Search Results

Search found 835 results on 34 pages for 'attack'.

Page 13/34 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • tomcat6 on ubuntu fails when user set to root

    - by J G
    I'm well aware that running tomcat6 is really bad from a security point of view - and opens the box it is running on to all kinds of security risks and attack vectors. That said: When I change the entry in the /etc/init.d/tomcat6 to TOMCAT6_USER=root and then run sudo /etc/init.d/tomcat6 start I get [fail] and nothing is written to the logs under /var/log/tomcat6 and no entry for tomcat6 is created under /var/run How do I diagnose what is going wrong?

    Read the article

  • Basic security practices for desktop Ubuntu

    - by Daisetsu
    Most of us know the basic security practices on Windows: use a limited account set a password disable unused services uninstall bloatware Antivirus / Antimalware etc. I haven't ran linux as my main desktop computer before, so I don't know how to properly secure it. I have heard linux is supposed to be more secure than Windows, but I know that the default settings of anything are rarely secure. What are some things I should do as a new Linux user to secure my desktop system from attack?

    Read the article

  • Control mouse with keyboard in Ubuntu

    - by WishCow
    I'm looking for a program that I can use to control the mouse from the keyboard. I think a video can explain it much better that I could, so please check out Mouser from lifehacker.com: http://lifehacker.com/212816/hack-attack-operate-your-mouse-with-your-keyboard Unfortunately, it's only for Windows, but something this would be the perfect solution. I found a lot of help on mapping keys to programs, but nothing about mapping keys to mouse control.

    Read the article

  • High load on X3220 Quad Core Linux Apache server

    - by John Templar
    I'm seriously in need of help. My sites are now nearly impossible to use because of massive loads on my server. I'm already a month late on my mortgage and this really isn't helping my situation. I've been working on fixing this intermittent load problem for months (never this bad). I'm suspecting some kind of attack since I'm under DDOS attack a lot! I've been trying to figure out what is causing the load but I'm afraid I just don't have the experience or knowledge to understand all the data I've been looking at. I don't even know where to begin or how to test for the large array of attacks out there. Here's some data you might find useful... Server: Xeon X3220 Quad Core 2.4 GHz - Linux, FreeBSD 500 GB HD and 8 Gig of Ram. Runs Centos release 5.7 Server Version: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 mod_qos/9.74 Warning: All sites are softcore adult sites - mostly fantasy art like elves and amazons. 1) Sites may run fine for weeks or just days at less than 10 load then start jumping to 40-80 load - no idea why. Same sites, same mods, same amount of traffic - just WHAM! 2) I get an email almost every day that says: "Large Number of Failed Login Attempts from IP (different each time)". My webhost (who almost never helps me) told me it was a udp flood or something. 3) I've changed the port for MySQL from the default. If I ever put it back to the default - I get Loads of over 100 from what must be a constant mysql port flood. 4) I've reconfigured MYSQL. Link: http://www.deadlyamazons.com/logs/mycnf.txt 5) I have 3 Joomla Jomsocial networks. I've spent a couple weeks turning all the mods/plugins off, waiting a day and then turning them back on the next day or later if there isn't any change (there hasn't been). For example, on Thursday I'll turn off videos, on Friday I'll turn off chat.. etc and nothing changes the load appreciably. 6) Joomla info: All SEF turned off - sh404sef completely disabled and removed. Components: Joomla 1.5.22, Jomsocial 2.0.5, Kunena 1/31/2011, HWDMediashare 11/22/2010 and JBolo Chat 2.7.3, Comet Chat or Envolve Chat. Page Compression is on, Cache is on 15 mins. Please click on this forum to see links to all my reports: http://forum.joomla.org/viewtopic.php?f=433&t=706035&p=2777500#p2777500 Any help would be highly appreciated.

    Read the article

  • IDS for Windows Server 2008?

    - by Ramaz
    I am sure my Windows Server 2008 box is constantly under attack both at the network level and web application level. QUestion is How do i detect these attacks? is there any light-weight software available? which can monitor the server? Note I am running this on a VPS so the monitor program will have to run on the same server.

    Read the article

  • Disable SSL / TLS compression in Apache 2.2.x

    - by DevGav
    Is there a way to disable SSL/TLS Compression in Apache 2.2.x when using mod_ssl? If not, what are people doing to mitigate the effects of CRIME/BEAST in older browsers? Related Links: https://issues.apache.org/bugzilla/show_bug.cgi?id=53219 https://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512 http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor

    Read the article

  • Setting the secure flag on cookies from Outlook Web Access

    - by Cheekysoft
    I'm running Exchange 2007 SP3 which is exposing outlook web access over only HTTPS. However the server delivers the sessionid cookie without the secure flag set. Even though I don't have port 80 open, this cookie is still vulnerable to being stolen over port 80 in the event of a man-in-the-middle attack. It also contributes to a PCI-DSS failure Does anyone know if I can persuade the web server/application to set the secure flag?

    Read the article

  • How to implement a secure authentication over HTTP?

    - by Zagorax
    I know that we have HTTPS, but I would like to know if there's an algorithm/approach/strategy that grants a reasonable security level without using SSL. I have read many solution on the internet. Most of them are based on adding some time metadata to the hashes, but it needs that both server and client has the time set equal. Moreover, it seems to me that none of this solution could prevent a man in the middle attack.

    Read the article

  • Is it normal to give 'users' administrator access to their company PC?

    - by Phillipe B
    Hi, I have a user who wants to be a administrator of his work PC, he's made some story up about how he can't work without it so I'm told to "fix it" (as if it is a fault he's logged on as a user!). My IT co-workers and I don't login as administrators due to viruses/malware getting a foot hold and setting themselves up as servers to distribute an attack (yes this happened in the past). What is the 'norm' for your network users and how do you handle requests for administrator access? Thanks

    Read the article

  • Fail2ban memory usage

    - by ltsstar
    Since my server is under a sustain DNS amplification attack (DDOS), I configured fail2ban and initially my outgoing traffic dropped markedly. Anyway, after a few hours (mostly +10), fail2ban uses about 75% ram and seems to be crashed in some way, because the outgoing traffic raises imediatly after. When I searched the web for the memory problem, I found some people complaining about high fail2ban memory usages as well. But the recommended solution, to insert an ulimit command into a fail2ban config file, did not change that much for me.

    Read the article

  • How to limit the number of concurrent CGI script invocations in Apache 2.2?

    - by hsivonen
    How can I limit the number of concurrent CGI invocations in Apache 2.2.x? More specifically, my problem is this: I have Apache hosting a Bugzilla instance and other stuff on one server. There's very little legitimate concurrent use of Bugzilla. However, it's trivial to mount a Denial of Service attack on the whole server by ignoring robots.txt and simply fetching a lot of bug pages that fork a process and hit a database.

    Read the article

  • Is a VPN a good method for protecting data in an untrusted network? [closed]

    - by john
    I will be connecting my laptop in an untrusted network. If I setup OpenVpn on a server and use a vpn client on the laptop to connect through it, is it enough? Can someone perform a MITM attack or otherwise eavesdrop on my traffic? If someone on the local network port-scans my laptop, will the open ports be accessible to him while I use the VPN tunnel? Is there anything else I should keep in mind?

    Read the article

  • C# XP Sound QuickFix

    - by ikurtz
    I have this: ThreadPool.QueueUserWorkItem(new WaitCallback(FireAttackProc), fireResult); and FireAttackProc: private void FireAttackProc(Object stateInfo) { // Process Attack/Fire (local) lock (_procLock) { // build status message String status = "(Away vs. Home)"; // get Fire Result state info FireResult fireResult = (FireResult)stateInfo; // update home grid with attack information GameModel.HomeCellStatusSet(fireResult.FireGridLocation, Cell.cellState.Lock); this.Invoke(new Action(delegate() { RefreshHomeGrid(); })); status = status + "(Attack Coordinate: (" + GameModel.alphaCoords(fireResult.FireGridLocation.Column) + "," + fireResult.FireGridLocation.Row + "))(Result: "; // play audio data if true if (audio) { String Letters; Stream stream; SoundPlayer player; Letters = GameModel.alphaCoords(fireResult.FireGridLocation.Column); stream = Properties.Resources.ResourceManager.GetStream("_" + Letters); player = new System.Media.SoundPlayer(stream); player.PlaySync(); Letters = fireResult.FireGridLocation.Row.ToString(); stream = Properties.Resources.ResourceManager.GetStream("__" + Letters); player = new System.Media.SoundPlayer(stream); player.PlaySync(); stream.Dispose(); player.Dispose(); } if (audio) { SoundPlayer fire = new SoundPlayer(Properties.Resources.fire); fire.PlaySync(); fire.Dispose(); } // deal with hit/miss switch (fireResult.Hit) { case true: this.Invoke(new Action(delegate() { GameModel.HomeCellStatusSet(fireResult.FireGridLocation, Cell.cellState.Hit); status = status + "(Hit)"; })); if (audio) { SoundPlayer hit = new SoundPlayer(Properties.Resources.firehit); hit.PlaySync(); hit.Dispose(); } break; case false: this.Invoke(new Action(delegate() { GameModel.HomeCellStatusSet(fireResult.FireGridLocation, Cell.cellState.Miss); status = status + "(Miss)"; })); GameModel.PlayerNextTurn = NietzscheBattleshipsGameModel.GamePlayers.Home; if (audio) { SoundPlayer miss = new SoundPlayer(Properties.Resources.firemiss); miss.PlaySync(); miss.Dispose(); } break; } // refresh home grid with updated data this.Invoke(new Action(delegate() { RefreshHomeGrid(); })); GameToolStripStatusLabel.Text = status + ")"; // deal with ship destroyed if (fireResult.ShipDestroyed) { status = status + "(Destroyed: " + GameModel.getShipDescription(fireResult.DestroyedShipType) + ")"; if (audio) { Stream stream; SoundPlayer player; stream = Properties.Resources.ResourceManager.GetStream("_home"); player = new System.Media.SoundPlayer(stream); player.PlaySync(); player.Dispose(); stream.Dispose(); string ShipID = fireResult.DestroyedShipType.ToString(); stream = Properties.Resources.ResourceManager.GetStream("_" + ShipID); player = new System.Media.SoundPlayer(stream); player.PlaySync(); player.Dispose(); stream.Dispose(); stream = Properties.Resources.ResourceManager.GetStream("_destroyed"); player = new System.Media.SoundPlayer(stream); player.PlaySync(); player.Dispose(); stream.Dispose(); } } // deal with win condition if (fireResult.Win) { if (audio) { Stream stream; SoundPlayer player; stream = Properties.Resources.ResourceManager.GetStream("_home"); player = new System.Media.SoundPlayer(stream); player.PlaySync(); player.Dispose(); stream = Properties.Resources.ResourceManager.GetStream("_loses"); player = new System.Media.SoundPlayer(stream); player.PlaySync(); player.Dispose(); } GameModel.gameContracts = new GameContracts(); } // update status message if (fireResult.Hit) { if (!fireResult.Win) { status = status + "(Turn: Away)"; LockGUIControls(); } } // deal with turn logic if (GameModel.PlayerNextTurn == NietzscheBattleshipsGameModel.GamePlayers.Home) { this.Invoke(new Action(delegate() { if (!fireResult.Win) { status = status + "(Turn: Home)"; AwayTableLayoutPanel.Enabled = true; } })); } // deal with win condition if (fireResult.Win) { this.Invoke(new Action(delegate() { status = status + "(Game: Home Loses)"; CancelToolStripMenuItem.Enabled = false; NewToolStripMenuItem.Enabled = true; LockGUIControls(); })); } // display completed status message GameToolStripStatusLabel.Text = status + ")"; } } The issue is this: Under Vista/win7 the sound clips in the FireAttackProc plays. But under XP the logic contained within FireAttackProc gets executed but none of the sound clips play. Is there a quick solution to this so the sound will play under XP? I ask for a quick solution because i am happy being able to execute fully in Vista/Win7 but would be great if there was a quick solution so it would be XP compitable also. Thank you.

    Read the article

  • It’s nice to be important, but it’s more important to be nice

    - by BuckWoody
    I’ve been a little “preachy” lately, telling you that you should let people finish their sentences, and always check a problem out before you tell a user that their issue is “impossible”. Well, I’ll round that out with one more tip today. Keep in mind that all of these things are actions I’ve been guilty of, hopefully in the past. I’m kind of a “work in progress”. And yes, I know these tips are coming from someone who picks on people in presentations, but that is of course done in fun, and (hopefully) with the audience’s knowledge.   (No, this isn’t aimed at any one person or event in particular – I just see it happen a lot)   I’ve seen, unfortunately over and over, someone in authority react badly to someone who is incorrect, or at least perceived to be incorrect. This might manifest itself in a comment, post, question or whatever, but the point is that I’ve seen really intelligent people literally attack someone they view as getting something wrong. Don’t misunderstand me; if someone posts that you should always drop a production database in the middle of the day I think you should certainly speak up and mention that this might be a bad idea!  No, I’m talking about generalizations or even incorrect statements done in good faith. Let me explain with an example.   Suppose someone makes the statement: “If you don’t have enough space on your system, you can just use a DBCC command to shrink the database”. Let’s take two responses to this statement.   Response One: “That’s insane. Everyone knows that shrinking a database is a stupid idea, you’re just going to fragment your indexes all over the place.” Response Two: “That’s an interesting take – in my experience and from what I’ve read here (someurl.com) I think this might not be a universal best practice.”   Of course, both responses let the person making the statement and those reading it know that you don’t agree, and that it’s probably wrong. But the person you responded to and the general audience hearing you (or reading your response) might form two different opinions of you.   The first response says to me “this person really needs to be right, and takes arguments personally. They aren’t thinking of the other person at all, or the folks reading or hearing the exchange. They turned an incorrect technical statement into a personal attack. They haven’t left the other party any room to ‘save face’, and they have potentially turned what could be a positive learning experience for everyone into a negative. Also, they sound more than just a little arrogant.”   The second response says to me “this person has left room for everyone to save face, has presented evidence to the contrary and is thinking about moving the ball forward and getting it right rather than attacking someone for getting it wrong.” It’s the idea of questioning a statement rather than attacking a person.   Perhaps you have a different take. Maybe you think the “direct” approach is best – and maybe that’s worked for you. Something to consider is what you’ve really accomplished while using that first method. Sure, the info you provide is correct, and perhaps someone out there won’t shrink a database because of your response – but perhaps you’ve turned a lot more people off, and now they won’t listen to your other valuable information. You’ll be an expert, but another one of the nameless, arrogant jerks in technology. And I don’t think anyone likes to be thought of that way.   OK, I’ll get down off of the high-horse now. And I’ll keep the title of this entry (said to me by my grandmother when I was a little kid) in mind when I dismount. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Repeated calls with random Javascript append to the URL

    - by cjk
    I keep getting calls to my server where there is random Javascript appended on the end of lots of the calls, e.g.: /UI/Includes/JavaScript/).length)&&e.error( /UI/Includes/JavaScript/,C,!1),a.addEventListener( /UI/Includes/JavaScript/),l=b.createDocumentFragment(),m=b.documentElement,n=m.firstChild,o=b.createElement( /UI/Includes/JavaScript/&&a.getAttributeNode( /UI/Includes/JavaScript/&&a.firstChild.getAttribute( /UI/Includes/JavaScript/).replace(bd, /UI/Includes/JavaScript/)),a.getElementsByTagName( The user agent is always this: Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1;+.NET+CLR+2.0.50727) I have jQuery, Modernizr and other JS and originally thought that some browser was messing up it's JS calls, however this particular IP address hasn't requested any images so I'm wondering if it is some kind of attack. Is this a common occurence?

    Read the article

  • It’s nice to be important, but it’s more important to be nice

    - by BuckWoody
    I’ve been a little “preachy” lately, telling you that you should let people finish their sentences, and always check a problem out before you tell a user that their issue is “impossible”. Well, I’ll round that out with one more tip today. Keep in mind that all of these things are actions I’ve been guilty of, hopefully in the past. I’m kind of a “work in progress”. And yes, I know these tips are coming from someone who picks on people in presentations, but that is of course done in fun, and (hopefully) with the audience’s knowledge.   (No, this isn’t aimed at any one person or event in particular – I just see it happen a lot)   I’ve seen, unfortunately over and over, someone in authority react badly to someone who is incorrect, or at least perceived to be incorrect. This might manifest itself in a comment, post, question or whatever, but the point is that I’ve seen really intelligent people literally attack someone they view as getting something wrong. Don’t misunderstand me; if someone posts that you should always drop a production database in the middle of the day I think you should certainly speak up and mention that this might be a bad idea!  No, I’m talking about generalizations or even incorrect statements done in good faith. Let me explain with an example.   Suppose someone makes the statement: “If you don’t have enough space on your system, you can just use a DBCC command to shrink the database”. Let’s take two responses to this statement.   Response One: “That’s insane. Everyone knows that shrinking a database is a stupid idea, you’re just going to fragment your indexes all over the place.” Response Two: “That’s an interesting take – in my experience and from what I’ve read here (someurl.com) I think this might not be a universal best practice.”   Of course, both responses let the person making the statement and those reading it know that you don’t agree, and that it’s probably wrong. But the person you responded to and the general audience hearing you (or reading your response) might form two different opinions of you.   The first response says to me “this person really needs to be right, and takes arguments personally. They aren’t thinking of the other person at all, or the folks reading or hearing the exchange. They turned an incorrect technical statement into a personal attack. They haven’t left the other party any room to ‘save face’, and they have potentially turned what could be a positive learning experience for everyone into a negative. Also, they sound more than just a little arrogant.”   The second response says to me “this person has left room for everyone to save face, has presented evidence to the contrary and is thinking about moving the ball forward and getting it right rather than attacking someone for getting it wrong.” It’s the idea of questioning a statement rather than attacking a person.   Perhaps you have a different take. Maybe you think the “direct” approach is best – and maybe that’s worked for you. Something to consider is what you’ve really accomplished while using that first method. Sure, the info you provide is correct, and perhaps someone out there won’t shrink a database because of your response – but perhaps you’ve turned a lot more people off, and now they won’t listen to your other valuable information. You’ll be an expert, but another one of the nameless, arrogant jerks in technology. And I don’t think anyone likes to be thought of that way.   OK, I’ll get down off of the high-horse now. And I’ll keep the title of this entry (said to me by my grandmother when I was a little kid) in mind when I dismount. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • "Host key verification failed" error when transfering files using SCP command

    - by rvsi
    When I am trying to transfer files using SCP command I'm getting this error (Removed my IP and RSA key): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is ------------------------(RSA key) Please contact your system administrator. Add correct host key in /home/users/myaccount/.ssh/known_hosts to get rid of this message. Offending key in /home/users/myaccount/.ssh/known_hosts:4 RSA host key for 'my IP' has changed and you have requested strict checking. Host key verification failed. lost connection I am using newly installed Ubuntu 12.04 and I can connect to this server using ssh. Any help?

    Read the article

  • User Lockout & WLST

    - by Bala Kothandaraman
    WebLogic server provides an option to lockout users to protect accounts password guessing attack. It is implemented with a realm-wide Lockout Manager. This feature can be used with custom authentication provider also. But if you implement your own authentication provider and wish to implement your own lockout manager that is possible too. If your domain is configured to use the user lockout manager the following WLST script will help you to: - check whether a user is locked using a WLST script - find out the number of locked users in the realm #Define constants url='t3://localhost:7001' username='weblogic' password='weblogic' checkuser='test-deployer' #Connect connect(username,password,url) #Get Lockout Manager Runtime serverRuntime() dr = cmo.getServerSecurityRuntime().getDefaultRealmRuntime() ulmr = dr.getUserLockoutManagerRuntime() print '-------------------------------------------' #Check whether a user is locked if (ulmr.isLockedOut(checkuser) == 0): islocked = 'NOT locked' else: islocked = 'locked' print 'User ' + checkuser + ' is ' + islocked #Print number of locked users print 'No. of locked user - ', Integer(ulmr.getUserLockoutTotalCount()) print '-------------------------------------------' print '' #Disconnect & Exit disconnect() exit()

    Read the article

  • Is GoDaddy telling the truth? [closed]

    - by Omne
    Everyone who is familiar with GoDaddy or even web business should know about the recent news about GoDaddy. There are just so many different news around the web that I can't process them in my head... http://articles.cnn.com/2012-09-10/tech/tech_web_go-daddy-outage_1_godaddy-outage-websites http://bits.blogs.nytimes.com/2012/09/10/member-of-anonymous-takes-credit-for-godaddy-attack/ And OFC GoDaddy says there were no hacker and costumer data is safe! I have used GoDaddy for long time and I'm not going to change my provider just for this problem, but I'm worry about my information... how can we make sure that GoDaddy is telling the truth? is our information really safe? I have not received any security alert from them telling me to change my password, should I assume that I'm safe?!

    Read the article

  • how should I network my turn based game?

    - by ddriver1
    I'm writing a very basic turn based strategy game which allows a player to select units and attack enemy units on their turn. The game is written in Java using the slick2d library and I plan to use kyronet for the networking api. I want the game to be networked, but I do not know how I should go about it. My current idea is to connect two users together, and the first one to join the game becomes the game host, while the other becomes the client. However after reading http://gafferongames.com/networking-for-game-programmers/what-every-programmer-needs-to-know-about-game-networking/ it seems my game would be suited to a peer to peer lockstep model. Would that make programming the networking side much easier? Any suggestions on how I should structure my networking would be greatly appreciated

    Read the article

  • How to make a battle system in a mobile indie game more fun and engaging

    - by Matt Beckman
    I'm developing an indie game for mobile platforms, and part of the game involves a PvP battle system (where the target player is passive). My vision is simple: the active player can select a weapon/item, then attack/use, and display the calculated outcome. I have a concept for battle modifiers that affect stats to make it more interesting, but I'm not convinced the vision is complete. I've received some inspiration from the game engine that powers Modern War/Kingdom Age/Crime City, but I want more control to make it more fun. In those games, you don't have the option to select weapons or use items, and the "battling" screen is simply 3D eye candy. Since this will be an indie game, I won't be spending $$$ on a team of professional 3D artists/animators, so my edge needs to be different. How would you make a battle system like this more fun and engaging?

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >