Snap! Websites Journal

Today I noticed hundreds of logs in the snapwatchdog services. These appear because the daemon checks whether clamav-freshclam is enabled. This is a daemon used to make sure fresh virus signatures are uploaded at least once a day.

Aug 23 18:14:42 hostname snapwatchdogserver[10305]: Failed to get unit file state for clamav-freshclam.service: No such file or directory

The snapwatchdog service runs its tests about once a minute. This means we check whether the clamav-freshclam service is enabled once a minute. That's 1,440 times a day, assuming we don't lose even one minute. ...

Today I was checking my logs and noticed this entry. As we can see, within about 600ms, an attacker was trying to connect to many different ports (20480, 20736, 36895, 37151, 22528, 16671, 14340, 20992, 4135, 64288, 45090, 21248, 21504, 31775, 39455, 42254, 47115.)

Note: I hid the destination URL (x.x.x.x) on purpose. However, I did not hide the source!

Jul 23 11:20:34 finball1 kernel: [1661019.650298] [iptables] unknown: IN=eth0 OUT= SRC=87.62.140.210 DST=x.x.x.x LEN=44 TOS=0x00 PREC=0x00 TTL=57 ID=52074 PROTO=TCP SPT=26091 DPT=20480 WINDOW=131 RES=0x00 SYN URGP=0
Jul 23 11:20:34 ...

Today I wanted to get a plugin to work against the snapmanager.cgi executable's server.

The idea is pretty simple, the process loads the plugins and one of them (so far) wants to connect against the generate_content() signal, only that signal is part of the manager_cgi class which is not part of a .so library. Because of that, it doesn't expose its functions by default.

This is a quite interesting problem because it makes sense that the executable functions would not be visible to the dynamic linker. It should not be required. Actually, this is the first time I need such a feature, ...

I finally went back to libtld to make the tests work with the newest version so that way I could make a new upload on Sourceforget.net.

This newer version includes all the newer (and removed!) TLDs as of Jan 2018.

The TLDs are a fast moving target since those many additions accepted by ICANN, although most of the newest additions were in link with three or four countries and mainly commercial endeavors (i.e. a domain that offers sub-domains for sale.)

The new version also includes a PPA package as we have updated that part of our code so it compiles like a charm on launchpad.net. If you are ...

Syndicate content

Snap! Websites
An Open Source CMS System in C++

Contact Us Directly