Search Results

Search found 835 results on 34 pages for 'attack'.

Page 12/34 | < Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >

  • Is the using of dirname(__FILE__) a good practice?

    - by webose
    looking at the code of Joomla I see that in the first line of the index, it defines the base path of installation with the dirname(FILE) is this a font of possible risk for the site, I mean if a non controlled error message show the internal path of the Joomla directory, because of, for example a failed include, can it be used to perform some kind of attack to the site ? If yes, is it convenient to use this function ? Any idea is welcome. Thanks

    Read the article

  • How to know if your computer is hit by a dnschanger virus?

    - by kira
    The Federal Bureau of Investigation (FBI) is on the final stage of its Operation Ghost Click, which strikes against the menace of the DNSChanger virus and trojan. Infected PCs running the DNSChanger malware at unawares are in the danger of going offline on this coming Monday (July 9) when the FBI plans to pull down the online servers that communicate with the virus on host computers. After gaining access to a host PC, the DNSChanger virus tries to modify the DNS (Domain Name Server) settings, which are essential for Internet access, to send traffic to malicious servers. These poisoned web addresses in turn point traffic generated through infected PCs to fake or unsafe websites, most of them running online scams. There are also reports that the DNSChanger virus also acts as a trojan, allowing perpetrators of the hack attack to gain access to infected PCs. Google issued a general advisory for netizens in May earlier this year to detect and remove DNSChanger from infected PCs. According to our report, some 5 lakh PCs were still infected by the DNSChanger virus in May 2012. The first report of the DNSChanger virus and its affiliation with an international group of hackers first came to light towards the end of last year, and the FBI has been chasing them down ever since. The group behind the DNSChanger virus is estimated to have infected close to 4 million PCs around the world in 2011, until the FBI shut them down in November. In the last stage of Operation Ghost Click, the FBI plans to pull the plug and bring down the temporary rogue DNS servers on Monday, July 9, according to an official announcement. As a result, PCs still infected by the DNSChanger virus will be unable to access the Internet. How do you know if your PC has the DNSChanger virus? Don’t worry. Google has explained the hack attack and tools to remove the malware on its official blog. Trend Micro also has extensive step-by-step instructions to check if your Windows PC or Mac is infected by the virus. The article is found at http://www.thinkdigit.com/Internet/Google-warns-users-about-DNSChanger-malware_9665.html How to check if my computer is one of those affected?

    Read the article

  • Need a VM for running a PHP Sandbox

    - by Phani
    I am working on Web application honeypot. It collects PHP files it receives (as part of an RFI attack) and runs them in order to return the result back to the attacker. The aim is to coax the bad guy into going further into his attack. Based on the answers to my SO question, I am looking at using VMs for running the PHP Sandbox. The honeypot itself consists of Python code and will be running in a Linux environment (preferably Ubuntu-like). These are some of the requirements: The VM should be a light weight as possible. We are going to distribute the code around and many people are going to use the VM along with the Python based honeypot. So, the installation and configuration should not be too difficult. The guest system would also be Linux as we are going to distribute the VM image around. It should be possible for the Python code outside to talk to the guest system. It would be passing on the PHP file to the guest system and will get the output result from it. It should be possible to automate the initial configuration of the VM (such as allocation of RAM etc.) I would like to randomize these settings in order to make the sandbox less 'fingerprintable' I have looked at OpenVZ and KVM so far. Are there any other VMs that I might look at? What do you recommend?

    Read the article

  • Is my dns server being attacked? And what should I do about it?

    - by Mnebuerquo
    I've been having some intermittent dns problems with a web server, where certain isp's dns servers don't have my hostnames in cache and fail to look them up. At the same time, queries to opendns for those hostnames resolve correctly. It's intermittent, and it always works fine for me, so it's hard to identify the problem when someone reports connectivity problems to my site. In trying to figure this out, I've been looking at my logs to see if there are any errors I should know about. I found thousands of the following messages in my logs, from different ip's, but all requesting similar dns records: May 12 11:42:13 localhost named[26399]: client 94.76.107.2#36141: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:42:13 localhost named[26399]: client 94.76.107.2#29075: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:42:13 localhost named[26399]: client 94.76.107.2#47924: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:42:13 localhost named[26399]: client 94.76.107.2#4727: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:42:14 localhost named[26399]: client 94.76.107.2#16153: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:42:14 localhost named[26399]: client 94.76.107.2#40267: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:43:35 localhost named[26399]: client 82.209.240.241#63507: query (cache) 'burningpianos.com/MX/IN' denied May 12 11:43:35 localhost named[26399]: client 82.209.240.241#63721: query (cache) 'burningpianos.org/MX/IN' denied May 12 11:43:36 localhost named[26399]: client 82.209.240.241#3537: query (cache) 'burningpianos.com/MX/IN' denied I've read of Dan Kaminski's dns cache poisoning vulnerability, and I'm wondering if these log records are an attempt by some evildoer to attack my dns server. There are thousands of records in my logs, all requesting "burningpianos", some for com and some for org, most looking for an mx record. There are requests from multiple ip's, but each ip will request hundreds of times per day. So this smells to me like an attack. What is the defense against this?

    Read the article

  • How Could My Website Be Hacked

    - by Kiewic
    Hi! I wonder how this could happen. Someone delete my index.php files from all my domains and puts his own index.php files with the next message: Hacked by Z4i0n - Fatal Error - 2009 [Fatal Error Group Br] Site desfigurado por Z4i0n Somos: Elemento_pcx - s4r4d0 - Z4i0n - Belive Gr33tz: W4n73d - M4v3rick - Observing - MLK - l3nd4 - Soul_Fly 2009 My domain has many subdomains, but only the subdomains that can be accessed with an specific user were hacked, the rest weren't affected. I assumed that someone entered through SSH, because some of these subdomains are empty and Google doesn't know about them. But I checked the access log using the last command, but this didn't show any activity through SSH or FTP the day of the attack neither seven days before. Does anybody has an idea? I already changed my passwords. What do you recommend me to do? UPDATE My website is hosted at Dreamhost. I suppose they have the latest patches installed. But, while I was looking how they entered to my server, I found weird things. In one of my subdomains, there were many scripts for execute commands on the server, upload files, send mass emails and display compromising information. These files had been created since last December!! I have deleted those files and I'm looking for more malicious files. Maybe the security hold is an old and forgotten PHP application. This application has a file upload form protected by a password system based on sessions. One of the malicious scripts was in the uploads directory. This doesn't seem like an SQL Injection attack. Thanks for your help.

    Read the article

  • Web filtering (Proxy or DNS) with option for users to ignore the block

    - by Jon Rhoades
    We are struggling with our users visiting infected or "attack" sites and Phising in general. Most of our machines are protected by an Enterprise anti virus and monitoring solution (McAffe ePO) and we try to get people to use Firefox... But no AV is perfect and we have to endure personal machines as well (albeit on their own 'Plague' VLANs) and would like to do something about Phishing as our users seem intent on disclosing their passwords to the world... To complicate matters we don't want to implement a block for many many reasons instead we would like to implement something akin to Firefox's "Reported Scam/Phish/Attack Site" - "Get me out of here" or crucially "Let me in anyway", giving the user a choice to still infect themselves if they feel like it (or look at a site incorrectly blacklisted). The reason we can't just use Firefox is we have a core enterprise App only certified on IE6&7 - thank you Oracle. Is it possible to implement this type of advisory filtering either using a proxy (in our case Squid) or DNS? http://serverfault.com/questions/15801/what-free-options-are-available-for-web-content-filtering http://serverfault.com/questions/47520/open-source-filtering-of-https-traffic Were a good start, but they don't address the advisory aspect of the filtering.

    Read the article

  • TCPDump and IPTables DROP by string

    - by Tiffany Walker
    by using tcpdump -nlASX -s 0 -vvv port 80 I get something like: 14:58:55.121160 IP (tos 0x0, ttl 64, id 49764, offset 0, flags [DF], proto TCP (6), length 1480) 206.72.206.58.http > 2.187.196.7.4624: Flags [.], cksum 0x6900 (incorrect -> 0xcd18), seq 1672149449:1672150889, ack 4202197968, win 15340, length 1440 0x0000: 4500 05c8 c264 4000 4006 0f86 ce48 ce3a E....d@[email protected].: 0x0010: 02bb c407 0050 1210 63aa f9c9 fa78 73d0 .....P..c....xs. 0x0020: 5010 3bec 6900 0000 0f29 95cc fac4 2854 P.;.i....)....(T 0x0030: c0e7 3384 e89a 74fa 8d8c a069 f93f fc40 ..3...t....i.?.@ 0x0040: 1561 af61 1cf3 0d9c 3460 aa23 0b54 aac0 .a.a....4`.#.T.. 0x0050: 5090 ced1 b7bf 8857 c476 e1c0 8814 81ed P......W.v...... 0x0060: 9e85 87e8 d693 b637 bd3a 56ef c5fa 77e8 .......7.:V...w. 0x0070: 3035 743a 283e 89c7 ced8 c7c1 cff9 6ca3 05t:(>........l. 0x0080: 5f3f 0162 ebf1 419e c410 7180 7cd0 29e1 _?.b..A...q.|.). 0x0090: fec9 c708 0f01 9b2f a96b 20fe b95a 31cf ......./.k...Z1. 0x00a0: 8166 3612 bac9 4e8d 7087 4974 0063 1270 .f6...N.p.It.c.p What do I pull to use IPTables to block via string. Or is there a better way to block attacks that have something in common? Question is: Can I pick any piece from that IP packet and call it a string? iptables -A INPUT -m string --alog bm --string attack_string -j DROP In other words: In some cases I can ban with TTL=xxx and use that should an attack have the same TTL. Sure it will block some legit packets but if it means keeping the box up it works till the attack goes away but I would like to LEARN how to FIND other common things in a packet to block with IPTables

    Read the article

  • How I can recover files when the folder shows empty but the files are not deleted?

    - by Borror0
    Yesterday, my laptop caught a virus which caused massive damage. Since them, I have been trying to recover important files before reformatting my computer, a task the virus has not made easy. Restoration points predating the attack have been deleted. Most of my folders show empty. My Start menu is essentially empty, with the exception of Trillian and Mirror's Edge. The same goes for my Desktop, which only has programs which were installed after the attack. Searching for files though my computer is pretty much useless, as it only rarely brings up anything. I suspect most of my files have not been deleted. While my folders show empty, uTorrent still does display them and I can open them from here. Unfortunately, when I select Open Containing Folder, the folder still shows as completely empty even if I'm currently watching a video from that very folder. Further adding evidence to the not-deleted, just-missing theory, the data recovery software I'm using (Restoration) cannot find only find an handful of the missing files. If they were deleted, I could do a forensic recovery to get them back but since they're probably still somewhere on my computer, just out out of my reach, I can't find them. Under those circumstances, is there a way I can recover those files?

    Read the article

  • Cisco 851 (IOS) router: FastEthernet 4 (WAN) got the shutdown flag.

    - by cjavapro
    At a customer location there was a Cisco 851 router (which uses IOS). The PCs on location were all of a sudden unable to connect. We came on site and found that FastEthernet 4 (the WAN port) was "administratively down". We ran these commands to resolve it config t interface fa4 no shutdown exit exit write Now the mystery is how the shutdown flag got there in the first place? The router was on battery backup... but during the outage it was power cycled by the customer. It is possible that there was a short outage by the ISP and that the power cycle caused the shutdown flag to come up. There may have been a hack or an attack pattern that caused the shutdown flag to come up. There may have been a hack or an attack pattern that the router to become unavailable and then caused the shutdown flag to be added on startup. Question: Does anybody have any clues? or at least remember that they had a shutdown flag come up on their WAN port also?

    Read the article

  • Apache suddenly very slow on http and faster on https

    - by hsnm
    Background: I have Apache 2 running on ubuntu. There is a low usage on it and mostly being accessed for a web service URL from mobile apps. It was working fine until I installed SSL certificates. I now have both http and https. When I access the server using https, I get a fairly quick response (but probably not as fast as before). When I use http, it's so slow. What I tried: From this post: I curl localhost from the host and it takes some time, meaning there is no routing issue. The server runs on Amazon EC2 instance and is managed by me only. Also: I see that Apache once running, creates the maximum number of processes it is allowed to, which was not the case before. I lowered the MaxClients to 20 and I think I'm getting faster responses but it still takes over a minute and I always have MaxClients Apache processes. dmesg returns many [ 1953.655703] TCP: Possible SYN flooding on port 80. Sending cookies. When I netstat I get many entries with SYN_RECV. Possibly a DDoS attack? From EC2's monitoring diagrams I see a pattern of high "Maximum Network In (Bytes)" since 2 days ago. By the way the server is still being tested, the actual traffic is very low and not consistent. I tried to go with this solution to limit incoming connections using iptables, still no luck, but I'm trying. Question: What could be the problem? Is this a DDoS attack?

    Read the article

  • Problems Allocating Objects of Derived Class Where Base Class has Abstract Virtual Functions

    - by user1743901
    I am trying to get this Zombie/Human agent based simulation running, but I am having problems with these derived classes (Human and Zombie) who have parent class "Creature". I have 3 virtual functions declared in "Creature" and all three of these are re-declared AND DEFINED in both "Human" and "Zombie". But for some reason when I have my program call "new" to allocate memory for objects of type Human or Zombie, it complains about the virtual functions being abstract. Here's the code: definitions.h #ifndef definitions_h #define definitions_h class Creature; class Item; class Coords; class Grid { public: Creature*** cboard; Item*** iboard; int WIDTH; int HEIGHT; Grid(int WIDTHVALUE, int HEIGHTVALUE); void FillGrid(); //initializes grid object with humans and zombies void Refresh(); //calls Creature::Die(),Move(),Attack(),Breed() on every square void UpdateBuffer(char** buffer); bool isEmpty(int startx, int starty, int dir); char CreatureType(int xcoord, int ycoord); char CreatureType(int startx, int starty, int dir); }; class Random { public: int* rptr; void Print(); Random(int MIN, int MAX, int LEN); ~Random(); private: bool alreadyused(int checkthis, int len, int* rptr); bool isClean(); int len; }; class Coords { public: int x; int y; int MaxX; int MaxY; Coords() {x=0; y=0; MaxX=0; MaxY=0;} Coords(int X, int Y, int WIDTH, int HEIGHT) {x=X; y=Y; MaxX=WIDTH; MaxY=HEIGHT; } void MoveRight(); void MoveLeft(); void MoveUp(); void MoveDown(); void MoveUpRight(); void MoveUpLeft(); void MoveDownRight(); void MoveDownLeft(); void MoveDir(int dir); void setx(int X) {x=X;} void sety(int Y) {y=Y;} }; class Creature { public: bool alive; Coords Location; char displayletter; Creature() {Location.x=0; Location.y=0;} Creature(int i, int j) {Location.setx(i); Location.sety(j);} virtual void Attack() =0; virtual void AttackCreature(Grid G, int attackdirection) =0; virtual void Breed() =0; void Die(); void Move(Grid G); int DecideSquare(Grid G); void MoveTo(Grid G, int dir); }; class Human : public Creature { public: bool armed; //if armed, chances of winning fight increased for next fight bool vaccinated; //if vaccinated, no chance of getting infected int bitecount; //if a human is bitten, bite count is set to a random number int breedcount; //if a human goes x steps without combat, will breed if next to a human int starvecount; //if a human does not eat in x steps, will die Human() {displayletter='H';} Human(int i, int j) {displayletter='H';} void Attack(Grid G); void AttackCreature(Grid G, int attackdirection); void Breed(Grid G); //will breed after x steps and next to human int DecideAttack(Grid G); }; class Zombie : public Creature { public: Zombie() {displayletter='Z';} Zombie(int i, int j) {displayletter='Z';} void Attack(Grid G); void AttackCreature(Grid G, int attackdirection); void Breed() {} //does nothing int DecideAttack(Grid G); void AttackCreature(Grid G, int attackdirection); }; class Item { }; #endif definitions.cpp #include <cstdlib> #include "definitions.h" Random::Random(int MIN, int MAX, int LEN) //constructor { len=LEN; rptr=new int[LEN]; //allocate array of given length for (int i=0; i<LEN; i++) { int random; do { random = rand() % (MAX-MIN+1) + MIN; } while (alreadyused(random,LEN,rptr)); rptr[i]=random; } } bool Random::alreadyused(int checkthis, int len, int* rptr) { for (int i=0; i<len; i++) { if (rptr[i]==checkthis) return 1; } return 0; } Random::~Random() { delete rptr; } Grid::Grid(int WIDTHVALUE, int HEIGHTVALUE) { WIDTH = WIDTHVALUE; HEIGHT = HEIGHTVALUE; //builds 2d array of creature pointers cboard = new Creature**[WIDTH]; for(int i=0; i<WIDTH; i++) { cboard[i] = new Creature*[HEIGHT]; } //builds 2d array of item pointers iboard = new Item**[WIDTH]; for (int i=0; i<WIDTH; i++) { iboard[i] = new Item*[HEIGHT]; } } void Grid::FillGrid() { /* For each creature pointer in grid, randomly selects whether to initalize as zombie, human, or empty square. This methodology can be changed to initialize different creature types with different probabilities */ int random; for (int i=0; i<WIDTH; i++) { for (int j=0; j<HEIGHT; j++) { Random X(1,100,1); //create a single random integer from [1,100] at X.rptr random=*(X.rptr); if (random < 20) cboard[i][j] = new Human(i,j); else if (random < 40) cboard[i][j] = new Zombie(i,j); else cboard[i][j] = NULL; } } //at this point every creature pointer should be pointing to either //a zombie, human, or NULL with varying probabilities } void Grid::UpdateBuffer(char** buffer) { for (int i=0; i<WIDTH; i++) { for (int j=0; j<HEIGHT; j++) { if (cboard[i][j]) buffer[i][j]=cboard[i][j]->displayletter; else buffer[i][j]=' '; } } } bool Grid::isEmpty(int startx, int starty, int dir) { Coords StartLocation(startx,starty,WIDTH,HEIGHT); switch(dir) { case 1: StartLocation.MoveUp(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 2: StartLocation.MoveUpRight(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 3: StartLocation.MoveRight(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 4: StartLocation.MoveDownRight(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 5: StartLocation.MoveDown(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 6: StartLocation.MoveDownLeft(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 7: StartLocation.MoveLeft(); if (cboard[StartLocation.x][StartLocation.y]) return 0; case 8: StartLocation.MoveUpLeft(); if (cboard[StartLocation.x][StartLocation.y]) return 0; } return 1; } char Grid::CreatureType(int xcoord, int ycoord) { if (cboard[xcoord][ycoord]) //if there is a creature at location xcoord,ycoord return (cboard[xcoord][ycoord]->displayletter); else //if pointer at location xcoord,ycoord is null, return null char return '\0'; } char Grid::CreatureType(int startx, int starty, int dir) { Coords StartLocation(startx,starty,WIDTH,HEIGHT); switch(dir) { case 1: StartLocation.MoveUp(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 2: StartLocation.MoveUpRight(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 3: StartLocation.MoveRight(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 4: StartLocation.MoveDownRight(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 5: StartLocation.MoveDown(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 6: StartLocation.MoveDownLeft(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 7: StartLocation.MoveLeft(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); case 8: StartLocation.MoveUpLeft(); if (cboard[StartLocation.x][StartLocation.y]) return (cboard[StartLocation.x][StartLocation.y]->displayletter); } //if function hasn't returned by now, square being looked at is pointer to null return '\0'; //return null char } void Coords::MoveRight() {(x==MaxX)? (x=0):(x++);} void Coords::MoveLeft() {(x==0)? (x=MaxX):(x--);} void Coords::MoveUp() {(y==0)? (y=MaxY):(y--);} void Coords::MoveDown() {(y==MaxY)? (y=0):(y++);} void Coords::MoveUpRight() {MoveUp(); MoveRight();} void Coords::MoveUpLeft() {MoveUp(); MoveLeft();} void Coords::MoveDownRight() {MoveDown(); MoveRight();} void Coords::MoveDownLeft() {MoveDown(); MoveLeft();} void Coords::MoveDir(int dir) { switch(dir) { case 1: MoveUp(); break; case 2: MoveUpRight(); break; case 3: MoveRight(); break; case 4: MoveDownRight(); break; case 5: MoveDown(); break; case 6: MoveDownLeft(); break; case 7: MoveLeft(); break; case 8: MoveUpLeft(); break; case 0: break; } } void Creature::Move(Grid G) { int movedir=DecideSquare(G); MoveTo(G,movedir); } int Creature::DecideSquare(Grid G) { Random X(1,8,8); //X.rptr now points to 8 unique random integers from [1,8] for (int i=0; i<8; i++) { int dir=X.rptr[i]; if (G.isEmpty(Location.x,Location.y,dir)) return dir; } return 0; } void Creature::MoveTo(Grid G, int dir) { Coords OldLocation=Location; Location.MoveDir(dir); G.cboard[Location.x][Location.y]=this; //point new location to this creature G.cboard[OldLocation.x][OldLocation.y]=NULL; //point old location to NULL } void Creature::Die() { if (!alive) { delete this; this=NULL; } } void Human::Breed(Grid G) { if (!breedcount) { Coords BreedLocation=Location; Random X(1,8,8); for (int i=0; i<8; i++) { BreedLocation.MoveDir(X.rptr[i]); if (!G.cboard[BreedLocation.x][BreedLocation.y]) { G.cboard[BreedLocation.x][BreedLocation.y])=new Human(BreedLocation.x,BreedLocation.y); return; } } } } int Human::DecideAttack(Grid G) { Coords AttackLocation=Location; Random X(1,8,8); int attackdir; for (int i=0; i<8; i++) { attackdir=X.rptr[i]; switch(G.CreatureType(Location.x,Location.y,attackdir)) { case 'H': break; case 'Z': return attackdir; case '\0': break; default: break; } } return 0; //no zombies! } int AttackRoll(int para1, int para2) { //outcome 1: Zombie wins, human dies //outcome 2: Human wins, zombie dies //outcome 3: Human wins, zombie dies, but human is bitten Random X(1,100,1); int roll= *(X.rptr); if (roll < para1) return 1; else if (roll < para2) return 2; else return 3; } void Human::AttackCreature(Grid G, int attackdirection) { Coords AttackLocation=Location; AttackLocation.MoveDir(attackdirection); int para1=33; int para2=33; if (vaccinated) para2=101; //makes attackroll > para 2 impossible, never gets infected if (armed) para1-=16; //reduces chance of zombie winning fight int roll=AttackRoll(para1,para2); //outcome 1: Zombie wins, human dies //outcome 2: Human wins, zombie dies //outcome 3: Human wins, zombie dies, but human is bitten switch(roll) { case 1: alive=0; //human (this) dies return; case 2: G.cboard[AttackLocation.x][AttackLocation.y]->alive=0; return; //zombie dies case 3: G.cboard[AttackLocation.x][AttackLocation.y]->alive=0; //zombie dies Random X(3,7,1); //human is bitten bitecount=*(X.rptr); return; } } int Zombie::DecideAttack(Grid G) { Coords AttackLocation=Location; Random X(1,8,8); int attackdir; for (int i=0; i<8; i++) { attackdir=X.rptr[i]; switch(G.CreatureType(Location.x,Location.y,attackdir)) { case 'H': return attackdir; case 'Z': break; case '\0': break; default: break; } } return 0; //no zombies! } void Zombie::AttackCreature(Grid G, int attackdirection) { int reversedirection; if (attackdirection < 9 && attackdirection>0) { (attackdirection<5)? (reversedirection=attackdirection+4):(reversedirection=attackdirection-4); } else reversedirection=0; //this should never happen //when a zombie attacks a human, the Human::AttackZombie() function is called //in the "reverse" direction, utilizing that function that has already been written Coords ZombieLocation=Location; Coords HumanLocation=Location; HumanLocation.MoveDir(attackdirection); if (G.cboard[HumanLocation.x][HumanLocation.y]) //if there is a human there, which there should be G.cboard[HumanLocation.x][HumanLocation.y]->AttackCreature(G,reversedirection); } void Zombie::Attack(Grid G) { int attackdirection=DecideAttack(G); AttackCreature(G,attackdirection); } main.cpp #include <cstdlib> #include <iostream> #include "definitions.h" using namespace std; int main(int argc, char *argv[]) { Grid G(500,500); system("PAUSE"); return EXIT_SUCCESS; }

    Read the article

  • Game AI: Pattern for implementing Sense-Think-Act components?

    - by Rosarch
    I'm developing a game. Each entity in the game is a GameObject. Each GameObject is composed of a GameObjectController, GameObjectModel, and GameObjectView. (Or inheritants thereof.) For NPCs, the GameObjectController is split into: IThinkNPC: reads current state and makes a decision about what to do IActNPC: updates state based on what needs to be done ISenseNPC: reads current state to answer world queries (eg "am I being in the shadows?") My question: Is this ok for the ISenseNPC interface? public interface ISenseNPC { // ... /// <summary> /// True if `dest` is a safe point to which to retreat. /// </summary> /// <param name="dest"></param> /// <param name="angleToThreat"></param> /// <param name="range"></param> /// <returns></returns> bool IsSafeToRetreat(Vector2 dest, float angleToThreat, float range); /// <summary> /// Finds a new location to which to retreat. /// </summary> /// <param name="angleToThreat"></param> /// <returns></returns> Vector2 newRetreatDest(float angleToThreat); /// <summary> /// Returns the closest LightSource that illuminates the NPC. /// Null if the NPC is not illuminated. /// </summary> /// <returns></returns> ILightSource ClosestIlluminatingLight(); /// <summary> /// True if the NPC is sufficiently far away from target. /// Assumes that target is the only entity it could ever run from. /// </summary> /// <returns></returns> bool IsSafeFromTarget(); } None of the methods take any parameters. Instead, the implementation is expected to maintain a reference to the relevant GameObjectController and read that. However, I'm now trying to write unit tests for this. Obviously, it's necessary to use mocking, since I can't pass arguments directly. The way I'm doing it feels really brittle - what if another implementation comes along that uses the world query utilities in a different way? Really, I'm not testing the interface, I'm testing the implementation. Poor. The reason I used this pattern in the first place was to keep IThinkNPC implementation code clean: public BehaviorState RetreatTransition(BehaviorState currentBehavior) { if (sense.IsCollidingWithTarget()) { NPCUtils.TraceTransitionIfNeeded(ToString(), BehaviorState.ATTACK.ToString(), "is colliding with target"); return BehaviorState.ATTACK; } if (sense.IsSafeFromTarget() && sense.ClosestIlluminatingLight() == null) { return BehaviorState.WANDER; } if (sense.ClosestIlluminatingLight() != null && sense.SeesTarget()) { NPCUtils.TraceTransitionIfNeeded(ToString(), BehaviorState.ATTACK.ToString(), "collides with target"); return BehaviorState.CHASE; } return currentBehavior; } Perhaps the cleanliness isn't worth it, however. So, if ISenseNPC takes all the params it needs every time, I could make it static. Is there any problem with that?

    Read the article

  • Monitoring the Application alongside SQL Server

    - by Tony Davis
    Sometimes, on Simple-Talk, it takes a while to spot strange and unexpected patterns of user activity, or small bugs. For example, one morning we spotted that an article’s comment count had leapt to 1485, but that only four were displayed. With some rooting around in Google Analytics, and the endlessly annoying Community Server admin-interface, we were able to work out that a few days previously the article had been subject to a spam attack and that the comment count was for some reason including both accepted and unaccepted comments (which in turn uncovered a bug in the SQL). This sort of incident made us a lot keener on monitoring Simple-talk website usage more effectively. However, the metrics we wanted are troublesome, because they are far too specific for Google Analytics to measure, and the SQL Server backend doesn’t keep sufficient information to enable us to plot trends. The latter could provide, for example, the total number of comments made on, or votes cast for, articles, over all time, but not the number that occur by hour over a set time. We lacked a baseline, in other words. We couldn’t alter the database, as it is a bought-in package. We had neither the resources nor inclination to build-in dedicated application monitoring. Possibly, we could investigate a third-party tool to do the job; but then it occurred to us that we were already using a monitoring tool (SQL Monitor) to keep an eye on the database. It stored data, made graphs and sent alerts. Could we get it to monitor some aspects of the application as well? Of course, SQL Monitor’s single purpose is to check and monitor SQL Server, over time, rather than to monitor applications that use SQL Server. However, how different is the business of gathering and plotting SQL Server Wait Stats, from gathering and plotting various aspects of user activity on the site? Not a lot, it turns out. The latest version allows us to write our own custom monitoring scripts, meaning that we could now monitor any metric in the application that returns an integer. It took little time to write a simple SQL Query that collects basic metrics of the total number of subscribers, votes cast, comments made, or views of articles, over time. The SQL Monitor database polls Simple-Talk every second or so in order to get the latest totals, and can then store and plot this information, or even correlate SQL Server usage to application usage. You can see the live data by visiting monitor.red-gate.com. Click the "Analysis" tab, and select one of the "Simple-talk:" entries in the "Show" box and an appropriate data range (e.g. last 30 days). It’s nascent, and we’re still working on it, but it’s already given us more confidence that we’ll spot quickly trends, bugs, or bursts of ‘abnormal’ activity. If there is a sudden rise in comments, we get an alert, and if it’s due to a spam attack, we can moderate or ban the perpetrator very quickly. We’ve often argued that a tool should perform a single job well rather than turn into a Swiss-army knife, but ironically we’ve rather appreciated being able to make best use of what’s there anyway for a slightly different purpose. Is this a good or common practice? What do you think? Cheers, Tony.

    Read the article

  • jeditable not working

    - by zurna
    I did not make any changes on the code. I dont receive any errors but its not working. I must be missing something very very simple here. Any suggestion appreciated... Test link. http://www.aslanyurek.com/inner.asp?Section=commentary&CommentaryID=1 $('.GameStory').editable('content/commentary/index.cs.asp?Process=EditLiveCommentary&CommentaryID=<%=Request.QueryString("CommentaryID")%>', { type : 'textarea', id : 'elementid', name : 'CommentaryDesc', cancel : 'Cancel', submit : 'OK', indicator : '<img src="img/indicator.gif">', tooltip : 'Click to edit...', cssclass : 'someclass' }); <div class="GameStory"> <p><span class="minute">36'</span>Here comes the pressure as Chelsea suddenly begin to up the tempo and Bolton can't keep the ball or clear it out of their own half.</p> <p><span class="minute">34'</span>Yuri Zhirkov, despite his head wound, is having a really good game and seems to be enjoying the freedom that he has been given to attack from his left back berth tonight.</p> <p><span class="minute">27'</span>Drogba whips in a free-kick that Jaaskelainen, for some reason, decides to punch straight into the face of Salomon Kalou who watches on as the ball rolls agonisingly of the post. Scare for Bolton.</p> <p><span class="minute">4'</span>Chelsea face Bolton at 8pm on Tuesday, April 13th.</p> <p><span class="minute">3'</span>Lively start at the Bridge with both sides looking to attack - it is by no means a defensive lineup from Owen Coyle so this could be an interesting game.</p> <p><span class="minute">0'</span>Nicolas Anelka gets the first shot of the match in on goal but its very tamely struck and Jaaskelainen gathers easily.</p> </div>

    Read the article

  • Abstract Base Class or Class?

    - by Mohit Deshpande
    For my semester project, my team and I are supposed to make a .jar file (library, not runnable) that contains a game development framework and demonstrate the concepts of OOP. Its supposed to be a FRAMEWORK and another team is supposed to use our framework and vice-versa. So I want to know how we should start. We thought of several approaches: 1. Start with a plain class public class Enemy { public Enemy(int x, int y, int health, int attack, ...) { ... } ... } public class UserDefinedClass extends Enemy { ... } 2. Start with an abstract class that user-defined enemies have to inherit abstract members public abstract class Enemy { public Enemy(int x, int y, int health, int attack, ...) { ... } public abstract void draw(); public abstract void destroy(); ... } public class UserDefinedClass extends Enemy { ... public void draw() { ... } public void destroy() { ... } } 3. Create a super ABC (Abstract Base Class) that ALL inherit from public abstract class VectorEntity { ... } public abstract class Enemy extends VectorEntity { ... } public class Player extends VectorEntity { ... } public class UserDefinedClass extends Enemy { ... } Which should I use? Or is there a better way?

    Read the article

  • PHP -- automatic SQL injection protection?

    - by ashgromnies
    I took over maintenance of a PHP app recently and I'm not super familiar with PHP but some of the things I've been seeing on the site are making me nervous that it could be vulnerable to a SQL injection attack. For example, see how this code for logging into the administrative section works: $password = md5(HASH_SALT . $_POST['loginPass']); $query = "SELECT * FROM `administrators` WHERE `active`='1' AND `email`='{$_POST['loginEmail']}' AND `password`='{$password}'"; $userInfo = db_fetch_array(db_query($query)); if($userInfo['id']) { $_SESSION['adminLoggedIn'] = true; // user is logged in, other junk happens here, not important The creators of the site made a special db_query method and db_fetch_array method, shown here: function db_query($qstring,$print=0) { return @mysql(DB_NAME,$qstring); } function db_fetch_array($qhandle) { return @mysql_fetch_array($qhandle); } Now, this makes me think I should be able to do some sort of SQL injection attack with an email address like: ' OR 'x'='x' LIMIT 1; and some random password. When I use that on the command line, I get an administrative user back, but when I try it in the application, I get an invalid username/password error, like I should. Could there be some sort of global PHP configuration they have enabled to block these attacks? Where would that be configured? Here is the PHP --version information: # php --version PHP 5.2.12 (cli) (built: Feb 28 2010 15:59:21) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies with the ionCube PHP Loader v3.3.14, Copyright (c) 2002-2010, by ionCube Ltd., and with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies

    Read the article

  • When is it safe to use a broken hash function?

    - by The Rook
    It is trivial to use a secure hash function like SHA256 and continuing to use md5 is reckless behavior. However, there are some complexities to hash function vulnerabilities that I would like to better understand. Collisions have been generated for md4 and md5. According to NIST md5() is not a secure hash function. It only takes 2^39th operations to generate a collision and should never be used for passwords. However SHA1 is vulnerable to a similar collision attack in which a collision can be found in 2^69 operations, where as brute force is 2^80th. No one has generated a sha1 collision and NIST still lists sha1 as a secure message digest function. So when is it safe to use a broken hash function? Even though a function is broken it can still be "big enough". According to Schneier a hash function vulnerable to a collsion attack can still be used as an HMAC. I believe this is because the security of an HMAC is Dependant on its secret key and a collision cannot be found until this key is obtained. Once you have the key used in a HMAC its already broken, so its a moot point. What hash function vulnerabilities would undermine the security of an HMAC? Lets take this property a bit further. Does it then become safe to use a very weak message digest like md4 for passwords if a salt is perpended to the password? Keep in mind the md4 and md5 attacks are prefixing attacks, and if a salt is perpended then an attacker cannot control the prefix of the message. If the salt is truly a secret, and isn't known to the attacker, then does it matter if its a appended to the end of the password? Is it safe to assume that an attacker cannot generate a collision until the entire message has been obtained? Do you know of other cases where a broken hash function can be used in a security context without introducing a vulnerability? (Please post supporting evidence because it is awesome!)

    Read the article

  • plot an item map (based on difficulties)

    - by Tyler Rinker
    I have a data set of item difficulties that correspond to items on a questionnaire that looks like this: item difficulty 1 ITEM_6: I DESTROY THINGS BELONGING TO OTHERS 2.31179818 2 ITEM_11: I PHYSICALLY ATTACK PEOPLE 1.95215238 3 ITEM_5: I DESTROY MY OWN THINGS 1.93479536 4 ITEM_10: I GET IN MANY FIGHTS 1.62610855 5 ITEM_19: I THREATEN TO HURT PEOPLE 1.62188759 6 ITEM_12: I SCREAM A LOT 1.45137544 7 ITEM_8: I DISOBEY AT SCHOOL 0.94255210 8 ITEM_3: I AM MEAN TO OTHERS 0.89941812 9 ITEM_20: I AM LOUDER THAN OTHER KIDS 0.72752197 10 ITEM_17: I TEASE OTHERS A LOT 0.61792597 11 ITEM_9: I AM JEALOUS OF OTHERS 0.61288399 12 ITEM_4: I TRY TO GET A LOT OF ATTENTION 0.39947791 13 ITEM_18: I HAVE A HOT TEMPER 0.32209970 14 ITEM_13: I SHOW OFF OR CLOWN 0.31707701 15 ITEM_7: I DISOBEY MY PARENTS 0.20902108 16 ITEM_2: I BRAG 0.19923607 17 ITEM_15: MY MOODS OR FEELINGS CHANGE SUDDENLY 0.06023317 18 ITEM_14: I AM STUBBORN -0.31155481 19 ITEM_16: I TALK TOO MUCH -0.67777282 20 ITEM_1: I ARGUE A LOT -1.15013758 I want to make an item map of these items that looks similar (not exactly) to this (I created this in word but it lacks true scaling as I just eyeballed the scale). It's not really a traditional statistical graphic and so I don't really know how to approach this. I don't care what graphics system this is done in but I am more familiar with ggplot2 and base. I would greatly appreciate a method of plotting this sort of unusual plot. Here's the data set (I'm including it as I was having difficulty using read.table on the dataframe above): DF <- structure(list(item = structure(c(17L, 3L, 16L, 2L, 11L, 4L, 19L, 14L, 13L, 9L, 20L, 15L, 10L, 5L, 18L, 12L, 7L, 6L, 8L, 1L ), .Label = c("ITEM_1: I ARGUE A LOT", "ITEM_10: I GET IN MANY FIGHTS", "ITEM_11: I PHYSICALLY ATTACK PEOPLE", "ITEM_12: I SCREAM A LOT", "ITEM_13: I SHOW OFF OR CLOWN", "ITEM_14: I AM STUBBORN", "ITEM_15: MY MOODS OR FEELINGS CHANGE SUDDENLY", "ITEM_16: I TALK TOO MUCH", "ITEM_17: I TEASE OTHERS A LOT", "ITEM_18: I HAVE A HOT TEMPER", "ITEM_19: I THREATEN TO HURT PEOPLE", "ITEM_2: I BRAG", "ITEM_20: I AM LOUDER THAN OTHER KIDS", "ITEM_3: I AM MEAN TO OTHERS", "ITEM_4: I TRY TO GET A LOT OF ATTENTION", "ITEM_5: I DESTROY MY OWN THINGS", "ITEM_6: I DESTROY THINGS BELONGING TO OTHERS", "ITEM_7: I DISOBEY MY PARENTS", "ITEM_8: I DISOBEY AT SCHOOL", "ITEM_9: I AM JEALOUS OF OTHERS" ), class = "factor"), difficulty = c(2.31179818110545, 1.95215237740899, 1.93479536058926, 1.62610855327073, 1.62188759115818, 1.45137543733965, 0.942552101641177, 0.899418119889782, 0.7275219669431, 0.617925967008653, 0.612883990709181, 0.399477905189577, 0.322099696946661, 0.31707700560997, 0.209021078266059, 0.199236065264793, 0.0602331732900628, -0.311554806052955, -0.677772822413495, -1.15013757942119)), .Names = c("item", "difficulty" ), row.names = c(NA, -20L), class = "data.frame") Thank you in advance.

    Read the article

  • How long do DDoS attacks last?

    - by Susan
    I realize the answer to this question will vary, which is why I'm asking it. If you've suffered a DDoS attack before - how long did it last? Just trying to get an idea of how long we'll have to continue to wage this battle (going on a couple weeks now).

    Read the article

  • A lot of TCP: time wait bucket table overflow in CentOS 6

    - by divaka
    we have the following output from dmesg: __ratelimit: 33491 callbacks suppressed TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow TCP: time wait bucket table overflow Also we have the following setting: cat /proc/sys/net/ipv4/tcp_max_tw_buckets 524288 We are under some kind of attack, but we could not detect what cause this problem?

    Read the article

  • How recovery zip password using CUDA (GPU) ?

    - by marc
    Welcome, How can i recovery zip password on linux using CUDA (GPU). From 2 day's i'm trying using "fcrackzip" but it's too slow. Few months back i saw some application that can use GPU / CUDA and get large performance boost in compare to CPU. If brute-force using cuda is not possible, please tell me what's the best application for dictionary attack, and where can i find best (largest) dictionary. Regards

    Read the article

  • Anti-DDoS Question

    - by Andre
    Our company´s main owner (telecon group) wants us to deploy anti-DDoS mechanisms, such as Arbor Pravail, which is a great idea. Although... I have a question... If our main ISP Backbone provider have no anti-DDoS mechanism, means that there is no point we get the Arbor Pravail? An DDoS attack can make damage uniquely the destination IP or to the whole network that the DDoS packets go through? Regards,

    Read the article

  • How can i recover a zip password using CUDA (GPU) ?

    - by marc
    How can i recover a zip password on linux using CUDA (GPU). For the past two days i tried using "fcrackzip" but it's too slow Few months back i saw some application that can use GPU / CUDA and get large performance boost in comparison to CPU. If brute-force using cuda is not possible, please tell me what's the best application for performing a dictionary attack, and where can i find best (largest) dictionary. Regards

    Read the article

  • Penetration testing - common examples?

    - by Mirek
    Hi, I was charged to do some basic penetration testing on our system. I tried to find some favoured practices but I was not successful. I guess SYN attack is retired (no NT here). Could anyone advice some basic steps of what to test in order to proceed at least very basic penetration test? Thanks

    Read the article

< Previous Page | 8 9 10 11 12 13 14 15 16 17 18 19  | Next Page >