After global DNS and Open DNS we have one more choice in setting a reliable DNS services. Google introduce a new set of public DNS address called Google Public DNS which offers a high speed more secure DNS services. The addresses are:

8.8.8.8 and

8.8.4.4

[ DNS is used to covert domain name to corresponding IP address and vice versa. ]

Google has launched telephone support for the issues related to Google Public DNS service. The telephone numbers are:

* 877-590-4367 { For US customers }

* 770-200-1201 { Outside US }

To set Google Public DNS in your computer from command prompt click on the link below.

Setup DNS address on your computer from Command Prompt

To know more about Google Public DNS service please click on the link provided below.

http://code.google.com/speed/public-dns/docs/using.html

After many try&fail, I finally figured how to exclude files and subfolders when archiving with RAR command line.
Basically I tried to archive a folder with .svn subfolders. I definitely want to exclude them from the archive. But when I tried:

rar a -r -x.svn myarchive

It did not exclude any .svn folders in second or deeper level of folder hierarchy.
Now the correct way is:

rar a -r  -x.svn -x*/.svn -x*/.svn/* -x*/anotherSubFolder -x*/anotherSubFolder/* myarchive

It will exclude all folder and subfolders with name .svn or anotherSubFolder.
Happy Year 2009!

 
#!/bin/bash
# Linux Firewall: Simple Shell Script To Stop and Flush All Iptables Rules
# Some Linux distros like Debian do not have /etc/init.d/iptables stop script
# This can be also called from cron job if you are testing new firewall on
# remote box to avoid lock out
# -------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#!/bin/bash
# Script to update user password in batch mode
# You must be a root user to use this script
# -------------------------------------------------------------------------
# Copyright (c) 2005 nixCraft project
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# /root is good place to store clear text password
FILE="/root/batch.passwd"
 
# get all non-root user account
# By default on most linux non-root uid starts
# from 1000
USERS=$(awk -F: '{ if ( $3 > 1000 ) print $1}' /etc/passwd)
 
# create file with random password
echo "Generating file, please wait..."
 
# overwrite file, this is bash specific a better solution is cat > $FILE
>$FILE
 
for u in $USERS
do
   p=$(pwgen -1 -n 8) # create random password
   echo "$u:$p" >> $FILE # save USERNAME:PASSWORD pair
done
echo ""
echo "Random password and username list stored in $FILE file"
echo "Review $FILE file, once satisfied execute command: "
echo "chpasswd < $FILE"
 
# Uncomment following line if you want immediately update all users password,
# be careful with this option, it is recommended that you review $FILE first
# chpasswd < $FILE

#!/usr/local/bin/expect -f
# Password change shell script, tested on Linux and FreeBSD
# ----------------------------------
# It need expect tool. If you are using Linux use following command
# to install expect
# apt-get install expect
# FreeBSD user can use ports or following command:
# pkg_add -r -v expect
# ----------------------------------
# If you are using linux change first line
# From:
#!/usr/local/bin/expect -f
# To:
#!/usr/bin/expect -f
# -----------------------------------------------
# Copyright (c) 2006 nixCraft project
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# -------------------------------------------------------------------------
# display usage
if {$argc!=2} {
   send_user "usage: $argv0 username password n"
   exit
}
# script must be run by root user
set whoami [exec id -u]
if {$whoami!=0} {
   send_user "You must be a root user to run this scriptn"
   exit
}
#
set timeout -1
match_max 100000
# stopre password
set password [lindex $argv 1]
# username
set user [lindex $argv 0]
# opem shell
spawn $env(SHELL)
# send passwd command
send -- "passwd $userr"
expect "assword:"
send "$passwordr"
expect  "assword:"
send "$passwordr"
send "r"
expect eof

#!/usr/bin/expect -f
# Expect script to supply root/admin password for remote ssh server
# and execute command.
# This script needs three argument to(s) connect to remote server:
# password = Password of remote UNIX server, for root user.
# ipaddr = IP Addreess of remote UNIX server, no hostname
# scriptname = Path to remote script which will execute on remote server
# For example:
#  ./sshlogin.exp password 192.168.1.11 who
# ------------------------------------------------------------------------
# Copyright (c) 2004 nixCraft project <http://cyberciti.biz/fb/>
# This script is licensed under GNU GPL version 2.0 or above
# -------------------------------------------------------------------------
# This script is part of nixCraft shell script collection (NSSC)
# Visit http://bash.cyberciti.biz/ for more information.
# ----------------------------------------------------------------------
# set Variables
set password [lrange $argv 0 0]
set ipaddr [lrange $argv 1 1]
set scriptname [lrange $argv 2 2]
set arg1 [lrange $argv 3 3]
set timeout -1
# now connect to remote UNIX box (ipaddr) with given script to execute
spawn ssh root@$ipaddr $scriptname $arg1
match_max 100000
# Look for passwod prompt
expect "*?assword:*"
# Send password aka $password
send -- "$passwordr"
# send blank line (r) to make sure we get back to gui
send -- "r"
expect eof

There are many things you can do to secure your wordpress blog – a lot of them are pretty technical are require programming and/or sysadmin knowledge. Here’s a list of easy things that YOU can do to secure your wordpress blog:

1. Remove unused themes (by removing the whole directory)
2. Disable and remove unused plugins.
3. Keep your wordpress version up to date.
4. Keep your used plugins up to date.
5. Add an empty index.html file into the themes and plugins directories. This stop people from browsing to see what themes/plugins you have installed.
6. Install the XSS-Me and SQLInject-Me Firefox plugins and run them against your site.
7. Remove the XMLRPC.PHP file from the root directory of your blog if you are not using XML RPC.

Danial Cuthbert has written and excellent paper about securing WordPress using mod_security for Apache.

Read it on BlogSecurity.

There’s a great article at Coding Horror that makes an interesting proposal for strengthening passwords: using pass-phrases rather than pass-words.

The idea is to use a phrase rather than a single word. For example, a worst-case scenario would be:

old password: password

new password: this is my password

Whilst I agree that a passphrase may be marginally stronger than a password, I still think they will suffer the same weakness: the user. User’s pick passwords that they can remember and these are nearly always weak – their dog’s name, their favourite book, etc. A phrase would be no different, people would use a quote from a film, a common saying or something else easily recognisable.

As stated in the comments of the Coding Horror post, the problem with passwords will always exist: a user needs to remember a password and because of that they will nearly always choose weak ones.

This is impressive. It’s a user’s story submitted to the Worse Than Failure blog. The story was submitted by Noah – one of his relatives had a problem with an expired application that they wanted to use and they wondered if he could help:

http://worsethanfailure.com/Articles/Classic-WTF-Lock-In-Key-Security.aspx

He quickly gained some l33t hax0r skills and managed to get the app to run.