mcrypt php extension necessary configuration & compilation : 

View current php version
php -v

Output :
PHP 5.3.3 (cli) (built: Jul 3 2012 16:53:21)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
with the ionCube PHP Loader v4.0.14, Copyright (c) 2002-2011, by ionCube Ltd.

Downloading the same php version source code from php.net
cd /tmp/
wget http://museum.php.net/php5/php-5.3.3.tar.gz
tar -zxf php-5.3.3.tar.gz
cd php-5.3.3/ext/mcrypt

Prepare php extension to compile it.
phpize

Output :
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519

aclocal
./configure
make
make install

You can can see mcrypt php extension is installed under php extensions directory:
ls /usr/lib64/php/modules/mcrypt.so

Enable mcrypt PHP extension in php.ini
echo "extension=mcrypt.so" >> /etc/php.d/mcrypt.ini

Verify mcrypt :
php -i | grep -i "mcrypt support"

Output:
mcrypt support => enabled

Known challenging and resolution :

phpize: command not found
yum install php-devel

configure.in:8: warning: LT_AC_PROG_SED is m4_require’d but not m4_defun’d
acinclude.m4:2636: PHP_CONFIG_NICE is expanded from…
configure.in:8: the top level

yum install libtool

………checking if debug is enabled… no
checking if zts is enabled… no
checking for re2c… no
configure: WARNING: You will need re2c 0.13.4 or later if you want to regenerate PHP parsers.
checking for gawk… gawk
checking for mcrypt support… yes, shared
configure: error: mcrypt.h not found. Please reinstall libmcrypt.

yum install libmcrypt
wget ftp://rpmfind.net/linux/epel/6/x86_64/libmcrypt-devel-2.5.8-9.el6.x86_64.rpm
rpm -ivh libmcrypt-devel-2.5.8-9.el6.x86_64.rpm

Consumer electronics – personal computers, tablet devices, HDTVs – name it; there are tons of paid services made available to make these gadgets more useful and enjoyable. Mobile phones, especially, have become a lucrative outlet for solutions providers to deliver their services. The hundreds of smartphone apps hosted solutions providers is enough evidence to prove that even the mobile phone industry has been affected by this boom.

And speaking of which, we’ve listed some useful Android apps for paid solutions which can be downloaded from the Google Play Store.

HBO Go App

This app allows you to watch via streaming over 1,400 HBO shows ranging from HBO original content,hit movies, sports, comedy, and much more on your Android-powered smartphone. The HBO Go service is offered at a measly $15 monthly fee, but you must have a cable or satellite plan with a company that supports HBO Go. No need to slog your way through hundreds of DVDs to watch your favorite shows – you can access them whenever you want, whenever a 3G/4G LTE or Wi-fi connection is available – and you don’t even have to compromise video quality.

RingCentral App

A free, downloadable app is also available for RingCentral subscribers. With this app installed, you can easily turn your Android phone into a business phone. Stay connected while on the go with a barrage of PBX features like faxing, visual voicemail, and call management. Make calls using your mobile phone, while keeping your personal mobile number private. The app supports up to three (3) VoIP calls in parallel – one active call and two on hold – so you can’t miss any business calls even while you’re in a restaurant or at a Florida Keys resort. The phone company offers flexible plans for businesses of any size.

OnLive App

The OnLive app lets you play games on-demand on your Android device wherever you are, whenever an Internet connection is present. You don’t have to download big chunks of files to access console-class games, since your games run on OnLive’s powerful cloud servers. All you need to do is to sign up with the instant-play video game service, buy or try a game, and voila, you’ll have real-time, rich gaming straight from your phone.

Box App

For Box subscribers, sharing, accessing, and managing content online become ridiculously easier with this app made available for Android users. Lately, businesses have seen a big move towards mobile workforces, so having a cloud-based mobile tool for accessing content can definitely further their productivity. Box offers a whopping 50GB of free cloud storage from the usual 5GB and has upgraded the upload cap to 100MB from the usual 25MB for Android users. For Business and Enterprise users (starts at $15 a month per user, minimum of three (3) users, for 1000GB of web storage), Box offers the Box Sync component, to allow synching of folders or files on your desktop to your account.

Nothing is free, but you can always choose to make the most out of what you already paid for. At this rate, it isn’t so hard to see that even paid services are tapping the Android platform to make customers even more satisfied.

This is a guest post by Lucia

Most of the time, these connections are used by invalid domains e.g hotmaail.com, yahooo.com, gmail.cm and on other hand your bounce-after for global domains is too long e.g bounce-after 4d 12hr (by default)

How PowerMTA works?

PowerMTA tries to resolve Domain to IP (If it fails, it doesn’t make tcp connection, through DnsQueryFailed error), then it tries to make tcp connection and wait for SMTP greeting. (It keeps trying until smtp-greeting-timeout value (default 5m) reaches.After5 minutes, connection is killed and this process is repeated until bounce-after (in your global domain configuration) is reached.

And there are dozens of typo error domains of yahoo/gmail/hotmail

One more technique is to bounce back all domains that doesn’t have MX record. This would help you to reduce your PMTA Queue.

Step-1 : General PowerMTA configuration tweaking

Edit: /etc/pmta/config

<domain *>
...
...
smtp-greeting-timeout 1m
bounce-upon-no-mx yes
</domain>

PowerMTA suggests to set it to 5 minute(If your network is not reliable) I disagree. 60 seconds are more than enough for remote MTA to response.

Step-2 : Bounce back invalid domains immediately

dummy-smtp-port – is SMTP black-hole, is powermta feature that use to listen for dummy SMTP connections. This new configuration would require to restart your PowerMTA(service pmta restart) You can refer to official document and find which configuration requires reload and restart.

dummy-smtp-port 2525
<smtp-pattern-list dummysmtp>
reply // bounce-queue
</smtp-pattern-list>

domain-macro invaliddomainslist yahooo.com, gmail.cm, hotmaail.com
<domain $invaliddomainslist>
route [your-lan-ip]:2525
smtp-pattern-list dummysmtp
bounce-after 1m
</domain>

service pmta restart

How to identify these messages in accounting log file?

These are marked as category 'other' with 'failed,5.0.0 (undefined status),x-pmta;bounce-queue'

How to mark them in bad-domain category?

You will need to create bounce-category-patterns to handle this.

<bounce-category-patterns>
/failed\,5\.0\.0 \(undefined status\)\,x\-pmta\;bounce\-queue/ bad-domain
</bounce-category-patterns>

Now, if you process accounting log file, you would see all these domains under bad-domain category instead Other.

There are hundreds of feature which can’t be cover here. Below are few features copied from port25.com

PowerMTA Features

• • Number of simultaneous connections
  • Number of messages per connection
  • Number of delivery attempts per hour (throttling)
  • Retry period and bounce period

• Authentication method
• Ability to break connections of lower priority queues
• New IP address warm-up feature to help build reputation
• Ability to pause queues and delete or re-start
• Delivers 10x more messages per hour than leading freeware alternatives and corporate mail systems
• Strict compliance with Internet email protocols
• Includes both outbound and inbound message processing
• VirtualMTAs allowing you to segment your mail-streams as necessary. Each VMTA may have its own IP address and delivery policy configured by you.
• Real-time reputation monitoring
• Immediate notification of perceived blocks
• Ability to implement new delivery policy for perceived blocks
• Command line statistics and analysis utility
• Web-based status monitoring
• Data export of statistics log (XML, CSV, HTML, etc.)
• API to statistics log (C, Java, Perl)
• Data can be accessed in real-time or batch mode.
• Statistics can also be retrieved on a “per job” or “Virtual MTA” basis.
• Standard submission interface using SMTP
• File-based submission using pickup directory
• Proprietary submission interface through our API (C, C++, Java, Perl, .NET)
• Data exports from delivery log (XML, CSV, HTML, etc.)
• API to delivery log (C, Java, Perl)
• Forwarding of inbound messages to file or via local pipe
• Installation follows the common approaches used on each of the major platforms.
• Text-file configuration tool comes pre-populated with common settings
• Extensive control options allow you to tailor PowerMTA to your specific needs.
• A command-line management tool is provided.

Built-in support for :

• Domain Keys and DKIM
• SenderID and SPF

Platforms where PMTA can be installed includes :

• Microsoft Windows (2003/2008)
• Linux RPM based (Red Hat, CentOS) and DEB based (Debian, Ubuntu)
• Sun Solaris (Solaris 8 or later, SPARC)

PowerMTA Webhooks :

Postmastery has built two web hooks to process bounces, complaints and List-unsubscribe: header unsubscribe requests via mailto link. Further details are available at Postmastery’s PowerMTA web hook page.

Currently i am logged in using SSH on Plain CentOS 6.2 server and it has very basic packages installed.

Downloading and compiling Apache 2.4.1

cd /usr/local/src/
wget http://apache.mirrors.pair.com//httpd/httpd-2.4.1.tar.bz2
tar -jxf httpd-2.4.1.tar.bz2
cd httpd-2.4.1
./configure --prefix=/usr/local/apache --enable-so --enable-deflate --enable-expires --enable-headers --enable-rewrite

Note : Here i required deflate,expires,headers and other modules so i included that.

Ops, failed to dependencies.. because we don’t have gcc compiler and other devel packages for apr, apr-utils, openssl and so on.
yum install apr-devel apr-util-devel gcc pcre-devel.x86_64 zlib-devel openssl-devel

Great. Here we go;
make
again ERROR :

rotatelogs.c:298: warning: implicit declaration of function ‘apr_file_link’
/usr/lib64/apr-1/build/libtool --silent --mode=link gcc -std=gnu99 -pthread
-o rotatelogs  rotatelogs.lo      /usr/lib64/libaprutil-1.la -ldb-4.7 -lexpat
-ldb-4.7 /usr/lib64/libapr-1.la -lpthread
rotatelogs.o: In function `post_rotate':
rotatelogs.c:(.text+0x5ed): undefined reference to `apr_file_link'
collect2: ld returned 1 exit status
make[2]: *** [rotatelogs] Error 1
make[2]: Leaving directory `/usr/local/src/httpd-2.4.1/support' make[1]: *** [all-recursive] Error 1 make[1]: Leaving directory `/usr/local/src/httpd-2.4.1/support' make: *** [all-recursive] Error 1

Current apr and apr-util version is older while Apache 2.4.1 requires latest APR and APR-utils e.g 1.4.x is the latest available version.
Lets include the latest apr and apr-util into apache srlib/ so it can also be compiled along with Apache.
cd /usr/local/src/httpd-2.4.1/srclib/

Installing APR & APR-Utils dependencies :

wget http://mirror-cybernet.lums.edu.pk/pub/apache//apr/apr-util-1.4.1.tar.bz2
wget http://mirror-cybernet.lums.edu.pk/pub/apache//apr/apr-1.4.6.tar.bz2

Note : If this mirror doesn’t work, chose other mirrors

tar -jxf apr-1.4.6.tar.bz2
tar -jxf apr-util-1.4.1.tar.bz2
mv apr-1.4.6 apr
mv apr-util-1.4.1 apr-util

Lets configure it now :
./configure --prefix=/usr/local/apache --enable-so --enable-deflate --enable-expires --enable-headers --enable-rewrite --with-included-apr --with-included-apr-util
make
make install

Following this tutorial i was able to install Apache 2.4.1 successfully on CentOS 6.2. If you are unable to install or having difficulty you can leave a comment and i will try to respond you quickly as much possible.

How DroidSheep Guard works?

DroidSheep Guard continuously monitor your ARP table and alerts you when it finds suspicious activity.Droidsheep and faceniff are popular android applications that use ARP spoofing technique to hijack all sessions traveling on Wifi networks. Using DroidSheep Guard you can configure it to check every x minute and once it found malicious activity, it will popup an alert.

How to install DroidSheep Guard?

Fortunately Google didn’t remove DroidSheep guard from Android Market(called Play Store now). Plus it doesn’t require your phone to be ROOTED unlikely DroidSheep.

Method No.1

Requirements :

1. Internet is enabled on your Android phone.
2. Your Gmail account is logged in on Android phone.

Steps :

1. Open Firefox/or any internet browser
2. Login on gmail.com with same account that you are using on your Android phone.
3. Go to https://play.google.com/store/apps/details?id=de.trier.infsec.koch.droidsheep.guard.free&feature=search_result
4. Click on Install
5. Check your phone, DroidSheep Guard is already installing Magic, hah?

Method No.2 :

Requirements :

1. Android Phone

Steps :

1. Open your Play Store
2. Search for ‘DroidSheep Guard’
3. Click on Install

Happy protection against ARP Spoofing!

Last week, a DDoS mitigation service vendor Arbor Networks revealed a detailed report can be download from here which say,

ApacheKiller Flaw

is known as ‘The Biggest Little Internet Threat‘ by Security Analysts. It has been exploited massively and its
very hard to estimate that what is the number of servers are yet to be fixed.

Few days back, i was analyzing my blog traffic and found that ApacheKiller was the most viewed post and most of the people have downloaded the ApacheKiller bash script and python version to penetrate web servers that are still vulnerable. It is estimated that Apache is used by 400 million websites, big number?

If you are web master and still confused, how to mitigate it? I can help you with immediate workarounds.

The best thing is to update your Apache to latest version 2.4  or if you are having difficulties or not sure, you can contact me. I will make it done for you or get FREE Consultancy!

SlowHTTPTest 1.4 release notes:

• Added man pages as doc support
• Some bug fixes
• and now it can handle 64000 concurrent connections  OpsS!!

You can read our previous post in detail that would help you, how to compile and use it.

Download and install SlowHTTPTest latest version :

wget http://slowhttptest.googlecode.com/files/slowhttptest-1.4.tar.gz
tar -zxvf slowhttptest-1.4.tar.gz

cd slowhttptest-1.4
./configure
make
make install

Video Tutorial – How to use SlowHTTPTest?

ANTI.apk application is divided into two parts;

• Application
• Extendable plugins

How to install ANTI APK on android phone?
I’m not sure APK is available on Android Market but you can follow below tutorial to get it installed.

This application works only on ROOTED android phones

1. Download from http://www.zimperium.com/Anti.apk using your phone browser.
2. Go to Downloads
3. Click on ANTI.Apk, authorize and install it.

How to use ANTI – Android Network Toolkit?
When you run ANTI, it will connect to your Wifi AP and create map for your network. You can select a device and scan for different services.

ZImperium offered Basic version as FREE with following limited features :

• Scanning
• OS Detection*
• Traceroute
• Port Connect
• WIFI Monitor
• HTTP Server

If you purchased paid version which categorized as Silver, Gold and Platinum you will get access to below features :

• Man-in-the-middle
• Remote Exploits
• Plugins
• Support
• Exploit Credits (For Report or Attack)

To read more about licensing, visit ZImperium LTD web.

HookWorm Stealth provides less features than c99Shell but it’s activity can’t be track easily like c99Shell. it uses Cookies to leave no TRACE in Web server access log.

HookWorm Stealth PHP Backdoor Features :

• Find .htaccess
• Find open ports on remote system
• Search for writable files or directories
• and many more.

Download HookWorm Stealth from  http://www.madirish.net/sites/default/files/hookworm.php.tar.gz

When you get access of remote web server SHELL, the access log of web server will throw /index.php 200 OK status code that’s a normal good HTTP request.

To read further about HookWorm Stealth, go to the author blog