Search Results

Search found 13011 results on 521 pages for 'catch block'.

Page 108/521 | < Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115 | Next Page >

pfSense + DDoS Protection

- by Jeremy

I run a gaming community on a colo with a 100Mbps port. I want to buy a very cheap 35 dollar server with the same 100Mbps port, and run pfSense to use as a hardware firewall. I'm dealing with a bunch of 14 year old kids that have access to botnets, so it can become a bit necessary to get something like this. My overall question, is using pfSense on a cheap identical datacenter/port speed server worth it to actually block DDoS attacks? A bit more into detail since I assume you will ask this, the attacks we receive are normally around 1Gbps. We currently run CentOS using CSF Firewall, and even when using a software firewall, we block 500Mbps UDP floods, or just generic attacks pretty easily. Thanks, - Necro

Read the article
Create mirror software raid with bad blocks hdd. How to check data integrity?

- by rumburak

There is error in System event log like this one: "The device, \Device\Harddisk1\DR1, has a bad block." Because of above I created Raid 1 on this disk and other one. I'm using Windows Server 2008 R2 software RAID volumes. Volume in Disk Manager is marked as "Failed Redundancy" and "At Risk". I could command to "Reactivate Disk" and it's starts to re-sync, but after a while it stops and returns to previous state. It stops re-sync on bad block on old disk and creates same error in System event log. Old disk status is Errors, new disk status is Online. How can I check that there is exact copy of the old disk on new one ? It is server machine so I would prefer to keep it running during this check.

Read the article
zram trimming by writing zero pages

- by qdot

I'm using ZRAM as a backing block device for /tmp filesystem in the following manner: echo 8000000000 > /sys/block/zram0/disksize mkfs.ext4 -O dir_nlink,extent,extra_isize,flex_bg,^has_journal,uninit_bg -m0 \ -b 4096 -L "zram0" /dev/zram0 mount -o barrier=0,commit=240,noatime,nodev,nosuid /dev/zram0 /tmp chmod aogu+rwx /tmp It works out reasonably well for me - however, there is an issue here - when files are removed, they are not zero'ed, so the ZRAM does not remote the compressed pages. Obviously running dd if=/dev/zero of=/tmp/ZERO bs=1M count={free-space-some-rest}; rm /tmp/ZERO clears it up in the ZRAM - it gets notified of zero-pages and shrinks the store. How can I get ext4 to zero used pages on delete? Also, any other suggestions on how to optimize it?

Read the article
passing URL vars to a wordpress page and pretty-fying it with .htaccess

- by Jonah

I have wordpress installed in a directory called welcome, and /welcome/samples is a "page" (created via Wordpress). It's has a php template waiting for a $_REQUEST['category'] When a user goes to /welcome/samples/fun, I want to have "fun" passed to the samples php template in the form welcome/samples/?category=fun But I want the URL to remain in its original form - it's currently replacing the it with the ugly "?cat...etc" # Outside the wordpress block so it won't be overwritten Options +FollowSymlinks RewriteEngine On RewriteRule ^samples/([^/]+)$ /welcome/samples?cat=$1 [R,L] # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /welcome/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /welcome/index.php [L] </IfModule> # END WordPress I tried Rewriting with simply samples?cat=$1 but I was getting a 404. I tried putting in the RewriteBase /welcome/ in the first block. without the [R] flag it doesn't work at all. I keep trying different permutations... and failing:( Perhaps I'm missing some basic concepts... thanks if you take the time to even read through this:) ciao

Read the article
fail2ban with Cloudflare

- by tatersalad58

I'm using fail2ban to block web vulnerability scanners. It is working correctly when visiting the site if CloudFlare is bypassed, but a user can still access it if going through it. I have mod_cloudflare installed. Is it possible to block users with IPtables when using Cloudflare? Ubuntu Server 12.04 32-bit Access.log: 112.64.89.231 - - [29/Aug/2012:19:16:01 -0500] "GET /muieblackcat HTTP/1.1" 404 469 "-" "-" Jail.conf [apache-probe] enabled = true port = http,https filter = apache-probe logpath = /var/log/apache2/access.log action = iptables-multiport[name=apache-probe, port="http,https", protocol=tcp] maxretry = 1 bantime = 30 # Test Apache-probe.conf [Definition] failregex = ^<HOST>.*"GET \/muieblackcat HTTP\/1\.1".* ignoreregex =

Read the article
eMail with Conflicting Headers not blocked in MS365

- by John Meredith Langstaff

On occasion, a company receives eMail with two header fields (“Received” and “From”) containing data that contradict each other drastically. Should they not expect their anti-spam system to flag or block items with contradictions in these fields? For example, they received an eMail which contained [almost exactly] these two headers: Received: from [107.52.51.26] by web315204.mail.ne1.yahoo.com via HTTP; Mon,28 Oct 2013 04:28:04 PDT From: Barry Smith [email protected] Obviously, eMail from an @att.net address isn’t coming from a server on the domain yahoo.com, and Yahoo isn’t forwarding AT&T’s eMail. There were no other headers indicating that the item was sent “OnBehalfOf”, or “Forwarded-by”, or “By_Proxy” or any other such. Should I write a utility to scan incoming eMail for such conflicts, or look more closely at their spam filtering to block this kind of eMail? Their eMail system is Hosted Exchange on MS-365. My central question is, where specifically do I look in MS-365 to get this type of conflicted eMail blocked?

Read the article
Where do I learn about IP blocks and subnets? Or is there just a calculator that does it all for me?

- by cwd

Amazon's elastic compute tool (among others) requires the ip block format for their command: ec2-authorize websrv -P tcp -p 80 -s 205.192.0.0/16 I may be doing this wrong, but as far as I can tell I need to use the block format even for a single IP address. 1) So, how would I do that for this IP? 71.75.232.132 Several years ago I took a CCNA class, and I remember going over IPs and subnets, masks, broadcast addresses, class a/b/c networks, etc. However a lot seems to have changed since then - for example I don't think you can tell what "class" a network is in just by looking at it anymore - sometimes they could be multiple classes. 2) Anyhow, my second question is where do I go to get a refresher on all these things? 3) Or should I just be using ipcalc or an online calculator to do it all for me - and if so, which one?

Read the article
How to drop all subnets outside of the US using iptables

- by Jim

I want to block all subnets outside the US. I've made a script that has all of the US subnets in it. I want to disallow or DROP all but my list. Can someone give me an example of how I can start by denying everything? This is the output from -L Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:ftp state NEW DROP icmp -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination And these are the rules iptables --F iptables --policy INPUT DROP iptables --policy FORWARD DROP iptables --policy OUTPUT ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp -i eth0 --dport 21 -m state --state NEW -j ACCEPT iptables -A INPUT -p icmp -j DROP Just for clarity, with these rules, I can still connect to port 21 without my subnet list. I want to block ALL subnets and just open those inside the US.

Read the article
What solutions do I have to enforce memory limit on PHP server?

- by Zulgrib

I would like to enforce memory limit on a folder basis (and have it applied on subfolders) but I don't want the user able to change the memory limit. I know I can disable ini_set and I know I can enforce a hard limit or deny ini_set with Suhosin. With the first one, I doubt it will block changing it from the user.ini file, for the second, the user may still be able to change it to the hard limit I enforce with Suhosin. In both cases, I would prefer to not entierly block ini_set because it may have a legit use for other settings. In case it is important, I'm using PHP version 5.4.4 with nginx (PHP in FPM mode)

Read the article
squidGuard hangs during setup

- by richard

I have a squid proxy on my Debian-Gnu-Linux-laptop configured to block some web sites. I can set a browser to use this proxy, but I can also configure it to not use it. As I an using it to block some sites. I do not wish and application to be able to bypass the proxy. Is it possible to to configure a fire wall to black outgoing traffic except if sent by the proxy application or user? I would like a simple configurator if possible.

Read the article
Xpath automatization software

- by holms

Too sad this topic was closed. But I'm kind of a having the same question. I want to construct xpathes, for common html block which appears on page. For example: you can give two URLs to that software, which will contain SAME html blocks (divs) , but having different content in it. by giving 2 stackoverflow.com url's, software could detect that same div#id is being used once again, and just give XPATH'es of those html blocks like for example. Of course I can find xpath'es my self, as far as I remember, firebug makes it easy,shows xpath of every html block, but this is kind of hard procedure if you want to get xpath'es for LOTS of html elements. so that's why I want this kind of software to help in this routine.

Read the article
Understanding packet flows over RVI

- by choco-loo

I'm trying to get a full grasp of firewall filters and how to apply them on a Juniper EX4200 switch - to be able to block ports, police traffic and shape traffic. The network architecture is as follows internet >-< vlan4000 >-< vlan43 vlan4000 is a public "routed" block (where all the IPs are routed to and the internet gw is) vlan43 is a vlan with public IPs with devices (servers) attached There are static routes and RVI's on the EX4200 to send all traffic via vlan4000's gateway to reach the internet. I've set up filters on both input and output of the respective RVI's and VLAN's - with simple counters, to measure traffic flow from a server inside of vlan43 and a server on the internet. Using a combination of iperf for UDP and TCP tests and fping for ICMP tests - I observed the following, icmp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 100 100 unit43-counter-out 0 0 vlan4000-counter-in 6 4 vlan4000-counter-out 107 104 vlan43-counter-in 101 100 vlan43-counter-out 100 100 tcp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 73535 38480 unit43-counter-out 0 0 vlan4000-counter-in 7 8 vlan4000-counter-out 73543 38489 vlan43-counter-in 73535 38481 vlan43-counter-out 38938 75880 udp vlan43>internet internet>vlan43 unit4000-counter-in 0 0 unit4000-counter-out 0 0 unit43-counter-in 81410 1 unit43-counter-out 0 0 vlan4000-counter-in 18 7 vlan4000-counter-out 81429 8 vlan43-counter-in 81411 1 vlan43-counter-out 1 85472 My key goals are to set up a few filters and policers, as there will be many more VLANs - that all need protecting from each other and the internet. Then globally limit/police all outbound traffic to the internet Block inbound ports to vlan43 (eg. 22) Limit outbound traffic from vlan43 (to the internet) Limit outbound traffic from vlan43 (to other vlans) Limit outbound traffic from vlan4000 (to the internet from all vlans) Route traffic from vlans via specific routing instances (FBF) The question What I want to understand is why there isn't ever any activity on unit4000 or vlan4000 inbound or outbound counter - is this because there isn't a device on this VLAN - and that the traffic is only traversing it? And with regards to the TCP test - why is there twice as many packets on unit43-counter-in, vlan4000-counter-out and vlan43-counter-in - is this counting both the inbound and outbound traffic?

Read the article
C++ Style Comments for Microsoft Word 2008?

- by user33559

Hello, I would like to be able use some sort of C++ style commenting for Microsoft Word. E.g. If I have // line of text the entire line should be a comment and should appear in a different colour. Same goes for: /* text block */ I would want text block to be in a different colour than my main text. Another feature that would be nice but not necessary for me to have is some sort of a way to quickly strip all the comments. I have no idea how this could be done, if possible. Any ideas? Thanks.

Read the article
Use Adblock to allow most ads on a site

- by jrob

I leave Adblock turned on for all sites by default. I allow ads on some sites. You can do this by adding an exception for a site that is allowed to show ads. This puts a site in the white list. However, I do not know how to allow most ads on a page, but block a specific ad. I am not even sure Adblock will do this. I believe it is all or none. If a site is in the white list, it appears that all other rules are ignored. Is there a way to allow most ads on a website, but still block specific ads?

Read the article
What tangible security are gained by blocking all but a few outgoing ports in a firewall

- by Frankie Dintino

Our current hardware firewall allows for blocking incoming and outgoing ports. We have two possibilities: Block certain troublesome ports (unsecured smtp, bittorrent, etc.) Block all but a few approved ports (http, https, ssh, imap-ssl, etc.) I see several downsides with option 2. Occasionally web servers are hosted on non-standard ports and we would have to deal with the resulting issues. Also, there is nothing preventing a malicious or unwanted service from being hosted on port 80, for instance. What are are the upsides?

Read the article
Adding operation in middle of complex sequence diagram in visio 2003

- by James

I am using Microsoft Visio 2003 to define static classes with operations/methods and a sequence diagrams referring to these classes. The sequence diagram is almost done, but i realized that i missed one operation in middle of the diagram. When i try to move rest of the sequences down by selecting it as a block, all the operations in the block loose link with static diagrams. ( Methods which were referred to static classes as fun(), became fun, which means that now they no longer refer to static diagrams and any future changes would not be reflected in dynamic sequence diagrams automatically.) The sequence diagrams have grown to A3 size paper and i have many of such diagrams which needs correction. Manually moving the operations one by one would involve lots of effort. Could someone kindly suggest a way to overcome this problem?

Read the article
Decreasing Root Disk Size of an "EBS Boot" AMI on EC2

- by darkAsPitch

So I have followed Eric's wonderful article here: http://alestic.com/2009/12/ec2-ebs-boot-resize This was the code basically that helped me increase the default size of the AMI: ec2-run-sintances ami-ID -n 1 --key keypair.pem --block-device-mapping "/dev/sda1=:250" Running Ubuntu 11.10 I didn't even have to re-size the disk afterwards, it was immediately a 250GB drive. How do I go about decreasing the default size of the AMI??? I tried: ec2-run-sintances ami-ID -n 1 --key keypair.pem --block-device-mapping "/dev/sda1=:100" Obviously... but I was told: Client.InvalidBlockDeviceMapping: Volume of size 100GB is smaller than snapshot ####### <250

Read the article
NVRAM for journals on Linux?

- by symcbean

I've been thinking about ways of speeding up disk I/O, and one of the bottlenecks I keep coming back to is the journal. There's an obvious benefit to using an SSD for the journal - over and above just write caching unless of course I just disable the journal with the write cache (after all devicemapper doesn't seem to support barriers). In order to get the benefits from using a BB write cache on the controller, then I'd need to disable journalling - but then the OS should try to fsck the system after an outage. Of course if the OS knows what's in the batter-backed memory then it could use it as the journal - but that means it must be exposed as a block device and only be under the control of the operating system. However I've not been able to find a suitable low-cost device (no, write-levelling for Flash is not adequate for a journal, at least one which uses Smartmedia). While there's no end of flash devices, disk/array controllers with BB write caches, so far I've not found anything which just gives me non-volatile memory addressable as a block storage device.

Read the article
Exploratory Question for Security Admins (/etc/passwd + PHP)

- by JPerkSter

Hi everyone, I've been seeing a few issues lately on a few of my servers where an account gets hacked via outdated scripts, and the hacker uploads a cPanel / FTP Brute forcing PHP script inside the account. The PHP File reads /etc/passwd to get the usernames, and than uses a passwd.txt file to try and brute force it's way in to 127.0.0.1:2082. I'm trying to think of a way to block this. It doesn't POST anything except "GET /path/phpfile.php", so I can't use mod_security to block this. I've been thinking of maybe changing permissions on /etc/passwd to 600, however I'm unsure how this will result in regards to my users. I was also thinking of rate-limiting localhost connections to :2082, however I'm worried about mod_proxy being affected. Any suggestions?

Read the article
Exchange 2010 forwarded emails by external servers being blocked

- by MadBoy

Our users were getting spam messages from their own accounts (same domain/login for example [email protected] to [email protected]). This is preety standard trick and I decided to block it so that anonymous users can't send emails as @company.com. This brought some problems on us like our printers not being able to send emails etc but I solved it with secondary smtp receiver on different port with ip restrictions. However it seems to affect forwarding by some e-mail servers as well: Hi. This is the qmail-send program at home.pl. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. : 89.14.1.26 failed after I sent the message. Remote host said: 550 5.7.1 Client does not have permissions to send as this sender --- Below this line is a copy of the message. Return-Path: Return-Path: Received: from mail.company.com [89.14.1.26] (HELO mail.company.com) by company.ho.pl [79.93.31.43] with SMTP (IdeaSmtpServer v0.70) id 488fcb01c2f069d9; Tue, 3 Jan 2012 09:46:55 +0100 Received: from EXCHANGE1.COMPANY ([fe80::d425:135f:b655:1223]) by EXCHANGE2.COMPANY ([fe80::193f:51ac:9316:cb27%14]) with mapi id 14.01.0355.002; Tue, 3 Jan 2012 09:46:55 +0100 From: =?iso-8859-2?Q?MadBoy?= So basically server forwards it without affecting email address it was send with and our servers treat it like spam. I used this command to block things: Get-ReceiveConnector "DEFAULT Exchange2" | Get-ADPermission -user "NT AUTHORITY\Anonymous Logon" | where {$_.ExtendedRights -like "ms-exch-smtp-accept-authoritative-domain-sender"} | Remove-ADPermission Is there anyway I can keep on receiveing things like forwards but be able to block things (except some dedicated antispam solution - this will be added later). Also how do I "reassing" back the permissions that was removed? EDIT to clarify: I have a domain domain.com configured as Authorative. Couple of our users are on project for differentcompany.com which is not on our servers or anywhere close. Now when they send an email from their accounts lets say [email protected] to [email protected] that special alias is configured so that any email it receives it forwards to multiple people including a group alias at our domain [email protected] and that group alias puts the email in users mailboxes. After the email is forwarded by [email protected] and it reaches our server it is denied because the forwarding done by the "external" server doesn't affect user information so for the server it seems like the [email protected] was actually sender and it treats it as spam and denies it. The server at differentcompany.com just adds itself to the header that it passed thru it and doesn't modify sender at anyway (seems like this is how forwarding works). Although I could probably allow this particular server as allowed to relay but this would seem to affect more servers/users as anyone can setup forwarding on their email back to our domain...

Read the article
PSAD Firewall/ UDP flood?

- by Asad Moeen

Well I'm actually trying to block a UDP Flood on the Application port because the string "getstatus" is causing my application to make large output due to a small input to the attacker's IP. I installed PSAD firewall to do the job. psad -S shows 3000,000 logged packets at the application port and top ports in Scan but does not block the IP of the attacker however other IP Addresses with small number of connections are dropped. I'm thinking that since output is also being made to the attacker, this is why its not getting blocked because iptables rate-limiting is also exactly doing the same thing and not blocking the IP where outgoing connection is also made. Any guesses why it won't work?

Read the article
Good maintained privacy Add-On/settings set that takes usability into account?

- by Foo Bar

For some weeks I've been trying to find a good set of Firefox Addons that give me a good portion of privacy/security without losing to much of usability. But I can't seem to find a nice combination of add-ons/settings that I'm happy with. Here's what I tried, together with the pros and cons that I discovered: HTTPS Everywhere: Has only pro's: just install and be happy (no interaction needed), loads known pages SLL-encrypted, is updated fairly often NoScript - Fine, but needs a lot of fine-tuning, often maintained, mainly blocks all non-HTML/CSS Content, but the author sometimes seems to do "untrustworthy" decission RequestPolicy - seems dead (last activity 6 months ago, has some annoying bugs, official support mail address is dead), but the purpose of this is really great: gives you full control over cross-site requests: blocks by default, let's you add sites to a whitelist, once this is done it works interaction-less in the background AdBlock Edge: blocks specific cross-site requests from a pre-defined whitelist (can never be fully sure, need to trust others) Disconnect: like AdBlock Edge, just looking different, has no interaction possibilities (can never be fully sure, need to trust others, can not interact even if I wanted to) Firefox own Cookie Managment (block by default, whitelist specific sites), after building own whitelist it does it's work in the background and I have full control All These addons together basically block everything unsecure. But there are a lot of redundancies: NoScript has a mixed-content blocker, but FF has it's own for a while now. Also the Cookie blocker from NoScript is reduntant to my FF-Cookie setting. NoScript also has an XSS-blocker, which is redundant to RequestPolicy. Disconnect and AdBlock are extremly redundant, but not fully. And there are some bugs (especially RequestPolicy). And RequestPolicy seems to be dead. All in all, this list is great but has these heavy drawbacks. My favourite set would be "NoScript Light" (only script blocking, without all the additonal redundant-to-other-addons hick-hack it does) + HTTPS Everywhere + RequestPolicy-clone (maintained, less buggy), because RequestPolicy makes all other "site-blockers" obsolete (because it blocks everything by default and let's me create a whitelist). But since RequestPolicy is buggy and seems to be dead I have to fallback to AdBlock Edge and Disconnect, which don't block all and and need more maintaining (whitelist updates, trust-check). Are there addons that fulfill my wishes?

Read the article
Apache ProxyPass ignore static files

- by virtualeyes

Having an issue with Apache front server connecting to a Jetty application server. I thought that ProxyPass ! in a location block was supposed to NOT pass on processing to the application server, but for some reason that is not happening in my case, Jetty shows a 404 on the missing statics (js, css, etc.) Here's my Apache (v 2.4, BTW) virtual host block: DocumentRoot /path/to/foo ServerName foo.com ServerAdmin [email protected] RewriteEngine On <Directory /path/to/foo> AllowOverride None Require all granted </Directory> ProxyRequests Off ProxyVia Off ProxyPreserveHost On <Proxy *> AddDefaultCharset off Order deny,allow Allow from all </Proxy> # don't pass through requests for statics (image,js,css, etc.) <Location /static/> ProxyPass ! </Location> <Location /> ProxyPass http://localhost:8081/ ProxyPassReverse http://localhost:8081/ SetEnv proxy-sendchunks 1 </Location>

Read the article
Blocking ports on the public IP assigned to lo interface in GNU/Linux

- by nixnotwin

I have setup my Ubuntu server as a router and webserver by following the answer given here. My ISP facing interface eth0 has a private 172.16.x.x/30 ip and my lo interface has a public IP as mentioned in the answer to the question linked above. The setup is working well. The only snag I have experienced is that I could not find a way to block the ports exposed by the public IP on the lo interface. I tried doing iptables -A INPUT -i eth0 -j DROP, and my server lost connectivity to the public network (internet). I could not ping any public ips. What I want is a way to block ports that are exposed by the public ip on the lo interface. And also I require iptables rules that can expose ports like 80 or openvpn port to the public network.

Read the article
Windows Firewall allows connection from any IP regardless of rule that only allow a specific IP

- by Pierre-Alain Vigeant

I have configured the Windows Firewall to Block (default) incoming connection on the public profile. I have created a rule for a port (in this case, this is Sql Server) that explicitly states that only my office static IP is allowed. If I test from my office, I am able to connect to the port. I was expecting that anybody outside the office would not be able to connect, but this is not the case. I asked a friend to telnet the port to see if it would reply and it does even if he's not on my network. I am a bit confuse here. Shouldn't it block everybody but the given IP? Is my server completely unsecured?

Read the article

< Previous Page | 104 105 106 107 108 109 110 111 112 113 114 115 | Next Page >