Tag Archives: kulish

NTP Spoof Attacks

Apparently 2 out of 3 of our GPS clocks were being used in a spoof/DDOS attack.

The basic premise is that time requests are sent to the service with a spoofed IP for the response. Add in 100/1000/10000 clocks send results to a server/service that did not request them results in a denial of service attack.

Both clocks have been removed from the pool, scheduled for February 6th. Hickory.kulish.com has port 123 UDP closed at this time. The maintainer of Dickory.kulish.com has been notified.

nginx+observium configuration

Update to index.php in observium to work with nginx.

Change from:

$_SERVER[‘PATH_INFO’] = (isset($_SERVER[‘PATH_INFO’]) ? $_SERVER[‘PATH_INFO’] : $_SERVER[‘ORIG_PATH_INFO’]);

Change to:

$_SERVER[‘PATH_INFO’] = $_SERVER[‘REQUEST_URI’];

nginx site configuration:

server {
listen 80;
server_name hostname.kulish.com;

access_log /var/log/nginx/hostname.kulish.com.acc.log;
error_log /var/log/nginx/hostname.kulish.com.err.log;

root /www/observium/html;
index index.php;

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/www;
}

location / {
try_files $uri $uri/ @observium;
}

location @observium {
rewrite ^(.+)$ /index.php/$1/ last;
}

}

# General php settings
include php.conf;

# We need to exclude robots.txt specifically
include drop.conf;