Linux: You may have been Compromised when..

December 9th, 2014

There are a number of warning signs that a system has been compromised. The cases below warrant further investigation. Of course, they aren’t all guarantees that your system has been compromised, however they can be strong indicators.

1. Your welcome banner shows the last log in from an unknown/foreign IP address:

Last login: Tue Dec  2 16:08:41 2014 from 190.234.106.143
root@mt:~#

2. The load on a usually idle system is suspiciously high:

root@mt:~# w
 17:06:39 up 62 days, 22:37,  1 user,  load average: 8.12, 8.14, 8.11
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/0    pwn              17:03    7.00s  0.00s  0.00s w

This could indicate that unknown processes are running.
Read the rest of this entry »

PHP Developer – Base64

July 3rd, 2010

Base64 is a type of encoding (NOT encryption). Essentially, you can take any binary data and encode it into one of 64 characters for more information on the encoding process and how this is done, visit http://en.wikipedia.org/wiki/Base64.

It is useful for a variety of things, specifically encoding non standard characters that may not be safe to pass around such as in a browser address bar or in a plaintext email..

Here’s one example..

<?php
$obj = new stdClass();
$obj->a = “test”;
$obj->b = “string”;
$obj->c = 12345;
$output = base64_encode(serialize($obj));
echo $output;

?>

This returns ‘Tzo4OiJzdGRDbGFzcyI6Mzp7czoxOiJhIjtzOjQ6InRlc3QiO3M6MToiYiI7
czo2OiJzdHJpbmciO3M6MToiYyI7aToxMjM0NTt9’

We could now pass this as an HTTP safe string between pages; decoding using $v = unserialize(base64_decode());

This is obviously not an optimal way of storing or passing this example data between various pages however is one example of how base64 encoding can be used.