Category: Security

Kali Linux: The Security Toolkit System You Need

If you hear a 13-year-old hacker bragging about how awesome he is, it’s possible — thanks to Kali Linux. Though they may be called “script kiddies,” the fact is that Kali remains an important tool (or toolset) in the hands of security experts. Kali is a Linux distribution based on Debian…

How to Block IPs from a Specific Country Using iptables

One of our clients was under attack. Our network monitoring detected abnormally massive traffic spikes lasting six consecutive hours. We immediately contacted the client but received no response. We then modified and restricted the client’s VPS to ensure that an attack on a single VPS would not impact the entire server or other VPS users. We have maintained this …

Yunsuo Common Issues Summary

1. Fix for Website Loading Errors with “security_verify_data=313932xxx” in the URL Below is the Yunsuo 3 settings interface: Log in to Yunsuo: On the main screen, find Anti-CC Attack: As shown above, change the original CC protection level from Medium to Low (or uncheck Enable Browser Behavior Authentication), then reopen the website …

ClamAV Installation Guide

ClamAV Antivirus is the most popular antivirus software on the Linux platform. ClamAV is a free and open-source product that supports multiple platforms, such as Linux/Unix, MAC OS X, Windows, and OpenVMS. 1. Installation and Configuration useradd clamav #Add user wget http://mirror.cn …

How to Fix the /?security_verify_data=313932xxx URL Issue in Yunsuo

Recently, the website frequently appends a string of links to the end of URLs, causing the site to load incorrectly. After a quick search online, it turned out to be caused by the Yunsuo security software on the server. Below, we鈥檒l explain how to fix it. This reminded me that the server鈥檚 CC protection was adjusted a while back due to ongoing attacks…

A Case of CC Attack on Tomcat Backend Server

While following up on a project recently, I noticed a large number of abnormal requests appearing in the backend Tomcat server logs. These showed up as requests from many suspicious domains and IPs, quickly flooding the website logs, as shown below: Since the frontend uses Nginx and its logs were normal, the above information basically confirms that the backend server was under a CC attack …

CentOS System IP Access Control

Scenario: You have a bunch of machines. The server IP address being accessed is 192.168.1.1, and the IP address allowed to access it is 192.168.1.2. The rest don’t need to be written down since they’re not used anyway. On Linux systems, SSH is basically the standard connection method, and this can be achieved through file-based control …

How to Trace Intrusions via Logs on CentOS

1. Viewing Log Files: Linux /var/log/wtmp File to Check for Suspicious IP Logins
last -f /var/log/wtmp
This log file permanently records each user login, logout, and system startup and shutdown events. Therefore, as the system uptime increases, the file size will also …

Top Enterprise-Grade DDoS Hardware Firewalls

Currently, the well-known domestic anti-DDoS firewalls in China with good credibility and effectiveness are products from Black Hole, Golden Shield, and Aodun. Many other so-called “XX Shield DDoS Firewalls” are mostly plagiarized or tampered versions of these, or entirely ineffective and merely …