Research

Apache brute: A simple brute force deterrent for Linux

By |2022-06-15T00:39:43-04:00May 31st, 2017|Categories: Defensive Methodology|Tags: , , , |

We published a simple script to help identify and block possible brute-force attempts on a Linux web-server. The script counts the amount of “bad-actions” an ip has logged in the Apache logs and blocks the ip on port 443. This script also displays top 20 visitor information using geoiplookup (which should be installed) and performs a [...]

Comments Off on Apache brute: A simple brute force deterrent for Linux

Judicial branch of Puerto Rico exposes sensitive court documents

By |2022-06-15T00:43:34-04:00May 31st, 2017|Categories: Hacking, Laws, Reports|Tags: , , , , , |

Problem CompSec Direct recently became aware of an information disclosure problem with the https://unired.ramajudicial.pr/lawyernotificationauthentication/ application used by the judicial branch of the Puerto Rico government. The application uses a weak sequential ID string that is provided to attorneys and clients in order to view sensitive legal documents. Manipulating the ID string with simple math, similar to the overturned [...]

Comments Off on Judicial branch of Puerto Rico exposes sensitive court documents