labby.co.uk » Uncategorized

2
Jun 10

Can I record telephone conversations on my home phone?

Posted by Gregory

0 comments
The following information is taken verbatim from Ofcom’s website:

Recording and monitoring telephone calls or e-mails.
A general overview of interception, recording and monitoring of communications.

The interception, recording and monitoring of telephone calls is governed by a number of different pieces of UK legislation. The requirements of all relevant legislation must be complied with. The main ones are:

Regulation of Investigatory Powers Act 2000 (“RIPA”)
Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (“LBP Regulations”)
Data Protection Act 1998
Telecommunications (Data Protection and Privacy) Regulations 1999
Human Rights Act 1998
It is not possible to provide comprehensive detail of that legislation here. Any person considering interception, recording or monitoring of telephone calls or e-mails is strongly advised to seek his/her own independent legal advice and should not seek to rely on the general information provided below. It should be borne in mind that criminal offences and civil actions may occur when the relevant legislation is not complied with. Accordingly, Ofcom accepts no liability for reliance by any person on the following information.

Can I record telephone conversations on my home phone?
Yes. The relevant law, RIPA, does not prohibit individuals from recording their own communications provided that the recording is for their own use. Recording or monitoring are only prohibited where some of the contents of the communication – which can be a phone conversation or an e-mail – are made available to a third party, ie someone who was neither the caller or sender nor the intended recipient of the original communication. For further information see the Home Office website where RIPA is posted.

Do I have to let people know that I intend to record their telephone conversations with me?
No, provided you are not intending to make the contents of the communication available to a third party. If you are you will need the consent of the person you are recording.

Can a business or other organisation record or monitor my phone calls or e-mail correspondence with them?
Yes they can, but only in a limited set of circumstances relevant for that business which have been defined by the LBP Regulations. The main ones are:

to provide evidence of a business transaction
to ensure that a business complies with regulatory procedures
to see that quality standards or targets are being met in the interests of national security
to prevent or detect crime to investigate the unauthorised use of a telecom system
to secure the effective operation of the telecom system.
In addition, businesses can monitor, but not record, phone calls or e-mails that have been received to see whether they are relevant to the business (ie open an employee’s voicemail or mailbox systems while they are away to see if there are any business communications stored there). For further information see the BERR website where the LBP Regulations are posted.

However any interception of employees’ communications must be proportionate and in accordance with Data Protection principles. The Information Commissioner has published a Data Protection Code on “Monitoring at Work” available on its website here. The Code is designed to help employers comply with the legal requirements of Data Protection Act 1988. Any enforcement action would be based on a failure to meet the requirements of the act – however relevant parts of the Code are likely to be cited in connection with any enforcement action relating to the processing of personal information in the employment context. Accordingly this Code of Practice and the Data Protection Act must also be considered by any business before it intercepts employees’ communications.

Do businesses have to tell me if they are going to record or monitor my phone calls or e-mails?
No. as long as the recording or monitoring is done for one of the above purposes the only obligation on businesses is to inform their own employees. If businesses want to record for any other purpose, such as market research, they will have to obtain your consent.

What do I do if my calls have been recorded unlawfully?
Under RIPA it is a tort to record or monitor a communication unlawfully. This means that if you think you have suffered from unlawful interception of your phone calls or e-mails you have the right to seek redress by taking civil action against the offender in the courts.

The following is unaffiliated with labby.co.uk
Related Posts:
- No Related Posts
Uncategorized
3
May 10

Adding a service to ubuntu networking

Posted by Gregory

0 comments
One of the scripts I run on my server monitors various log files and watches for signs of intrusion attempts.

I wanted the function to run at boot, but instead only let it run when the network is actually up which makes more economical sense and reduces my processor and hard drive usage (if only slightly).

Anyway, enough preamble. Here is how to do it:

The directory /etc/network/if-up.d/ is parsed when networking is started or restarted
The directory /etc/network/if-down.d/ is parsed when networking is stopped

If you add a link to the program you wish to run into one of these directories it will run at the appropriate time.

Remember to check if the process is already running and handle that by either terminating the existing process or aborting the creation of the new process.

The following is unaffiliated with labby.co.uk
Related Posts:
Uncategorized

add, boot, network, service, ubuntu
17
Apr 10

I am now an official Fedora Ambassador

Posted by Gregory

0 comments
Through selling linux DVDs on ebay I virtually met an interesting person with a big future ahead of him.

This person is an Ambassador for the Fedora Project, and is a very proactive member of the team.

His dedication inspired me to look into becoming a Fedora Ambassador myself so I set the ball in motion.

I chatted to several people on IRC freenode #fedora-uk and #fedora-ambassadors and contacted a local mentor, a very knowledgeable and commited person himself (that is a definite thread running through Fedora).

I chatted about my background, what I could bring to the Fedora Project and it was decided that I had the potential to become a Fedora Ambassador.

I will try to live up to the honour proffered to me and am currently studying hard to be all that I can be.

The following is unaffiliated with labby.co.uk
Related Posts:
- No Related Posts
Uncategorized, fedora

ambassador, fedora
12
Apr 10

I just helped catch a new email spammer \o/

Posted by Gregory

0 comments
I donated some of my domain MX records to http://www.projecthoneypot.org and just got an email telling me:

Gregory –
Regardless of how the rest of your day goes, here’s something to be happy about — today one of your donated MXs helped to identify a previously unknown email harvester (IP: 74.170.107.247). The harvester was caught a spam trap email address created with your donated MX:
mail2.labby.co.uk
You can find information about your newly identified harvester here:

http://www.projecthoneypot.org/ip_74.170.107.247

Don’t forget to tell your friends you made the Internet a little better
today. You can refer them to Project Honey Pot directly from our
website:

You’ve chosen to receive this message every time one of your honey pots or donated MXs helps identify a new harvester. We don’t blame you, we’re constantly checking in to see what we’ve caught. However, if you’re sick of these messages, you can turn them off by visiting your settings page:

Thanks from the entire Project Honey Pot team and, we’re sure if they knew, from the Internet community as a whole.
Related Posts:
- Yet another email spammer identified
- wp-spamfree comments log 403 forbidden fix
Uncategorized

email, honey, honeypot, mx, pot, project, spam
9
Apr 10

Apache server logs “GET /w00tw00t.isc.sans.dfind:)” fix

Posted by Gregory

0 comments
Seen “GET /w00tw00t.isc.sans.dfind:)” 400 in your server logs?

This is a vulnerability scan.

Tired of the little wannabe 1337 teens trying to hack your server?

Try this little script I wrote to ban them as soon as they try:

I linked logfunctions in /etc/init.d and ran
update-rc.d defaultsto start at bootup

I put ban in /usr/local/bin
file logfunctions
#!/bin/bash # #This script is a wrapper for a number of other scripts contained inside it. # #Usage: $0 scriptname [parameters] #Allowed scriptnames [parameters]: # ban [ip] [text] # checkiptables # mailovh # w00t [stop]
#error $? returned: # 0 no errors # 1 no scriptname passed # 2 invalid scriptname passed # 10 or higher: # first value denotes executed script, last number denotes return value # example: 17: script 1, return value 7 # example: 32: script 3, return value 2 # values higher than 99: # example: 154: script 15, return value 4 # 10: ban: no errors # 11: ban: no IP passed # 12: ban: whitelisted IP passed # 13: ban: localhost|127.0.0.1 passed # 14: ban: new IP found to ban # 17: ban: IP is already banned # 20: checkiptables: no errors # 21: checkiptables: unable to delete $OUTFILE # 22: checkiptables: IPs are still being banned # 23: checkiptables: no IPs are being banned # 40: w00t: no errors # 41: w00t: shutdown running process #100+: exited out of case without exiting the script - unhandled exit, remove 100 to get the actual code #systemwide variables: BANLENGTH="1 week" BANEND=`date +%s --date="$BANLENGTH"` D=`date` DS=`date +%s` DT=`date +%T` OVHALL="/var/log/ovh_all.log" OVHLOG="/var/log/ovh.log" WWWBANNEDIPS="/var/www/bannedips.txt" CURRENTBANNEDIPS="/etc/banlist" OUTFILE="$CURRENTBANNEDIPS"+".tmp" MONITOR="/var/log/apache2/access.log" #inside the "" add any files you wish to monitor eg /var/log/syslog WATCHARRAY=( "//skin/ggambo6200_board/error\.php?" "\"GET //[Pp]hp[Mm]y[Aa]dmin//scripts/setup\.php HTTP/1\.1\"" "\"GET //pma/" "\"GET /pma/" "\"GET /w00t.* HTTP/1\.1\" 400 [0-9]* \".*\" \".*\"" "Toata dragostea mea pentru diavola" ) WATCHLIST=${WATCHARRAY[0]} for element in $(seq 1 $((${#WATCHARRAY[@]} - 1))); do if [ "$element" != "" ]; then WATCHLIST="$WATCHLIST|${WATCHARRAY[$element]}" fi done WOOTLOCK="/var/lock/w00t.lock" SERVERIP="example.com (127.0.0.1)" #insert your server name and IP here FROMMAIL="exploits@example.com (example.com monitor)" # insert your email address here WHITELIST="127.0.0.1" # insert a list of whitelisted (non-bannable) IPs here, separated by ' ' #program paths, change toi suit your individual system GREP="/bin/egrep" # egrep must be egrep, not grep CAT="/bin/cat" WHOIS="/usr/bin/whois" ECHO="/bin/echo" IPTABLES="/sbin/iptables" WC="/usr/bin/wc" AWK="/usr/bin/awk" CUT="/usr/bin/cut" CP="/bin/cp" RM="/bin/rm" MV="/bin/mv" TAIL="/usr/bin/tail" PS="/bin/ps" SENDMAIL="/usr/sbin/sendmail" KILL="/bin/kill" #Main script start if [ "$#" -lt 1 ]; then #no scriptname passed $ECHO "$0 scriptname [parameters]" RETVAL=1 exit $RETVAL fi case "$1" in 'ban') RETVAL=10 if [ "$2" == "" ]; then $ECHO $0 $1 IP $ECHO eg: $0 $1 11.22.33.44 let RETVAL+=1 exit $RETVAL fi IP=$2 LINE=$3 #echo "BANCHECK $# 1:$1 2:$IP 3:$3" if [ "`$ECHO $WHITELIST | $GREP $IP | $WC -l`" -ne 0 ]; then let RETVAL+=2 exit $RETVAL fi if [[ "$IP" == "127.0.0.1" || "$IP" == "localhost" ]]; then let RETVAL+=3 exit $RETVAL fi if [ "`$GREP "$IP" $CURRENTBANNEDIPS | $WC -l`" == "0" ]; then $ECHO -ne "\n$DT:IP \"$IP\" not found, banning IP \"$IP\" for $BANLENGTH\n" $ECHO "$BANEND $IP" >> $CURRENTBANNEDIPS $IPTABLES -A INPUT -s $IP -j DROP $ECHO $BANEND $IP $LINE >> $WWWBANNEDIPS let RETVAL+=4 else let RETVAL+=7 $ECHO -ne "D" fi exit $RETVAL ;; 'checkiptables') RETVAL=20 if [ -e $OUTFILE ]; then rm $OUTFILE if [ -e $OUTFILE ]; then let RETVAL+=1 exit $RETVAL fi fi if [ -f $CURRENTBANNEDIPS ]; then DH=$(( $DS-3600 )) $CAT $CURRENTBANNEDIPS | while read line; do DA=`$ECHO $line | $AWK '{ print $1 }'` DAO=$(( $DA-604800 )) IP=`$ECHO $line | $CUT -f2- -d' '` $ECHO "Checking $IP" $IPTABLES -D INPUT -s "$IP" -j DROP $ECHO `date -d "1970-01-01 $DAO sec"` if [ $DS -ge $DA ]; then # delete rule $ECHO "IP $IP released from iptables drop" else if [ $DAO -gt $DH ]; then $ECHO "New IP $IP added in the last hour" else $ECHO "IP $IP remains banned from this server" fi # ban ip $ECHO $line>>$OUTFILE $IPTABLES -A INPUT -s "$IP" -j DROP fi done if [ -e "$OUTFILE" ]; then $MV -f "$OUTFILE" "$CURRENTBANNEDIPS" let RETVAL+=2 else $RM "$CURRENTBANNEDIPS" let RETVAL+=3 fi fi exit $RETVAL ;; 'w00t') RETVAL=40 if [ -e "$WOOTLOCK" ]; then #w00t may already be running, terminate process ls "$WOOTLOCK" line=`$CAT "$WOOTLOCK"` if [ "$line" != "" ]; then $KILL -9 "$line" >> /dev/nul $RM $WOOTLOCK fi fi if [ "$2" == "stop" ]; then let RETVAL+=1 exit $RETVAL fi PID=0 $TAIL -n +1 -f "$MONITOR" | $GREP --line-buffered "$WATCHLIST" | while read line; do IP=$( $ECHO $line | $AWK '{ print $1 }' ) $0 ban "$IP" "$line" if [ "$PID" == "0" ]; then PID=`$PS au | $GREP "$TAIL -n +1 -f $MONITOR" | $AWK '{ print $2 }'` $ECHO $PID | $AWK '{ print $1 }' > "$WOOTLOCK" fi done exit $RETVAL ;; *) #no scriptname passed $ECHO "$0 scriptname [parameters]" RETVAL=2 exit $RETVAL ;; esac
# In theory we should never get this far let RETVAL+=100 exit $RETVAL

Feel free to expand the script but please consider sending me any updates

Incoming search terms for the article:
Related Posts:
- wp-spamfree comments log 403 forbidden fix
- Adding a new IP to apache2 web server
Uncategorized

apache, apache2, autoban, ban, dfind, exploit, firewall, fix, scan, vulnerability, w00t

1 visitors online now
1 guests, 0 bots, 0 members
Max visitors today: 2 at 09:25 am UTC
This month: 4 at 09-03-2010 07:30 am UTC
This year: 48 at 04-04-2010 10:07 pm UTC
All time: 48 at 04-04-2010 10:07 pm UTC