Search Results

Search found 497 results on 20 pages for 'xss prevention'.

Page 3/20 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • DNS hijack - prevention tips

    - by user578359
    Hi there, Over the weekend it looks like the DNS was hijacked on two of my domains. My set up is I have the sites registered on 1and1.co.uk, with dns nameservers pointing to Hostgator in the US where the sites are hosted. I also had cloudflare CDN running on the sites (via hostgator cpanel). My question is any ideas as to how this happened, and how I could either monitor it so I know if it occurs again, or strengthen the set up/service to minimise the risk. History: I received a ping from my site monitoring service that the sites were down. When I checked the sites were up so I assumed it was local to the monitoring service I received a ping last night the sites were up When I checked, one site was redirecting to download-manual.com (and checking that URL now, the home page is not the same as the one I saw, so they too may have been hijacked/hacked) The other site URL remained the same but had one of those standard site search pages which bounce you off to either phishing or paid for search sites I notified Hostgator who told me Cloudflare or 1and1 were the issue. I removed cloudflare, and contacted both them and hostgator, and am awaiting a response, but am not holding my breath. Is this common? I've never heard of this or come across this before. It's pretty scary that this can happen so easily. Appreciate any input. **Update: I've now spoken to support at 1and1, Hostgator, and Cloudflare, and each one claims it has nothing to do with them, and must be one of the others. Larry, curly, moe.

    Read the article

  • CVE-2011-1937 Cross-site scripting (XSS) vulnerability in Webmin

    - by chandan
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-1937 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 Webmin Solaris 10 SPARC: 145006-03 X86: 145007-03 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Sql Injection Prevention

    To protect your application from SQL injection, perform the following steps: * Step 1. Constrain input. * Step 2. Use parameters with stored procedures. * Step 3. Use parameters with dynamic SQL.

    Read the article

  • Are there cross-platform tools to write XSS attacks directly to the database?

    - by Joachim Sauer
    I've recently found this blog entry on a tool that writes XSS attacks directly to the database. It looks like a terribly good way to scan an application for weaknesses in my applications. I've tried to run it on Mono, since my development platform is Linux. Unfortunately it crashes with a System.ArgumentNullException deep inside Microsoft.Practices.EnterpriseLibrary and I seem to be unable to find sufficient information about the software (it seems to be a single-shot project, with no homepage and no further development). Is anyone aware of a similar tool? Preferably it should be: cross-platform (Java, Python, .NET/Mono, even cross-platform C is ok) open source (I really like being able to audit my security tools) able to talk to a wide range of DB products (the big ones are most important: MySQL, Oracle, SQL Server, ...)

    Read the article

  • My page was attacked via xss, but on ftp all files are not changed?

    - by Dobiatowski
    Hi, yesterday i noticed that sometimes on my webpage shows up javascript errors. when i went to source code, i found that one of .js files was totaly replaced with a ton of porn links. i checked the ftp for this file, but there was just old javascript file without any changes. yet i go back to check source code via browser and indeed there was again original .js today i visited my webpage again and the problem repeated. first visit showed me ton of porn pages cached .js file was hacked but after clearing browser cache js go back to oryginal i checked all files on my ftp against my offilne version, but all files are without any change. in last few years i was attacked by xss few times but in every case it was easy to diagnose and fix. but now i spend 12h and didnt find infection. do you have any idea how to find it? the webpage is: http://robert.frk.pl

    Read the article

  • Comparison of Firewall, Intrusion Prevention, Detection and Antivirus Technologies in Organizational

    - by Berkay
    in these days i'm reading about intrusion prevention/detection systems.When reading i really confused in some points. First, the firewall and antivirus technologies are known terms for years, however now IDS becomes popular. My question includes: in organizational network architectures when/where do we use these systems ? What are the benefits of using each ? Does Firewall contains all these others? If you give me some examples, it will help much. Thanks.

    Read the article

  • dlink arp spoofing prevention

    - by Wiploo
    someone can help me understanding arp spoofing prevention on dlink dgs-3100 (ftp://ftp2.dlink.com/PRODUCTS/DGS-3100-48P/REVA/DGS-3100-48P_MANUAL_3.60_EN.PDF). I'd like to protect my gateway MAC/IP from spoofing so I'have tryed to add a rule "IP: 192.168.1.1 MAC: aa-aa-aa-aa-aa-aa" flagging all the port of the switch as untrusted. When I apply the rule I lose connection to all pc attached to the switch. I certanly made some errors, but I can't understand what is wrong. Best Regards

    Read the article

  • CodeIgniter's XSS Protection is removing <script> tags from user inputs... but I don't want it to!

    - by Jack W-H
    Hey folks, CodeIgniter is brilliant but I'm using it to develop a site where users need to be able to share their code for websites. Unfortunately, CodeIgniter has been doing the "right" thing by removing <script> tags from my user's inputs into the database, so when it's returned data looks like this: [removed] User's data [removed] However, I need my site to DISPLAY script tags but obviously not PARSE them. How can I get CodeIgniter or PHP to return <script> tags, but still sanitise them for the database and return them without them executing? Thanks! Jack EDIT: By the way, it's not an option to use stuff like Markdown, everything has to output to copy-pastable code that could work with no modification somewhere else

    Read the article

  • What XSS/CSRF attacks (if any) to be aware of when allowing video embeds?

    - by fireeyedboy
    I've been assigned a project for a website where users will be allowed to upload video's (using a YouTube API) but more importantly (for me) they will also be allowed to submit video embed codes (from numerous video sites, YouTube, Vimeo, etc. etc.). Having no experience with allowing users to embed video: How can I best protect against cross site scripting and/or cross site request forgery attacks specifically for video embedding? What are some of the common pitfalls to watch for? At a minumum I would think to strip all tags except <object> and <embed>. But I have a feeling this will not be enough, will it? If it is of importance, the environment will be: PHP/Zend Framework MySQL Bonuspoints: Is there a common minimum golden rule/code template for video embed codes that are valid across all video sites that I could use to filter the input?

    Read the article

  • Is this safe? <a href=http://javascript:...>

    - by KajMagnus
    I wonder if href and src attributes on <a> and <img> tags are always safe w.r.t. XSS attacks, if they start with http:// or https://. For example, is it possible to append javascript: ... to the href and src attribute in some manner, to execute code? Disregarding whether or not the destination page is e.g. a pishing site, or the <img src=...> triggers a terribly troublesome HTTP GET request. Background: I'm processing text with markdown, and then I sanitize the resulting HTML (using Google Caja's JsHtmlSanitizer). Some sample code in Google Caja assumes all hrefs and srcs that start with http:// or https:// are safe -- I wonder if it's safe to use that sample code. Kind regards, Kaj-Magnus

    Read the article

  • Data Execution Prevention problem in Windows Server 2008

    - by naveen
    Hi guys, I am an ASP.NET developer, who has minimal knowledge in Server administration. I have a database hosted at Windows Server 2008. Today morning onwards it periodically stops working. The message given is something to the effect "The program is being shut down to prevent Data Execution Prevention error" Some other programs are also showing the behavior. I would like to know, what causes this all of a sudden? The server is UN-protected(IE: no anti-virus installed at all), could this be a possible anti-virus/ malware attack? What do we need to do to get the SOL running smoothly again? Regards, Naveen Jose

    Read the article

  • Brainstorm: Flood/DoS/DDoS Attack prevention ideas.

    - by Gnarly
    This is not a question asking how to stop an attack. This is simply a thread for anyone and everyone to discuss ideas for preventing, dealing with, and keeping your server alive during these attacks. Do not discuss using 3rd party software, this is a place to make your own ideas and read others. Post examples if you'd like. Post ideas how to filter out flood attacks. Post ideas how to keep your server alive while being under a heavy DDoS attack.

    Read the article

  • DNS Server Spoofed Request Amplification DDoS - Prevention

    - by Shackrock
    I've been conducting security scans, and a new one popped up for me: DNS Server Spoofed Request Amplification DDoS The remote DNS server answers to any request. It is possible to query the name servers (NS) of the root zone ('.') and get an answer which is bigger than the original request. By spoofing the source IP address, a remote attacker can leverage this 'amplification' to launch a denial of service attack against a third-party host using the remote DNS server. General Solution: Restrict access to your DNS server from public network or reconfigure it to reject such queries. I'm hosting my own DNS for my website. I'm not sure what the solution is here... I'm really looking for some concrete detailed steps to patch this, but haven't found any yet. Any ideas? CentOS5 with WHM and CPanel. Also see: http://securitytnt.com/dns-amplification-attack/

    Read the article

  • Which static electricity prevention tools do actually work?

    - by Boris_yo
    I need a device that would discharge static electricity from my body in order to safely work with electronics. I have looked and found some that interested me, but I don't know whether they work: Anti-Static Wrist Strap Anti-Static Release Discharger Keychain Anti-Dissipative Wrist Strap Anti-Static Rubber Finger Stalls Which of above mentioned actually do something? Do I also need and anti-static screw box? It has holes that screws get put in. Will I need magnetic screwdriver to pull screws out?

    Read the article

  • Track Data Execution Prevention (DEP) problem.

    - by Nicolas
    Hi, When running one of our software, a tester was faced with the data execution prevention dialog of Windows. We try to reproduce this situation on a developer computer for debugging purposes : with no success. Does anyone know how to find what may cause the DEP protection to kill the application? Is there any existing tools available for this? Any advices are welcome, Thanks, Nic

    Read the article

  • Hacking prevention, forensics, auditing and counter measures.

    - by tmow
    Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: My server's been hacked EMERGENCY. Finding how a hacked server was hacked File permissions question The last one isn't directly related, but it highlights how easy it is to mess up with a web server administration. As there are several things, that can be done, before something bad happens, I'd like to have your suggestions in terms of good practices to limit backside effects of an attack and how to react in the sad case will happen. It's not just a matter of securing the server and the code but also of auditing, logging and counter measures. Do you have any good practices list or do you prefer to rely on software or on experts that continuously analyze your web server(s) (or nothing at all)? If yes, can you share your list and your ideas/opinions?

    Read the article

  • PHP question on XSS

    - by user318466
    I need help in solving the following MCQ: Which of the following filtering techniques prevents cross-site scripting (XSS) vulnerabilities? A. Strip all occurrences of the string script. B. Strip all occurrences of the string javascript. C. Enable magic_quotes_gpc. D. None of the above. I think once the word java script is deleted there is no more threat. Am I correct ?

    Read the article

  • Bridge Intrusion Prevention Vyatta

    - by Steve
    I am trying to create a bridge with ThreatStop, IPS and block a few ports. This bridge will sit in front of my servers. All is working apart from the IPS. I have read the documentation on configuring IPS, I have something configured that it hasn't complained about and nothing is logged so I believe that it isn't working. Is it possible to set-up IPS on a vyatta bridge? Also is it possible to read the logs/events with Snorby? I have also posted this on the Vyatta forums

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >