A Secret Catalogue of Government Gear for Spying on Your Cellphone

TSSC_CatalogueCTA_01_thumb

The Intercept is a Fearless, adversarial journalism.
Today they released a article named

A Secret Catalogue of Government Gear for Spying on Your Cellphone

I’m really not into this kinda sh*ts but we need to know what the fuck is going on around us.

More readings

How to intercept mobile communications (calls and messages) easily without hacking

https://theintercept.com/document/2015/12/17/government-cellphone-surveillance-catalogue/
http://www.wired.com/2015/10/stingray-government-spy-tools-can-record-calls-new-documents-confirm/
https://oversight.house.gov/wp-content/uploads/2015/10/15-3959-S2-DHS-Signed-Policy-Directive-047-02-Use-of-Cell-Site-Simulator-Tech.pdf
http://www.wired.com/1996/02/catching/

 

fatal: no matching mac found

One of my clients was trying to connect, for the first time, on his brand new server..
Somehow he wasn’t able to connect….

He showed me the following *log/report*…

Status:    Waiting to retry...
Status:    Connecting to 37.XX.XX.XX...
Response:  fzSftp started
Command:   open "[email protected]" 22
Error:     Server unexpectedly closed network connection
Error:     Could not connect to server

and this is the auth.log on the server…

fatal: no matching mac found: client hmac-sha1,hmac-sha1-96,hmac-md5 server [email protected],hmac-sha2-256-$

Solution?
Update the SFTP client – in this case filezilla -.

Readings?
https://forum.filezilla-project.org/viewtopic.php?t=31738
https://en.wikibooks.org/wiki/OpenSSH/Logging

nginx – avoid 501 and 502 nginx errors

This are my settings on /etc/php5/fpm/pool.d/www.conf to avoid 501 and 502 nginx errors… on CentOS 7 location of www.conf is at /etc/php-fpm.d/.
The server has 16Gb RAM. This configuration is for a 8Gb RAM server so…

pm.max_children = 70
pm.start_servers = 20
pm.min_spare_servers = 20
pm.max_spare_servers = 35
pm.max_requests = 500

Sources & more readings
http://myshell.co.uk/blog/2012/07/adjusting-child-processes-for-php-fpm-nginx/
http://jeremymarc.github.io/2013/04/22/nginx-and-php-fpm-for-performance/

modsecurity – MULTIPART_UNMATCHED_BOUNDARY

 

Forbidden

You don’t have permission to access /phpmyadmin/import.php on this server.

WOW!

 PHP Warning:  POST Content-Length of 9028812 bytes exceeds the limit of 8388608 bytes in Unknown on line

Looks like modsecurity is working…

ModSecurity: Access denied with code 403 (phase 2). Match of "eq 0" against "MULTIPART_UNMATCHED_BOUNDARY" required. [file "/etc/modsecurity/modsecurity.conf"] [line "80"] [id "200003"] [msg "Multipart parser detected a possible unmatched boundary."]

OK!, lets comment some lines @ modsecurity.conf and then restart apache to solve it…

nano /etc/modsecurity/modsecurity.conf

lets comment the following lines

SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" \
"id:'200003',phase:2,t:none,log,deny,msg:'Multipart parser detected a possible unmatched boundary.'"

and then restart apache

service apache2 restart

 

Force www on a domain with apache

This is how!
Edit a .conf (in my case I have a redirects.conf) for this kind of redirects….

nano /etc/apache2/sites-enabled/redirects.conf

And add the following lines…

<VirtualHost *:80>
    ServerName example.com
    Redirect permanent / http://www.example.com/
</VirtualHost>

and naturally restart apache! 😉

service apache2 restart

Enabling cgi-bin on apache

I had to enable CGI on this new recent server

sudo a2enmod cgi
sudo service apache2 restart

Simple!,
But I was getting a error script not found or unable to stat

[Mon Nov 30 18:00:32.380748 2015] [cgi:error] [pid 18799] [client 84.91.XXX.XXX:62545] script not found or unable to stat: /usr/lib/cgi-bin/HiPGZ23est4

I had to edit the .conf file

nano /etc/apache2/sites-enabled/domain.com.conf

and add the following lines

ScriptAlias /cgi-bin/ /path_to_cgi_folder/cgi-bin/
<Directory "/path_to_cgi_folder/cgi-bin/">
 AllowOverride None
 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 Order allow,deny
 Allow from all
</Directory>

and then reload the apache configurations

service apache2 reload