always keep an eye on such illegal installations which will kill your network/machine. There are number of vendors, such as Microsoft, F-Secure, and Sysinternals and many others who provides applications that can detect the presence of rootkits.
Some of popular tools are Rootkit Hunter and Chkrootkit.

If a rootkit is detected on your machine, then best way to get rid of it is to completely erase the computer’s hard drive( format disk ) and reinstall the operating system.

Hacker the first inpression comes to our mind is the computer criminal sitting at some unkknown location and fetching or destrying our important data. Most people straightway start associating the term Hackers with computer criminals or people who cause harm to systems, release viruses and so on. In reality, that is not true at all!

Hackers are actually good, pleasant and extremely intelligent people, who by using their knowledge in a constructive manner help organizations to secure documents and company secrets, help the government to protect national documents of strategic importance and even sometimes help justice to meet its ends by ferreting out electronic evidence. Rather, these are the people who help to keep computer criminals on the run.

On the other hand, crackers are the real bad guys or the criminals who indulge in cyber crime, deface websites, release viruses, steal credit card numbers and create havoc on the Internet.

If everybody who uses the Internet understood its risks, if everybody who uses the Internet understood how the computer criminals work, if everybody who uses the Internet understood the tools and techniques already known to the bad guys, then the Internet would be a much safer place to be in. Wouldn’t Internet users be able to better protect their data and systems if they were more aware of how computer criminals work? If we are able to learn and understand how someone can break into our system, then wouldn’t we fix the loopholes even before the cracker strikes? All I want to say is that instead of being resentful and afraid of fire, it would be much better if we learn to live with fire. Let us fight fire with fire itself! We manufacture knives every single day. A knife in the hands of a murderer can take lives, but the same knife in the hands of a surgeon can save lives! So just because there is a risk of a knife being misused by murderers, that does not mean that we should stop manufacturing knives.

Thats why learn how to hack but do not missuse your talent.

If you are using a bash shell then using following command you can set the time in history so that you will get a better idea at what time the command was fired.
HISTTIMEFORMAT=”%D %T ”

If you have ksh doesn’t have any feature intended to put timestamps in history. You can get a similar effect by combining the evaluation of the PS1 prompt and the “read -s” feature that reads into history.

PS1=’$(printf “%(# %D %T )T” | read -s)$ ‘

This prompt setting will put the current date and time into the history each time ksh comes back to printing a prompt. The timestamp will appear as a separate line. It will show the time that the preceeding command completed. You won’t be able to know exactly when a long-running command was started. (The bash timestamp feature shows the start times of entered commands and doesn’t show when they finish.)

You can also try following step.

HST=`hostname`
USR=`who -um | awk ‘{print $1}’`
NAME=`whoami`# Set History File
HISTFILE=/home/root/.sh_history_”${HST}”_”${USR}”-as-”${NAME}”_`date +%y%m%d.%
H%M%S_$$`
export HISTFILE

Thats it.

If you are getting 444 Script or Action Blocked error then it seems to be some problem with your php script. but forst question comes to your mind is that what is securephpx?

Well, SecurePHPx is a preload checker on the PHP scripts to block malicous scripts or urls that was used to attack the PHP pages, which we designed and created ourselves on the servers.

Ti fix this you have to add domain to SecurePHPx whitelist by editing the file /usr/lib/php/php_whitelist. Just enter the domain in this file once with www & once without www.