Search Results

Search found 851 results on 35 pages for 'rubin attack'.

Page 2/35 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Linux server very slow after IP change and synflood attack

    - by Johannes Ruof
    our server experienced a synflood attack and we used the csf firewall synflood settings to block it. Our server administrators also changed the IP of the server to a new one and blackholed the old IP. The attack went over and I changed the synflood settings back. However the server is still very slow, with a very low CPU usage and very low traffic on the website. Does anybody have an idea what might be causing this? The server is a CENTOS 6.4 x86_64 Thanks in advance, J. Ruof

    Read the article

  • Automatically disable devices to save power and mitigate DMA attack in Windows 7

    - by Martheen Cahya Paulo
    Some OEM include energy saving apps that can switch off certain devices such as webcam or optical drive. Is there any brand-agnostic app out there that can do it? If the list of disabled device is customizable, it would be useful too for mitigating DMA attack (disabling Firewire, PCMCIA, SDIO, Thunderbolt, etc). Even better if it can recognize lock/logoff event, to mimic OSX behavior in mitigating the DMA attack.

    Read the article

  • @CodeStock 2012 Review: Rob Gillen ( @argodev ) - Anatomy of a Buffer Overflow Attack

    Anatomy of a Buffer Overflow AttackSpeaker: Rob GillenTwitter: @argodevBlog: rob.gillenfamily.net Honestly, this talk was over my head due to my lack of knowledge of low level programming, and I think that most of the other attendees would agree. However I did get the basic concepts that we was trying to get across. Fortunately most high level programming languages handle most of the low level concerns regarding preventing buffer overflow attacks. What I got from this talk was to validate all input data from external sources.

    Read the article

  • @CodeStock 2012 Review: Rob Gillen ( @argodev ) - Anatomy of a Buffer Overflow Attack

    Anatomy of a Buffer Overflow AttackSpeaker: Rob GillenTwitter: @argodevBlog: rob.gillenfamily.net Honestly, this talk was over my head due to my lack of knowledge of low level programming, and I think that most of the other attendees would agree. However I did get the basic concepts that we was trying to get across. Fortunately most high level programming languages handle most of the low level concerns regarding preventing buffer overflow attacks. What I got from this talk was to validate all input data from external sources.

    Read the article

  • POST attack on my website

    - by benhowdle89
    Hi, I have a site (humanisms.co.uk) which incorporates a voting system, ie. user clicks "Up" and it sends a parameter to a PHP script via AJAX, the PHP inserts vote into MYSQL db and the new "Up" vote is sent back to the page to update the vote count. This is working great but i've noticed that the number of votes for one of my questions shot up last night. I viewed my webhosts access logs and saw this line: 108.27.195.232 - - [03/Mar/2011:15:20:18 +0000] "POST /vote.php HTTP/1.1" 200 2 "http://www.humanisms.co.uk/" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; en-US) AppleWebKit/534.16 (KHTML, like Gecko) Chrome/10.0.648.114 Safari/534.16" This is repeated well over 100 times and sometimes more than once a second. Now i know they probably arent sitting there clicking Vote but running some sort of PHP loop? I'm not worried about SQL injection but what can i do to prevent this same IP address from doing this or what can i do in general to avoid this scenario. I should also say that there's no login so anyone can click using the voting system. Thanks

    Read the article

  • Gumblar Attack

    Gumblar appears to be a combination of exploit scripts and malware. The scripts are embedded in .html, .js and .php files using obfuscated Javascript. They load malware content from Third Party sites without the user’s knowledge, while also stealing FTP credentials from the victim’s computer, which then allows it to spread and infect additional sites. Therefore, when someone visits such an infected site they get infected; if they have FTP credentials for a website on their machine then those sites get infected too. This explains the exponential growth of the exploit in such a short space of time.

    Read the article

  • Long term plan of attack to learn math?

    - by zhenka
    I am a web-developer with a desire to expand my skill-set to mathematics relevant to programming. As 2nd career, I am stuck in college doing some of the requirements while working. I was hoping the my education will teach me the needed skills to apply math, however I am quickly finding it to be too much easily-testable breadth-based approach very inefficient for the time invested. For example in my calculus 2 class, the only remotely useful mind expanding experience I had was volumes and areas under the curve. The rest was just monotonous glorified algebra, which while comes easy to me, could be done by software like wolfram alpha within seconds. This is not my idea of learning math. So here I am a frustrated student looking for a way to improve my understanding of math in a way that focuses on application, understanding and maximally removed needless tedium. However I cannot find a good long term study strategy with this approach in mind. So for those of like mind, how would you go about learning the necessary math without worrying too much about stuff a computer can do much better?

    Read the article

  • Brainstorm: Flood/DoS/DDoS Attack prevention ideas.

    - by Gnarly
    This is not a question asking how to stop an attack. This is simply a thread for anyone and everyone to discuss ideas for preventing, dealing with, and keeping your server alive during these attacks. Do not discuss using 3rd party software, this is a place to make your own ideas and read others. Post examples if you'd like. Post ideas how to filter out flood attacks. Post ideas how to keep your server alive while being under a heavy DDoS attack.

    Read the article

  • Mitigating the 'firesheep' attack at the network layer?

    - by pobk
    What are the sysadmin's thoughts on mitigating the 'firesheep' attack for servers they manage? Firesheep is a new firefox extension that allows anyone who installs it to sidejack session it can discover. It does it's discovery by sniffing packets on the network and looking for session cookies from known sites. It is relatively easy to write plugins for the extension to listen for cookies from additional sites. From a systems/network perspective, we've discussed the possibility of encrypting the whole site, but this introduces additional load on servers and screws with site-indexing, assets and general performance. One option we've investigated is to use our firewalls to do SSL Offload, but as I mentioned earlier, this would require all of the site to be encrypted. What's the general thoughts on protecting against this attack vector? I've asked a similar question on StackOverflow, however, it would be interesting to see what the systems engineers thought.

    Read the article

  • Detecting man-in-the-middle attacks?

    - by Ilari Kajaste
    There seem to be many possible ways to create man-in-the-middle attacks on public access points, by stealing the access point's local IP address with ARP spoofing. The possible attacks range from forging password request fields, to changing HTTPS connections to HTTP, and even the recently discovered possibilit of injecting malicious headers in the beginning of secure TLS connections. However, it seems to be claimed that these attacks are not very common. It would be interesting to see for myself. What ways are there to detect if such an attack is being attempted by someone on the network? I guess getting served a plain HTTP login page would be an obvious clue, and of course you could run Wireshark and keep reading all the interesting ARP traffic... But an automated solution would be a tiny bit more handy. Something that analyzes stuff on the background and alerts if an attack is detected on the network. It would be interesting to see for myself if these attack are actually going on somewhere.

    Read the article

  • Repeated installation of malicious software to do outbound DDOS attack [duplicate]

    - by user224294
    This question already has an answer here: How do I deal with a compromised server? 12 answers We have a Ubuntu Vitual Private Server hosted by a Canadian company. Out VPS was affected to do "outbound DDOS attack" as reported by server security team. There are 4 files in /boot looks like iptable, please note that the capital letter "I","L". VPS:/boot# ls -lha total 1.8M drwx------ 2 root root 4.0K Jun 3 09:25 . drwxr-xr-x 22 root root 4.0K Jun 3 09:25 .. -r----x--x 1 root root 1.1M Jun 3 09:25 .IptabLes -r----x--x 1 root root 706K Jun 3 09:23 .IptabLex -r----x--x 1 root root 33 Jun 3 09:25 IptabLes -r----x--x 1 root root 33 Jun 3 09:23 IptabLex We deleted them. But after a few hours, they appeared again and the attack resumed. We deleted them again. They resurfaced again. So on and so forth. So finally we have to disable our VPS. Please let us know how can we find the malicious script somewhere in the VPS, which can automatically install such attcking software? Thanks.

    Read the article

  • DNS down in Anonymous attack

    - by Tal Weiss
    As I'm writing this our company website and the web-service we developed are down in the big GoDaddy outage resulting from an Anonymous attack (or so says Twitter). We used GoDaddy as our registrar and we use it for DNS for some domains. Tomorrow is a new day - what can we do to mitigate such outages? Simply moving to, say, Route 53 for DNS might not be enough. Is there any way to remove this single point of failure?

    Read the article

  • How to Protect Apache server from this attack

    - by 501496270
    Is there a .htaccess solution against this attack 188.165.198.65 - - [17/Apr/2010:15:46:49 -0500] "GET /blog/2009/04/12/shopping-cart/?cart=../../../../../../../../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114""Mozilla/4.0 (compatible; MSIE 7.0;Windows NT 5.1; .NET CLR 1" my WordPress .htaccess is # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteBase /blog/ RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /blog/index.php [L] </IfModule> # END WordPress

    Read the article

  • Is this DoS attack

    - by Joyce Babu
    I am seeing a huge number of connections from a single IP. # netstat -alpn | grep :80 | grep 92.98.64.103 tcp 0 0 my.ip.address.x:80 92.98.64.103:45629 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:44288 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:48783 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:40531 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:54094 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:47394 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:43495 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:55429 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:42993 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:49542 TIME_WAIT - tcp 0 0 my.ip.address.x:80 92.98.64.103:54812 TIME_WAIT - There are 419 such lines. But I see only 1 request from 92.98.64.103 in my access log. Is this DoS attack?

    Read the article

  • Website visitors are still being redirected after "fixing" the damage from a conditional redirect website attack

    - by Shannon
    BACKGROUND A website of mine was recently the target of a conditional redirect attack. PHP code was added to my pages to redirect visitors. The .htaccess file was edited to redirect visitors. I've re-uploaded my website so the compromised PHP and .htaccess code have both been removed. My site is mostly handwritten php and static HTML content. I don't use page comments or any third party libraries. THE PROBLEM After removing the compromised php and htaccess files, visitors are still being re-directed. What could be the reason that visitors are still being redirected? Are there any tools to check where/how redirects are taking place so I can debug the problem? UPDATE - PROBLEM FIXED As suggested in the comments, I cleared my Firefox cache and that fixed the problem (for me anyway). Visitors with old cache data will obviously still be re-directed.

    Read the article

  • Dealing with SMTP invalid command attack

    - by mark
    One of our semi-busy mail servers (sendmail) has had a lot of inbound connections over the past few days from hosts that are issuing garbage commands. In the past two days: incoming smtp connections with invalid commands from 39,000 unique IPs the IPs come from various ranges all over the world, not just a few networks that I can block the mail server serves users throughout north america, so I can't just block connections from unknown IPs sample bad commands: http://pastebin.com/4QUsaTXT I am not sure what someone is trying to accomplish with this attack, besides annoy me. any ideas what this is about, or how to effectively deal with it?

    Read the article

  • Beast / CRIME / Beach attack and stopping it

    - by user2143356
    I have read so much on all this but not entirely sure I understand what has gone on. Also, is this one, two or three problems? It looks to me like three, but it's all very confusing: Beast CRIME Beach It seems the solution may be to simply not use compression with HTTPS traffic (or is that just on one of them?) I use GZIP compression. Is that okay, or is that part of the problem? I also use Ubuntu 12.04 LTS Also, is non-HTTPS traffic okay? So after reading all the theory I just want the solution. I think this may be the solution, but can someone please confirm I have understood everything so I am not likely to suffer from this attack: SOLUTION: Use GZIP compression on HTTP traffic, but don't use any compression on HTTPS traffic

    Read the article

  • Website attacked with a hidden iframe (q5x.ru)

    - by Dreas Grech
    A website of mine has recently been infected with some sort of attack that involved injecting a hidden iframe, and it's source was from a site q5x.ru (do not link). A Google search didn't help me in figuring out how this attack my have took place, so I was wondering if anyone of you may have encountered this same problem? The iframe code was something of the sort: <iframe src="http://q5x.ru:8080/index.php" width=109 height=175 style="visibility: hidden"></iframe> As per request, I am running an ASP.Net website with a database, and as regards forms, it's obviously the ASP.Net form that's used for postbacks.

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >