Category: Security

  • JForum SSO (single sign-on) and Atlassian Crowd

    Over at our new ATG Developer Community site, we’re using Atlassian Crowd to manage our user accounts, groups, and single sign-on (SSO) between Jira, Confluence, to manage Subversion authentication, and to handle the forums (JForum) user accounts. There was an example on how to integrate JForum and Crowd, which works pretty well. When you login…

  • Using IPTables to Prevent SSH Brute Force Attacks

    If you have a server with a world facing ssh server, you’ve probably seen brute force attacks in your logs. Some machine starts hammering your ssh server, trying all sorts of logins (staff, root, a, admin, etc…) over and over and over again. This is bad on a lot of fronts. I use two simple…

  • Getting the Real IP Address from a Proxied Request in ATG

    Many things can obscure the real IP address of the end user when they visit your site: a load balancer in front of your ATG cluster, Akamai, the user’s ISP or office network, and more. This makes correlating logging events, or using the ATG session IP validation security option, and more, very difficult. In light…

  • Don’t like people leeching your wireless?

    Don’t just block them, get a little more creative…. http://www.ex-parrot.com/~pete/upside-down-ternet.html Enjoy:)

  • How to identify the process listening on a port

    This is mostly for own use, but: If you’ve ever had a server which netstat showed was listening on one or more ports you weren’t expecting, you can use this command to find out which process is listening there: fuser -vn tcp 4444 Which in this case happens to be owned by JBoss, and not…

PHP Code Snippets Powered By : XYZScripts.com