OpenKB::Server Technical Papers » Security

Task Manager: spyware disabled the task manager

admin — Thu, 13 Aug 2009 04:41:21 +0000

Error: unable to view the task manager after some malicous code was installed ..

You can reenable the task manager via the registry
*do not attempt to do this unless you know what you are doing. I will not be held responsible for you damaging your system.when in doubt consult a computer tech*

Hive: HKEY_CURRENT_USER
Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
Name: DisableTaskMgr
Type: REG_DWORD
Value: 1=Enablethis key, that is DISABLE TaskManager
Value: 0=Disablethis key, that is Don’t Disable, Enable TaskManager

WordPress Security-parse error. not well formed- spam

admin — Sun, 12 Jul 2009 18:23:13 +0000

This caught me by surprise when I ran across this information. There seems to be a exploit in some version of wordpress. The exploit from what I have seen is caused by users using a remote site to post to their blog.

view the blog content using google Reader or via curl will display the spam content
curl –user-agent “Googlebot/2.1″ http://blogurl.com

Such sites include windows live writer.
I would recommend taking a look at the wordpress users that are setup on your site . Verify that only approved users have administrative rights. also compare your existing files with the files from the installation zip from wordpress.com ..

The key file is xmlrpc.php
if you see this on line 27 , then you have a huge problem
$HTTP_RAW_POST_DATA = mysql_escape_string(trim($HTTP_RAW_POST_DATA));
research1
research2
Straight to the point

Possible error you may see
log Server Error
Server Error -32700 Occurred
parse error. not well formed

ALL: Disable SSLV2 -PCI Compliance

admin — Sun, 01 Mar 2009 20:27:35 +0000

To disable SSLv2 server-wide add this in your ssl.conf:
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!LOW:!SSLv2:!EXP:+HIGH:+MEDIUM
or ALL:!ADH:!NULL:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:-LOW:+SSLv3:+TLSv1:-SSLv2:+EXP:+eNULL

Test using the following command via linux
openssl s_client -host (host-ip) -port 443 -verify -debug -ssl2

you can also try

curl –cipher SSLv2 domain.com:443

openssl s_client -connect domain:443 -state

openssl s_client -connect domain:443 -sslv2

*change (host-ip) with the domain name or the server ip address

if SSL2 is disable
You should see an output similar to this if its disabled:
verify depth is 0
CONNECTED(00000003)
4738:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:429:
or
verify depth is 0
CONNECTED(00000003)
write:errno=104
=======================
enabling only strong ciphers in apache

Good tool to check SSL ciphers

Reference site

=========

Cpanel:
The SSLCipherSuite can be customized in cPanel/WHM 11.24 by going to WHM -> Service Configuration -> Apache Configuration -> Global Configuration. This is the place where you can disable SSL 2.0 support if you desire. Click the “more info” link on that page for more info.

Reference 1

Reference 2
Reference 3
Disable sslv2 on windows