Hello, welcome to the Wednesday, July 18th, 2018 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Washington, D.C.

While I'm not a big fan of just outright blocking access from certain countries, it can be quite useful in order to enrich your logs with geolocation information.

Xavier has a little Python script for you to quickly look up the geographic location of an IP address or a host name.

Now, typically you would use one of the standard geolocation databases

for this. Maxmind probably is the biggest one providing these databases for download,

either free or commercial. But what Xavier points out is that you can also add your own

information to these databases.

This is in particular helpful in order to, for example, attribute access requests to particular

branch offices or so in your organization.

So for IP addresses that you use internally, of course, you should be able to define the geographic

location very precisely

and assign it to specific locations like branch offices.

And if you're using the popular typo three content management system, it's time to patch.

The typo team did release updates for all three current versions. That's version

7, 8 and 9. And the new release fixes four vulnerabilities. The first one is an authentication

bypass vulnerability. Depends somewhat on the exact configuration on the system, then there is a

SQL injection vulnerability and two deserilization vulnerabilities that may lead to remote code execution.

So certainly patch it, even though how vulnerable you are to these particular issues,

depends somewhat on your system configuration.

Also, read the advisory in addition to just patching because there are a couple configuration options

that you can select in PHP to make exploitation more difficult or impossible in some cases.

...