httptop for live monitoring for your domains

I downloaded an ebook, Linux Server hacks [O’reilly], hacks #65, “Monitoring Web Traffic in Real Time with httptop. Its quite interesting, you can view the traffic, but in CLI, just a black screen. But you can see who’s hitting your web server up to the second.

Firstly, this is my reference,
You can also download a full ebook from here. The file is quite big, 34MB! But… I found the Window help file version for the ebook!

The server used to setup all this things up is using FreeBSD 4.11, using DirectAdmin control panel. Mod_perl update were managed by DirectAdmin, and it makes my job easier to add additional Perl modules for httptop to works. Httptop need Time::HiRes and File::Tail Module installed to mod perl.

The first thing to do is to create additional information in httpd.conf for my domain, I just add these 2 additional line in the file. (Find the suitable place your own :D)
CustomLog /var/log/httpd/domains/total_log vhost
LogFormat “%v %h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”” vhost

“total_log” is a newly created file, where the new log data will dumped into, using these specified format. chmod it to 644.

Then we go to our httptop file. You can get the source code from O’reilly official website, or just download it from here.

In order to make sure the scripts will work, we have to install Time::HiRes module and File::Tail perl module.
cd /usr/ports/devel/p5-DateTime-HiRes
make install clean
cd /usr/ports/devel/p5-File-Tail
make install clean
/usr/local/directadmin/customapache/build mod_perl

I just restarted apache using DirectAdmin control panel, and issue this command to initiate httptop

httptop -f vhost -r 2 /var/log/httpd/domains/total_log

Walla, now you can see the result.
httptop small pics

Linux server hacks [pdf]
Linux server hacks [chm]

Certificates like 640-816 and 650-393 are important for a 70-284 professional’s career, particularly if he is planning on a future in 642-552 and 646-588.

Overlook an exploit in metasploit.

Last Sunday, UiTM held a Open Source Expo and National Hacking Competition. I was one of the participant 🙂
Me and Wahida

One of the challenge is to view the source code of a ASP file. I run nikto, and below is the result:

root@budihost-box:~# perl /usr/bin/ -h
- Nikto 1.32/1.23 -
+ Target IP:
+ Target Hostname:
+ Target Port: 80
+ Start Time: Fri Aug 26 13:52:56 2005
- Scan is dependent on "Server" string which can be faked, use -g to override
+ Server: Microsoft-IIS/5.0
+ IIS may reveal its internal IP in the Content-Location header. The value is "". CAN-2000
+ HTTP method 'PROPFIND' may indicate DAV/WebDAV is installed. This may be used to get directory listings if indexing is
allowed but a default page exists.
+ HTTP method 'SEARCH' may be used to get directory listings if Index Server is running.
+ HTTP method 'TRACE' is typically only used for debugging. It should be disabled.
+ Microsoft-IIS/5.0 is outdated if server is Win2000 (4.0 is current for NT 4)
+ / - TRACE option appears to allow XSS or credential theft. See
creen.pdf for details (TRACE)
+ / - TRACK option ('TRACE' alias) appears to allow XSS or credential theft. See
ror/WhitePaper_screen.pdf for details (TRACK)
+ /scripts - Redirects to , Remote scripts directory is browsable.
+ /blahb.idq - Reveals physical path. To fix: Preferences -> Home directory -> Application & check 'Check if file exists
' for the ISAPI mappings. MS01-033. (GET)
+ /xxxxx.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. Ensure Q252463i, Q252463a or Q251170
is installed. MS00-006. (GET)
+ /NULL.printer - Internet Printing (IPP) is enabled. Some versions have a buffer overflow/DoS in Windows 2000 which al
lows remote attackers to gain admin privileges via a long print request that is passed to the extension through IIS 5.0.
Disabling the .printer mapping is recommended. EEYE-AD20010501, CVE-2001-0241, MS01-023, CA-2001-10, BID 2674 (GET)
+ /scripts/samples/search/qfullhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (
+ /scripts/samples/search/qsumrhit.htw - Server may be vulnerable to a Webhits.dll arbitrary file retrieval. MS00-006. (

+ /_vti_bin/fpcount.exe - Frontpage counter CGI has been found. FP Server version 97 allows remote users to execute arbi
trary system commands, though a vulnerability in this version could not be confirmed. CAN-1999-1376. BID-2252. (GET)
+ /_vti_bin/shtml.dll/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/shtml.exe - Attackers may be able to crash FrontPage by requesting a DOS device, like shtml.exe/aux.htm -- a
DoS was not attempted. CAN-2000-0413, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc - FrontPage may be installed. (GET)
+ /_vti_bin/shtml.exe/_vti_rpc?method=server+version%3a4%2e0%2e2%2e2611 - Gives info about server settings. CAN-2000-041
3, CAN-2000-0709, CAN-2000-0710, BID-1608, BID-1174. (POST)
+ /_vti_bin/_vti_aut/author.dll?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_bin/_vti_aut/author.exe?method=list+documents%3a3%2e0%2e2%2e1706&service%5fname=&listHiddenDocs=true&listExplore
&listBorders=false - Needs Auth: (realm NTLM)
+ /_vti_inf.html - FrontPage may be installed. (GET)
+ /login/ - This might be interesting... (GET)
+ /localstart.asp - Needs Auth: (realm "")
+ /localstart.asp - This may be interesting... (GET)
+ 2645 items checked - 15 item(s) found on remote host(s)
+ End Time: Fri Aug 26 13:53:16 2005 (20 seconds)
+ 1 host(s) tested

The server runs IIS 5, with source code dislosure vulnerability.

I didn’t notice that Metasploit Framework already have the exploit. The task should be more easy with Metasploit.

Quite a few advertising agencies are making use of cheap web hosting and free web design templates by saving there and spending on seo like email marketing.

Happy Merdeka Day!

Merdeka announcement

Happy Merdeka Day!!

Merdeka! Merdeka! still can be heard today. Last night IIUM students also celebrating Merdeka Day in the campus. Many peoples were there, students, lecturers and many other people around the area.

Just few hours before the 12 o’clock, i was in KL, lift a friend to PuduRaya, balik kampung 🙂
There were many people in KL last night. I saw a family with their children planning to celebrate Merdeka in KL. It makes me remember, I was never being outside at night during my young ages.

I still agree that we still cannot know the value of Merdeka, since we have already been in all the harmony, and have all the peaceful life. How can be protect our country, without knowing the value of independence?

Peace be among the warriors, who strive for our independence.

Auditor security linux

Auditor Security Linux

Auditor security linux, must try linux for anyone who interested in security aspects of networking and administration. Auditor provides full of application needed information gathering, vulnerability assesment, and many more.

The application have been arrange in categorical, so that you can go to specific application specific to what purpose. There are many more tools that not included in the category, you can search for it.

You can download it from here:

New IM – Google Talk

As all of us wait and all the rumours spread, now Google come out with its new IM for its users, Google Talk.

Google Talk client application

All you need is just a Google account, and the client application. The application is just 900KB in size, and can be downloaded from here

The application is simple, small in size, and the file is all the software that you need. You dont need to redownload other program to use it. Google Talk support Voice Call with your buddies.

Download now, and start inviting your Google friends to your Buddy list!

Budihost being an official technology partner of Convest 2005.

Budihost Web Hosting & Services
This year, 2005, Budihost Web Hosting & Services will be the Technology Partner of IIUM Convocation Fiesta 2005.

We will be delivering content management of the official website. There’s some problem with the website, where we have to use IIUM server to host the website. The new policy this year disalow them to take other hosting provider to host their official website.

You can have a visit to their official website,

The website is still under development. Need to have more modification on the design and features.

Bekelah waterfall trip (Maran, Pahang)

bekelahLast week was a great weekend, i went to Bekelah waterfall, in Maran, Pahang. Quite popular place for picnic and recreational activities, but its just me who didn’t noticed about that.

The program was organized by ARC (Adventure Club) of International Islamic University. The program just 2 days, and 2 nights.

We based at a point, where we have to walk around 2 hours to reach there. The route was quite difficult at the other end, where we have to walk through rocks, just besides the big streams of water. If we fall into the water with the heavy bags, I couldn’t imagine what to do.

The place was very nice, was very very very nice.. 🙂 You should go there once in your life time. The camping site is quite small, its really tight enough for 80, our group. But the river have a big area to swim and having any activities like water confidence, river crossing and flyisng fox.

We plan to do flying fox, but we do not bring a static rope, we just have a dynamic rope. So, the plan just drowned 🙁

I’ll post some pictures after this, not ready yet.

Next week insya-Allah I’ll be there again, with ARC from IIUM matriculation center. 🙂 wanna join me?

Speed up your browser – Mozilla Firefox

Here’s something for broadband people that will really speed Firefox up:

1.Type “about:config” into the address bar and hit return. Scroll down and look for the following entries:

network.http.pipelining network.http.proxy.pipelining network.http.pipelining.maxrequests

Normally the browser will make one request to a web page at a time. When you enable pipelining it will make several at once, which really speeds up page loading.

2. Alter the entries as follows:

Set “network.http.pipelining” to “true

Set “network.http.proxy.pipelining” to “true

Set “network.http.pipelining.maxrequests” to some number like 30. This means it will make 30 requests at once.

3. Lastly right-click anywhere and select New-> Integer. Name it “nglayout.initialpaint.delay” and set its value to “0“. This value is the amount of time the browser waits before it acts on information it recieves.

If you’re using a broadband connection you’ll load pages MUCH faster now!

Quoted from

Automatic update your exploit list!

Security Forest
This is a tools that helps us to get the latest exploit tree on our harddrive. With this tool, that’s available both on Windows and Linux platform, you can easily update you exploit tree in your own harddisk with just a few command line.
It utilize CVS, so make sure its allowed on your network.
You can get it at Security Forest

My experience updating my exploit tree, Anti-virus will detect some of the exploit file transfered. It will immediately broke the the updating process. What I do is, I stop anti-virus application first, and updating all the list. After the updating completed, I run anti-virus on the exploit tree folder. All detected “hack tool” will be examined back, if it is for hack tool and cannot run by itself, i will take it out from the quarantined list.

Happy testing!!