Links

Vulnhub

Vulnhub contains an excellent collection of pre-made vulnerable virtual machines, all designed to test your ability to find and exploit those vulnerabilities. Helpfully, they also come with walkthroughs, for those times when no matter what you try, you just can’t seem to get in. I always like to attempt them without looking at the walkthrough first, but it’s nice to know that if you do truly get stuck, there’s help on hand!

Matt Wilcox: Blocking China with ipset and iptables

This was a very useful tutorial I came across while setting up this server and this blog. I’ve created a few scripts based on this one that will now block large parts of the internet from viewing the site, based on analysis of the logs and attempts at brute forcing of logins here (really, do people actually use password123?!)

Amazon AWS Blocker

Following on from the link before it, I tended to find that a lot of the attempts to probe this server came from infrastructure belonging to Amazon’s AWS service. Accordingly, I sought out a way to enumerate their service and block all access from them to this server. Being the lazy programmer I am, I thought I’d check first to see if anyone else had already made a script that does so… and yes, they have. You’ll need jq installed, but thankfully with Debian/Ubuntu that’s just a case of apt-get install jq.

Setting up ModSecurity

This was a useful guide in getting mod_security running (can you guess which OS and Web Server I’m running now?) on the server. Just be sure to pay attention to the section near the end regarding disabling certain rules based on location. If you don’t, you’ll get a lot of false positives and WordPress won’t play well.

James Randi

James Randi was once a very famous magician and escape artist, but now is better known for his really amazing work demystifying the paranormal and pseudoscientific. Like the adage goes, “it’s a lot easier to fool someone than to convince them they’ve been fooled”. James Randi does an excellent job showing how ‘mystics’ and other people like that will use various techniques to convince you they have powers they do not. I like it because I’ve always been passionate about knowing what is right, correct, true. It’s that scientific part of me that loves finding out I was wrong about something, because now that I know, I can do something about it. Before now, I didn’t even know I was wrong!