.:: mY Life JoUrNeY ::.

Don’t know what to do today so i decide to try out the nagios2 in hardy, so what should i do is :-

$ sudo apt-get install nagios2 nagios-plugins-basic nagios-plugins-standard nagios-plugins nagios-plugins-extra nagios-snmp-plugins nagios-images

wait until all the installation done, your nagios2 can be view by http://localhost/nagios2/ but u may find that u can’t login because u have set the username n password. So lets solve it by doing

$ sudo htpasswd -c /etc/nagios2/htpasswd.users nagiosadmin

its because the auth file need to be create since the nagios configuration file stated in /etc/apache2/conf.d/nagios2.conf

So hope u guys may tried it since its quite a good tools for monitoring the networks .. Good Luck & hepi playing with the nagios.cfg !!

The following are all closely related terms:

• RBL is an abbreviation for “Real-time Blackhole List”. As mentioned below, “RBL” was the name of the first system to use this technology, a proprietary MAPS DNSBL, and “RBL” is a registered trademark^[1]. Some pieces of mail software have configuration parameters that use “RBLs” or “RBL domains” when any DNSBLs can be used, not just the MAPS RBL.

• DNSBL is an abbreviation that sometimes stands for “DNS blacklist”, although different DNSBL operators define the term in various ways. The use of the word “blacklist” is somewhat controversial. The reasons cited include its association with Joseph McCarthy and legal liability ^[2]. Instead, some people have suggested that DNSBL should stand for “DNS blocklist” even though DNSBLs are not always used for direct blocking, or “DNS blackhole list” based on the RBL expansion, even though the DNSBL method does not create true blackholes. A minimally controversial expansion of the acronym is “DNS-Based List” ^[3][4][5]

• DNSWL is an abbreviation for “DNS whitelist”. It is a list of IP addresses that some people may want to treat more favourably.

• RHSBL is an abbreviation for “Right Hand Side Blacklist”. This is similar to a DNSBL but it lists domain names rather than IP addresses. The term comes from the “right-hand side” of an email address — the part after the @ sign — which clients look up in the RHSBL.

• URIBL is an abbreviation for “Uniform Resource Identifier Blacklist”. A URIBL lists domain names and IP addresses that appear in URIs such as web sites mentioned in message bodies. It contrasts with an RHSBL which lists domain names used in e-mail addresses ^[6].

If you got email problem like the my previous post , u may check it inside your terminal by installing rblcheck by doing

sudo apt-get install rblcheck

Here are some output :

$ rblcheck
rblcheck: no IP address(es) specified
rblcheck 1.5-20020316
Copyright (C) 1997, 1998, 1999, 2000, 2001 Edward S. Marshall
Usage: rblcheck [-qtlcvh?] [-s <service>] <address> [ <address> ... ]

-q           Quiet mode; no output
-t           Print a TXT record, if any
-m           Stop checking after first address match in any list
-l           List default RBL services to check
-c           Clear the current list of RBL services
-s <service> Add a new service to the RBL services list
-h, -?       Display this help message
-v           Display version information
<address>    An IP address to look up; specify `-’ to read multiple addresses from standard input.

Time to test 1 IP address which is a.b.c.d

$ rblcheck a.b.c.d
a.b.c.d not RBL filtered by xbl.spamhaus.org
a.b.c.d not RBL filtered by sbl.spamhaus.org
a.b.c.d not RBL filtered by list.dsbl.org
a.b.c.d not RBL filtered by dnsbl.njabl.org
a.b.c.d not RBL filtered by dul.dnsbl.sorbs.net
a.b.c.d not RBL filtered by l1.spews.dnsbl.sorbs.net

Sophos has recently launched the beta of Sophos Anti-Virus 7.0 for UNIX. Initially this will be for Solaris 9 & 10 Sparc platform and allows users to centrally control policies, consolidate alerts and view reports etc.

Anyone wishing to join the beta program should contact betaprogram@sophos.com as soon as possible.

But why bother, I hear you ask. Doesn’t malware only affect Windows? So why do I need to add anti-virus to a platform that isn’t affected?

We may note of course that the first internet worm infected UNIX machines, and the first rootkits were trojanised versions of UNIX system utilities. You may say it is ancient history.

More recently our own analysis shows that nearly half the compromised web servers hosting malware are running Apache, and 70% of the infections caught on our linux honeypot are a six year old virus called Rst-B. And the most commonly infected files are trojanised versions of Unix system utilities downloaded by hackers after a successful break-in.

Another good reason is the story of Typhoid Mary . The story goes that a health inspector was investigating an outbreak of Typhoid. His initial report was as follows:

“I had my first talk with Mary in the kitchen of this house. . . . I was as diplomatic as possible, but I had to say I suspected her of making people sick and that I wanted specimens of her urine, feces and blood. It did not take Mary long to react to this suggestion. She seized a carving fork and advanced in my direction. I passed rapidly down the long narrow hall, through the tall iron gate, . . . and so to the sidewalk. I felt rather lucky to escape.�

Using other platforms as files servers, or hosting business critical applications makes a great deal of sense, but although modern malware does target the Windows operating system, protecting any UNIX servers, helps prevent reinfection of those desktops from your very own Typhoid Mary.

You may of course disagree with me and you’re confident that your UNIX servers are clean, in which case why not join the beta program and prove me wrong.

PS. The photo above is of Chris Northwood. Chris is a placement student who is working as a developer on our Sophos Anti-Virus for Linux/UNIX R&D team. Apparently the rest of the team chose Chris for the photoshoot as they thought he looked the smartest of all of them.

Mark Harris – Director of SophosLabs

April 23, 2008

Summary
=======
Sophos is pleased to announce the availability of PureMessage for UNIX 5.4.2, which contains various fixes and improvements.

Details
=======

Improvements/fixes in PureMessage 5.4.2 include:

* A new report, Rejected MTA Connections, is available via the Groups Web Interface. This report shows the number of connections rejected as a result of MTA-level IP blocking. (SUG10361)

* A new column displaying the serial number for each PureMessage component has been added to the Licensed Components page of the Support tab. These numbers are helpful to Sophos support, in the event that you need assistance. (SUG10623)

* Due to a limitation in PureMessage, lists associated with Administrative Groups could not be automatically synchronized with the PostgreSQL database. This has been fixed, although some manual steps may be required if you are running the Groups Web Interface as part of a multi-server deployment. If additional steps are necessary, a message to this effect will be displayed after you upgrade to version 5.4.2. Follow the on-screen instructions to resolve any differences between the versions of group list files stored in the database and the group list files stored on edge servers. (DEF09637)

* The pmx-logsearch-index background service was consuming an excessive amount of processing power due to a loop function that was continuously checking for new entries in the mail and message logs. This was most noticeable on systems with a large numbers of logs but without a constant mail flow.

Additionally, the index_expire_days setting in logsearch.conf had no effect, regardless of the number of days specified. As a result, log search data would accumulate until it reached the specified size limit. This service no longer uses too much processing power, and the log search indexes are expired every seven days by default. (DEF20234)

* There was sometimes a difference in the total messages displayed in the Spam Range Volumes and Message Categorization reports for the same time period. This occurred because messages that PureMessage deemed to be 100 percent spam were not included in the Spam Range Volumes report. This has been fixed. (DEF09266)

* In cases where the message body or message headers are altered or removed during processing, PureMessage now assigns a new Message-ID header. This change was made to improve RFC compliance. (DEF19630)

* Previously, if you were using PureMessage in conjunction with the Java System Messaging Server (JSMS) mail transfer agent, messages could become trapped in the JSMS mail queue, where JSMS would continue indefinitely in its attempt to resend the messages. This occurred in instances when the MTA was attempting to pass messages to the PureMessage milter and the milter was unresponsive. If this occurs now, JSMS will attempt to resend according to the intervals specified in the backoff setting of the imta.cnf configuration file in JSMS. (DEF17471)

* Various other fixes and improvements.

The release notes, which contain additional information on the changes, can be found here:

http://pminfo.sophos.com/pmchanges

Recommendations
===============
Sophos strongly recommends that customers running PureMessage 5.x perform this update.
If you haven’t already done so, Sophos also recommends reviewing the version/platform support policy, located here:

http://pminfo.sophos.com/pminfo/docs/PureMessage/version_platform.html

For best anti-spam performance, Sophos recommends that you use IP Blocker at the MTA level to reject messages or in the policy layer to discard, tag or quarantine messages from known bad senders.

Upgrading from PureMessage 5.3.3+
=================================
Sophos strongly recommends reviewing the release notes and upgrade instructions in detail prior to updating. PureMessage 5.x customers can install all updates by performing the following steps:

1.  As the PureMessage user (‘pmx’ by default), run
‘pmx-service stop smtp’ and ‘pmx stop’.

2.  As the root user, run ‘/opt/pmx/bin/pmx-setup’.

** If you are upgrading from a PureMessage version prior to 5.4.x, this release includes a new version of pmx-setup to support signed downloads. Sophos very strongly recommends updating your copy of pmx-setup to the latest version. **

Using the menus, select ‘Upgrade PureMessage Components’, ‘Check for updates’, then ‘Upgrade components’.

3.  As the PureMessage user, run ‘pmx start’ and ‘pmx-service start smtp’.

Detailed information on updating PureMessage 5.3.3 and up (including from tarballs) is available here:

http://pminfo.sophos.com/pminfo/docs/PureMessage/5.4/upgrade.html

If you encounter any issues with PureMessage during this update,
technical support is available at:

http://www.sophos.com/support/queries/enterprise.html

Best Regards,
Sophos Technical Support
Sophos – security and control

Over 100 million business users in over 150 countries rely on security and control solutions from Sophos
———————————————————-
© 2008 Sophos Plc. Incorporated in England and Wales No. 348 3873 20.
Registered office, The Pentagon, Abingdon, OX14 3YP

All rights reserved.

http://www.sophos.com/legal

Privacy Policy

http://www.sophos.com/legal/privacy.html

[tags]sophos[/tags]

Now days .. have u all wonder what is the other ways that info can leak out from ya organization/company/etc ? IMHO Instant Messenger(IM) is one of it. Previously my CEO have asking me, did someone can know/read/monitor what is he doing with the IM? i said yes it is .. then im asking about the company policies? is it staff’s are allow to IM? “Yes, let they use the IM .. no need to block/prevent the staff using it …” thats was the answer …

so thanks to the great job to dakrone because he just release his new code called “Yahsnarf” after releasing the “AIMsnarf” previously.

With his code/project, maybe it help sys admin, security & network analyst work more easier. Here are some of description about Yahsnarf taken from his post:

Yahsnarf requires Ruby, ruby-pcap and bit-struct (Thanks Matasano for introducing me to bit-struct, made this script take about 1/4rd the time to write)

I’m also currently working on an NSM-Console module for Yahsnarf.

This script is a little different than Aimsnarf, mostly because Aimsnarf was the first program I ever wrote in Ruby, so it tended to be just a little rusty, without the best design practices. For one, Yahsnarf is way smaller than Aimsnarf (70 lines to around 150), and Yahsnarf follows an object-oriented design. Enough of that, here’s what you can expect to see:

shell> sudo ./yahsnarf.rb -i en1
Use '-h' to display usage
Capture/Decoding...
buddy1 --> buddy2: This is a test of yahsnarf
buddy2 --> buddy1: A test this is of yahsnarf; it's awesome!
buddy1 --> buddy2: thanks for the help

You can also use ./yahsnarf.rb -r <pcapfile> to read and extract from a network capture file.

Pretty simple eh? Replace buddy1 and buddy2 with the screen names of the conversationalists. There are a few issues I’m still working out, like usernames not always showing up (they could for the most part). Also, this obviously does not work on encrypted messages (OTR or otherwise), so if you value your privacy, use encryption.

Remember, don’t ever say anything over IM that you wouldn’t mind the world knowing, you never know who could be listening in

You guys may try/download the Yahsnarf here

If you have visited the website of anti-virus company Trend Micro this week there is a chance that your computer has been exposed to malware.

According to reports in the Japanese media, a number of webpages on the firm’s Japanese and English-language website were altered by hackers on Sunday 9 March, who used a malicious iFrame exploit to deliver a Trojan horse onto surfers’ computers. Trend Micro is believed to have uncovered the problem on Wednesday 12 March and replaced affected pages with a message saying “This page is temporarily shut down for emergency maintenance� as the following image from the www.trendmicro.co.jp shows:

It has not yet been revealed how the webpages on the security website were altered by the hackers, although it is likely a software vulnerability on the site was exploited.

According to information posted on Trend Micro’s website, the following analysis pages were compromised in Trend’s Virus Info section: ADW_BRUNME.A, ADW_ZANGO.A, ADWARE_ADBLASTER, ADWARE_EXACTADVERTISING, ADWARE_EZULA.ILOOKUP, TSPY_AGENT.HS, TSPY_ANICMOO, TSPY_GOLDUN.GEN, TSPY_HUPIGON.ZY, TSPY_Lmir, TSPY_Tiny, ADWARE_BHO_WEBDIR, ADWARE_BHO_WSTART, HKTL_MDBEXP.A, POSSIBLE_OTORUN3, SPYWARE_TRAK_RADMIN, TROJ_ARTIEF-1, TROJ_CLAGGER.D, TSPY_BANKER-2.002, TSPY_BANKRYPT.N, TSPY_GAMANIA.CI,
TSPY_GOLDUN.GEN, TSPY_LINEAGE, TSPY_ONLINEG.DAU, TSPY_ONLINEG.OAX, TSPY_QQPASS, TSPY_SDBOT.BTI, W97M_DLOADER.BKV, WORM_IRCBOT.JK, WORM_NYXEM.E and WORM_SOBER.AG.

Trend Micro reported on its website that web surfers could be infected by the malware, which they named JS_DLOADER.TZE, either by accessing one of the infected webpages or clicking a URL link embedded in the malware’s name. They have recommended that visitors to their site check that their computers are not infected. (Please note: At the time of writing we have only found a warning for customers on the Japanese-language version of Trend Micro’s website, although we have confirmed that the English-language version was also infected.) The JavaScript attempted to install further malicious code from the web onto visiting Windows computers.

Sophos detects the malicious software associated with the attack as Mal/Iframe-F, Troj/Drop-I, and the Troj/Portles-E backdoor Trojan horse. Analysts have discovered thousands of other webpages (detected as Troj/Badsrc-A) on other websites that have been infected in the same way.

In a nutshell – what has happened here is a criminal act, and our friends at Trend Micro (and people visiting the hacked pages) are victims of the crime. Sadly it’s not an uncommon crime these days – and all kinds of businesses have suffered.

This isn’t the time or place to make cheap shots against a competitor. The good news is that Trend Micro took the affected webpages down as soon as they discovered there was a problem, and the problem no longer appears to exist.

All other companies with a web presence should take this unfortunate incident as an opportunity to check that their own websites are properly secured (see our recently published technical paper on the subject), and ensure that they have web-filtering solutions – like the WS1000 Web Appliance – in place.

Sophos discovers a new infected webpage every 14 seconds. In the past we’ve found websites as varied as Wedding Photographers, Antiques firms, Pilates Classes, Ice Cream Manufacturers and even the US Consulate General in St Petersburg who have been the unfortunate victims of a malicious web attack. It seems we now have to add anti-virus companies to that list.

PS. Trend Micro aren’t the first example of a security company’s website being hacked. For instance, in 1999 hackers changed the home page of Symantec – although in that instance the motivation was apparently to cause mischief rather than to spread malware.

Graham Cluley, Sophos

So … are they will continuing suing the baracuda (open source solution at the gateway) ? So how about www.live.com mail which using trendmicro ?

[tags]Sophos, Trendmicro, Virus, Web Defacement[/tags]

Recently got an email from enduser/staff :

—–Original Message—–
From: Mail Delivery Subsystem [mailto:MAILER-DAEMON@pmx.myheadkampeni.com]
Sent: Friday, March 21, 2008 4:45 PM
To: siti@mykampeni.com
Subject: Returned mail: see transcript for details

The original message was received at Fri, 21 Mar 2008 16:42:45 +0800
from [x.54.220.x]

—– The following addresses had permanent fatal errors —–
<x_x@dell.com>
(reason: x-pc-smtp2.us.dell.com)

—– Transcript of session follows —–
… while talking to x.ins.dell.com.:
<<< x-ps-smtp.us.dell.com
<<< x Connections from this sending hostname Unknown, IP address of:
x.95.107.x are being rejected due to low SenderBase Reputation score
(below -2). Your SenderBase organization: 1713823. See
http://www.senderbase.org/ for more information.
… while talking to x.ins.dell.com.:
<<< x-pc-smtp2.us.dell.com
<<< x Connections from this sending hostname Unknown, IP address of:
x.95.107.x are being rejected due to low SenderBase Reputation score
(below -2) or due to bad DNS PTR record for your mail server. Please check
your DNS PTR for x.95.107.x. Forward and reverse DNS entries must match
for x.95.107.x. Your SenderBase organization: 1713823. See
http://www.senderbase.org/ for more information.
554 5.0.0 Service unavailable

and the worst case scenario …. bounce from Yahoo! Mail

The original message was received at Mon, 24 Mar 2008 19:45:19 +0800
from [x.16.1.x]

—– The following addresses had permanent fatal errors —–
<####fenris@yahoo.com>
(reason: 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550])

—– Transcript of session follows —–
… while talking to d.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
… while talking to g.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
… while talking to f.mx.mail.yahoo.com.:
>>> DATA
<<< 451 Message temporarily deferred – [160]
… while talking to c.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
… while talking to b.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
… while talking to a.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
… while talking to e.mx.mail.yahoo.com.:
<<< 553 Mail from x.95.107.x not allowed – 5.7.1 [BL21] Connections not accepted from IP addresses on Spamhaus PBL; see http://postmaster.yahoo.com/550-bl21.html [550]
554 5.0.0 Service unavailable

hmmmm ….

first thing to be sure i need to fix up my PTR & it got solve beyond 1 day working, thanks God: (email replied from TMNet)

Hi,

PTR has been registered as per your request. Please verify.

C:\Documents and Settings\Salizah>nslookup x.95.107.x

Server: cns2.tm.net.my
Address: 202.188.1.5 Name: ns1.mykampeni.com
Address: x.95.107.x
C:\Documents and Settings\Salizah>
–
Regards ~DNS Admin~
03-22739371 (O) 03-22739426 (F)

Secondly i need to remove my ip from SPAMHAUS : (stories from the sreenshot itself)

last and not least : Other victims from the Senderbase

Hoping for the problem will full solve since the PTR has been fix and IP from the SPAMHAUS has been removed, waiting for the worldwide network using SPAMHAUS get updated !!! Also this will make me cheer up back soon !!!

December 11, 2007

Summary
=======
Sophos is pleased to announce the general availability of PureMessage
for UNIX 5.4.1, including Sophos' new SXL anti-spam technology
(Anti-Spam Engine version 2.6.0) This release introduces changes to
the way PureMessage performs DNSBL checks - please see details below.

Details
=======

SXL - how it works
------------------
As each message passes through to the anti-spam engine for scanning,
the engine uses a local data set to identify characteristics in the
message that indicate it is spam. This includes IP addresses, URIs
within messages, content checksums, and image fingerprints. Local data
packages are updated frequently, but as spam campaigns evolve and
become more sophisticated, identifiable characteristics change rapidly
and are not relevant for very long. If the anti-spam engine cannot
determine whether a message is spam based on the local data, it will
access the SXL servers to check for any additional information that
SophosLabs might have. These real-time lookups provide minimal latency
between the time that Sophos makes new anti-spam data available and
when it is available for use by the anti-spam engine. The information
contained in the SXL database helps the anti-spam engine identify more
spam.

SXL and existing DNSBL anti-spam rules
--------------------------------------
** As of January 3rd, 2008, existing third-party DNSBL rules (e.g.
RELAY_IN_CBL) will be automatically disabled. If you have customized
your PureMessage policy to explicitly call or reference any of these
rules, you will need to modify it. The SXL anti-spam reputation data
provides a superset of the existing PureMessage DNSBL anti-spam data.
**

In order to achieve best anti-spam protection, please ensure that you
have configured your trusted relays correctly.

SXL and data-sharing
--------------------
The 'share data with Sophos' functionality has been extended to
provide important latency information to Sophos regarding SXL lookups.
Sophos strongly recommends enabling data-sharing to help provide the
best possible performance and protection. This configuration is set on
the Support tab of the PureMessage for UNIX Manager UI.

PureMessage 5.4.1
-----------------
- Addition of the Policy Mark Hits report to the new Groups Web
Interface.
- Detection of several new true file types.
- Miscellaneous small resolved issues.

The release notes, which contain additional information on the
changes, can be found here:

http://pminfo.sophos.com/pmchanges

Recommendations
===============

Sophos strongly recommends that customers running PureMessage 5.x
perform this update.
If you haven't already done so, Sophos also recommends reviewing the
version/platform support policy, located here:
http://pminfo.sophos.com/pminfo/docs/PureMessage/version_platform.html

For best anti-spam performance, Sophos recommends that you use IP
Blocker at the MTA level to reject messages or in the policy layer to
discard, tag or quarantine messages from known bad senders.

Upgrading from PureMessage 5.x
==============================

Sophos strongly recommends reviewing the release notes and upgrade
instructions in detail prior to updating. PureMessage 5.x customers
can install all updates by performing the following steps:

1. As the PureMessage user ('pmx' by default), run
'pmx-service stop smtp' and 'pmx stop'.

2. As the root user, run '/opt/pmx/bin/pmx-setup'.

** As of PureMessage 5.4.0, a new version of pmx-setup is available to
facilitate the improved secure downloads feature. Sophos very strongly
recommends updating your copy of pmx-setup to the latest version. **

Using the menus, select 'Upgrade PureMessage Components',
'Check for updates', then 'Upgrade components'.

3. As the PureMessage user, run 'pmx start' and
'pmx-service start smtp'.

[tags]PureMessage, Sophos, Email Filter[/tags]

After more than 1 years using IPcop, sudden i realize that i miss see something really good n nice to have as a addon on IPcop that is firewal logs viewer. After seeing the version that compatible with the IPcop might be absolute for IPcop 1.4.18.

What eva it is .. i don’t afraid to try install it in existing firewall, but i do test it 1st @ branch office than proceed to HQ (-.-).

1. Lets start download it from here
2. Then upload it into ipcop using scp @ winscp
3. Login to ipcop via ssh
4. tar zxvf firewalllogs_ipcop_1.4.11.tar.gz
5. cd firewalllogs
6. then run the installation file : ./install
7. U might see something like this –> Wrong Ipcop-Version, exiting………….
8. Dont Panic !!! this error occurs because of the IPcop version is the latest which is 1.4.18
9. What u should do next is editing the install file
10. vi install
11. search for -a $IPCOPVERSION” != “1.4.12″ then add a few codes after it like this –> -a $IPCOPVERSION” != “1.4.18″

the scripts should be edit like this:

IPCOPVERSION=`grep version /var/ipcop/general-functions.pl | cut -d= -f2 | grep -v Data | tr -d [:blank:]\;\’`
if [ "$IPCOPVERSION" != "1.4.8" -a "$IPCOPVERSION" != "1.4.9" -a "$IPCOPVERSION" != "1.4.10" -a "$IPCOPVERSION" != "1.4.11" -a "$IPCOPVERSION" != "1.4.12" -a "$IPCOPVERSION" != "1.4.18" ]

the rest of the script maintain as it it, then u save it, :wq!

Try run the installation script again, ./install

U will see something like this:

This is fwlogs installing.
installing files
creating webinterface entries
creating language entries
Enable automatic versioncheck for this mod ? [y/n] y
cleaning up
Installation finished.

to uninstall fwlogs just run ‘/usr/local/bin/uninstall_fwlogs’

Wallah … its ready to user !

Next, open ya favorite browser then view the IPcop GUI under tabs logs –> FW-Log Graphs by Ip & FW-Log Graphs by Port

Here are some screen shot:-

You may click the buttons for details on the IP’s and the Ports, i luv the graph becoz i don’t have to see the original firewall logs will look like this :

So u have the choice either to use looking at the log by words & numbers @ by the graph , enjoy it!!

[tags]IPcop, Security, Firewall, Logs, Ports[/tags]

As i curious bout the statement .. i was google and found this . Is is the best solution to solve the spamming bot ? is there an alternative ? Thanks to the post for the full info about what actually happened effectively on 3rd November 2007 until ???

Here i will post a screen shot that might be a proof for the Hottest Blocking port 25 Issue :

So … Mail Server Admin’s out there …. please go to this page to avoid from this disaster …