Search Results

Search found 4014 results on 161 pages for 'happy hacking'.

Page 7/161 | < Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >

  • hosts.deny not blocking ip addresses

    - by Jamie
    I have the following in my /etc/hosts.deny file # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! ALL:ALL and this in /etc/hosts.allow # # hosts.allow This file describes the names of the hosts which are # allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # ALL:xx.xx.xx.xx , xx.xx.xxx.xx , xx.xx.xxx.xxx , xx.x.xxx.xxx , xx.xxx.xxx.xxx but i am still getting lots of these emails: Time: Thu Feb 10 13:39:55 2011 +0000 IP: 202.119.208.220 (CN/China/-) Failures: 5 (sshd) Interval: 300 seconds Blocked: Permanent Block Log entries: Feb 10 13:39:52 ds-103 sshd[12566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.119.208.220 user=root Feb 10 13:39:52 ds-103 sshd[12567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.119.208.220 user=root Feb 10 13:39:52 ds-103 sshd[12568]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.119.208.220 user=root Feb 10 13:39:52 ds-103 sshd[12571]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.119.208.220 user=root Feb 10 13:39:53 ds-103 sshd[12575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.119.208.220 user=root whats worse is csf is trying to auto block these ip's when the attempt to get in but although it does put ip's in the csf.deny file they do not get blocked either So i am trying to block all ip's with /etc/hosts.deny and allow only the ip's i use with /etc/hosts.allow but so far it doesn't seem to work. right now i'm having to manually block each one with iptables, I would rather it automatically block the hackers in case I was away from a pc or asleep

    Read the article

  • I got these strange messages on my websites feedback form? Is someone trying to hack my site?

    - by Ali
    Hi guys - I got all of a sudden a number of strange feedback messages from my sites feedback form its where normally users would come and enter feedback and then I would review it on an admin panel. However these messages make little to no sense like for an example: here are two 'messages': 2GyOim <a href=\"http://vdjzpnoyzfji.com/\">vdjzpnoyzfji</a>, [url=http://gixlpbtswcdh.com/]gixlpbtswcdh[/url], [link=http://zudauexgjgot.com/]zudauexgjgot[/link], http://vqhafprwogyf.com/ jF2wdU <a href=\"http://aprjkscbhnxf.com/\">aprjkscbhnxf</a>, [url=http://dhfeoqufoqvu.com/]dhfeoqufoqvu[/url], [link=http://whmzpbqrsume.com/]whmzpbqrsume[/link], http://xxfntqzhhbza.com/ I got about over a dozen of these - and they are all from very different ips is someone playing around and is it a cause for me to get vigilant? Also they all have the exact same time and date of entry which is spooky?

    Read the article

  • Ubuntu Server attack? how to solve?

    - by saky
    Hello, Something (Someone) is sending out UDP packets sent from our whole ip range. This seems to be multicast DNS. Our server host provided this (Our IP Address is masked with XX): Jun 3 11:02:13 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:23 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:32 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 Jun 3 11:02:35 webserver kernel: Firewall: *UDP_IN Blocked* IN=eth0 OUT= MAC=01:00:5e:00:00:fb:00:30:48:94:46:c4:08:00 SRC=193.23X.21X.XX DST=224.0.0.251 LEN=73 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=53 I checked my /var/log/auth.log file and found out that someone from China (Using ip-locator) was trying to get in to the server using ssh. ... Jun 3 11:32:00 server2 sshd[28511]: Failed password for root from 202.100.108.25 port 39047 ssh2 Jun 3 11:32:08 server2 sshd[28514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.100.108.25 user=root Jun 3 11:32:09 server2 sshd[28514]: Failed password for root from 202.100.108.25 port 39756 ssh2 Jun 3 11:32:16 server2 sshd[28516]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.100.108.25 user=root ... I have blocked that IP address using this command: sudo iptables -A INPUT -s 202.100.108.25 -j DROP However, I have no clue about the UDP multicasting, what is doing this? who is doing it? and how I can stop it? Anyone know?

    Read the article

  • Exploratory Question for Security Admins (/etc/passwd + PHP)

    - by JPerkSter
    Hi everyone, I've been seeing a few issues lately on a few of my servers where an account gets hacked via outdated scripts, and the hacker uploads a cPanel / FTP Brute forcing PHP script inside the account. The PHP File reads /etc/passwd to get the usernames, and than uses a passwd.txt file to try and brute force it's way in to 127.0.0.1:2082. I'm trying to think of a way to block this. It doesn't POST anything except "GET /path/phpfile.php", so I can't use mod_security to block this. I've been thinking of maybe changing permissions on /etc/passwd to 600, however I'm unsure how this will result in regards to my users. I was also thinking of rate-limiting localhost connections to :2082, however I'm worried about mod_proxy being affected. Any suggestions?

    Read the article

  • Blocking HTTP clients which request certain URLs repeatedly

    - by Guido Domenici
    I run a website on Windows Server 2008 R2. Looking through the IIS logs, I have noticed that there are some IP addresses repeatedly requesting certain URLs (such as for example /mysql/phpmyadmin/main.php, /phpadmin/main.php) which do not exist, as the site is entirely served off of ASP.NET. They are obviously fishing for known vulnerabilities. My question is, are there any firewall or other tools (Windows built-in or commercial) that allow me to block those IP addresses which request certain URLs multiple times?

    Read the article

  • Registry remotley hacked win 7 need help tracking the perp

    - by user577229
    I was writing some .VBS code at thhe office that would allow certain file extensions to be downloaded without a warning dialog on a w7x32 system. The system I was writing this on is in a lab on a segmented subnet. All web access is via a proxy server. The only means of accessing my machine is via the internet or from within the labs MSFT AD domain. While writing and testing my code I found a message of sorts. Upon refresing the registry to verify my code changed a dword, instead the message HELLO was written and visible in regedit where the dword value wass called for. I took a screen shot and proceeded to edit my code. This same weird behavior occurred last time I was writing registry code except on another internal server. I understand that remote registry access exists for windows systems. I will block this immediately once I return to the office. What I want to know is, can I trace who made this connection? How would I do this? I suspect the cause of this is the cause of other "odd" behaviors I'm experiencing at work such as losing control of my input director master control for over an hour and unchanged code that all of a sudden fails for no logical region. These failures occur at funny times, whenver I'm about to give a demonstration of my test code. I know this sounds crazy however knowledge of the registry component makes this believable. Once the registry can be accessed, the entire system is compromised. Any help or sanity checking is appreciated.

    Read the article

  • SMTP hacked by spammer using base64 encoding to authenticate

    - by Throlkim
    Over the past day we've detected someone from China using our server to send spam email. It's very likely that he's using a weak username/password to access our SMTP server, but the problem is that he appears to be using base64 encoding to prevent us from finding out which account he's using. Here's an example from the maillog: May 5 05:52:15 195396-app3 smtp_auth: SMTP connect from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] May 5 05:52:15 195396-app3 smtp_auth: smtp_auth: SMTP user info : logged in from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] Is there any way to detect which account it is that he's using?

    Read the article

  • Is my webserver being abused for banking fraud?

    - by koffie
    Since a few weeks i'm getting a lot of 403 errors from apache in my log files that seem to be related to a bank frauding scheme. The relevant log entries look like this (The ip 1.2.3.4 is one I made up, I did not modify the rest of each line) www.bradesco.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:32 +0100] "GET / HTTP/1.1" 403 427 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.bb.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:32 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.santander.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:33 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" www.banese.com.br:80 / 1.2.3.4 - - [01/Dec/2012:07:20:33 +0100] "GET / HTTP/1.1" 403 370 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.56 Safari/535.11" the logformat I use is: LogFormat "%V:%p %U %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" The strange thing is that all these domains are domains of banks and 3 out of the 4 domains are also in the list of the bank frauding scheme described on: http://www.abuse.ch/?p=2925 I would really like to know if my server is being abused for bank frauding or not. I suspect not, because it's giving 403 to all requests. But any extra checks that I can do to ensure that my server is not being abused are welcome. I'm also curious on how the "bad guys" expected my server to behave. I.e. are they just expecting my server to act as a proxy to hide the ip of the fake site, or are they expecting that my server will actually serve the fake banking website? Is the ip 1.2.3.4 more likely to be the ip of a victim or the ip of a bad guy. I suspect a bad guy, because it's quite unlikely that a real person would visit 4 bank sites in a second. If it's from a bad guy I'm very curious at what he is trying to do.

    Read the article

  • My URL has been identified as a phishing site

    - by user2118559
    Some months before ordered VPS at Ramnode According to tutorial (ZPanelCP on CentOS 6.4) http://www.zvps.co.uk/zpanelcp/centos-6 Installed CentOS and ZPanel) Today received email We are requesting that you secure and investigate the phishing website identified below. This URL has been identified as a phishing site and is currently involved in identity theft activities. URL: hxxp://111.11.111.111/www.connet-itunes.fr/iTunesConnect.woasp/ //IP is modified (not real) This site is being used to display false or spoofed content in an apparent effort to steal personal and financial information. This matter is URGENT. We believe that individuals are being falsely directed to this page and may be persuaded into divulging personal information to a criminal, if the content is not immediately disabled. Trying to understand. Some hacker hacked VPS, placed some file (?) with content that redirects to www.connet-itunes.fr/iTunesConnect.woasp? Then questions 1) how can I find the file? Where it may be located? url is URL: hxxp://111.11.111.111/ IP address, not domain name 2) What to do to protect VPS (with CentOS)? Any tutorial? Where may be security problem? I mean may be someone faced something similar....

    Read the article

  • What is the ip range of EC2

    - by Nicolas Kassis
    I'd like to setup a rule to block ssh request from EC2 since I've been seeing a large amount of ssh based attack from there and was wondering if anyone knew what their IP ranges are. EDIT: Thank you for the answer, I went ahead and implemented the iptables rules as follow. I ignore all traffic for the moment. Logging it just to see if the rules are working and for stats on how much crap EC2 is sending out ;) #EC2 Blacklist $IPTBLS -A INPUT -s 67.202.0.0/18 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 67.202.0.0/18 -j DROP $IPTBLS -A INPUT -s 72.44.32.0/19 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 72.44.32.0/19 -j DROP $IPTBLS -A INPUT -s 75.101.128.0/17 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 75.101.128.0/17 -j DROP $IPTBLS -A INPUT -s 174.129.0.0/16 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 174.129.0.0/16 -j DROP $IPTBLS -A INPUT -s 204.236.192.0/18 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 204.236.192.0/18 -j DROP $IPTBLS -A INPUT -s 204.236.224.0/19 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 204.236.224.0/19 -j DROP $IPTBLS -A INPUT -s 79.125.0.0/17 -j LOG --log-prefix "<firewall> EC2 traffic " $IPTBLS -A INPUT -s 79.125.0.0/17 -j DROP

    Read the article

  • Someone used or hacked my computer to commit a crime? what defense do I have?

    - by srguws
    Hello, I need IMMEDIATE Help on a computer crime that I was arrested for. It may involve my computer, my ip, and my ex-girlfriend being the true criminal. The police do not tell you much they are very vague. I was charged though! So my questions are: -If someone did use my computer at my house and business and post a rude craigslist ad about a friend of my girlfriend at the time from a fake email address, how can I be the ONLY one as a suspect. Also how can I be charged. I noticed the last few days there are many ways to use other peoples computers, connections, etc. Here are a few things I found: You can steal or illegally use an ip addresss or mac address. Dynamic Ip is less secure and more vulnerable than static. People can sidejack and spoof your Mac, Ip, etc. There is another thing called arp spoofing. I am sure this is more things, but how can I prove that this happened to me or didnt happen to me. -The police contacted Craigslist, the victim, aol, and the two isp companies. They say they traced the IP's to my business and my home. My ex was who I lived with and had a business with has access to the computers and the keys to bothe buildings. My brother also lives and works with me. My business has many teenagers who use the computer and wifi. My brother is a college kid and also has friends over the house and they use the computer freely. So how can they say it was me because of an angry ex girlfriend.

    Read the article

  • Ubuntu Server hack

    - by haxpanel
    Hi! I looked at netstat and I noticed that someone besides me is connected to the server by ssh. I looked after this because my user has the only one ssh access. I found this in an ftp user .bash_history file: w uname -a ls -a sudo su wget qiss.ucoz.de/2010/.jpg wget qiss.ucoz.de/2010.jpg tar xzvf 2010.jpg rm -rf 2010.jpg cd 2010/ ls -a ./2010 ./2010x64 ./2.6.31 uname -a ls -a ./2.6.37-rc2 python rh2010.py cd .. ls -a rm -rf 2010/ ls -a wget qiss.ucoz.de/ubuntu2010_2.jpg tar xzvf ubuntu2010_2.jpg rm -rf ubuntu2010_2.jpg ./ubuntu2010-2 ./ubuntu2010-2 ./ubuntu2010-2 cat /etc/issue umask 0 dpkg -S /lib/libpcprofile.so ls -l /lib/libpcprofile.so LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="/etc/cron.d/exploit" ping ping gcc touch a.sh nano a.sh vi a.sh vim wget qiss.ucoz.de/ubuntu10.sh sh ubuntu10.sh nano ubuntu10.sh ls -a rm -rf ubuntu10.sh . .. a.sh .cache ubuntu10.sh ubuntu2010-2 ls -a wget qiss.ucoz.de/ubuntu10.sh sh ubuntu10.sh ls -a rm -rf ubuntu10.sh wget http://download.microsoft.com/download/win2000platform/SP/SP3/NT5/EN-US/W2Ksp3.exe rm -rf W2Ksp3.exe passwd The system is in a jail. Does it matter in the current case? What shall i do? Thanks for everyone!! I have done these: - ban the connected ssh host with iptables - stoped the sshd in the jail - saved: bach_history, syslog, dmesg, files in the bash_history's wget lines

    Read the article

  • My site was recently attacked. What do I do?

    - by ChrisH
    This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post to some random urls too. All tod, 16000 requests in one hour. What should I do to prevent/alert this kind of behavior? Is there a way to limit the request/hr for a given ip/client? Is there a place I should be reporting the user to? They appear to be from China and did leave what seems like a valid e-mail.

    Read the article

  • How to analyse logs after the site was hacked

    - by Vasiliy Toporov
    One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak point. With high probability we can say, that it's not the ftp or ssh password abduction. The support specialist of hosting provider (after logs analysis) said that it was the security hole in our code. My questions: 1) What tools should I use, to review access and error logs of Apache? (Our server distro is Debian). 2) Can you write tips of suspicious lines detection in logs? Maybe tutorials or primers of some useful regexps or techniques? 3) How to separate "normal user behavior" from suspicious in logs. 4) Is there any way to preventing attacks in Apache? Thanks for your help.

    Read the article

  • IIS 7.5 website application pool with 'full control' permissions hackable?

    - by Caroline Beltran
    Although I would never set this permission, I would like to know how a static html website with the permission mentioned in the title could be compromised. In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything. What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized? Thank you EDIT: I should mention that restricting IIS to GET and POST requests only, otherwise people anybody can delete and upload content.

    Read the article

  • Got Hacked. Want to understand how.

    - by gaoshan88
    Someone has, for the second time, appended a chunk of javascript to a site I help run. This javascript hijacks Google adsense, inserting their own account number, and sticking ads all over. The code is always appended, always in one specific directory (one used by a third party ad program), affects a number of files in a number of directories inside this one ad dir (20 or so) and is inserted at roughly the same overnight time. The adsense account belongs to a Chinese website (located in a town not an hour from where I will be in China next month. Maybe I should go bust heads... kidding, sort of), btw... here is the info on the site: http://serversiders.com/fhr.com.cn So, how could they append text to these files? Is it related to the permissions set on the files (ranging from 755 to 644)? To the webserver user (it's on MediaTemple so it should be secure, yes?)? I mean, if you have a file that has permissions set to 777 I still can't just add code to it at will... how might they be doing this? Here is a sample of the actual code for your viewing pleasure (and as you can see... not much to it. The real trick is how they got it in there): <script type="text/javascript"><!-- google_ad_client = "pub-5465156513898836"; /* 728x90_as */ google_ad_slot = "4840387765"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> Since a number of folks have mentioned it, here is what I have checked (and by checked I mean I looked around the time the files were modified for any weirdness and I grepped the files for POST statements and directory traversals: access_log (nothing around the time except normal (i.e. excessive) msn bot traffic) error_log (nothing but the usual file does not exist errors for innocuous looking files) ssl_log (nothing but the usual) messages_log (no FTP access in here except for me)

    Read the article

  • Hacked website, code is encrypted in hex, unable to identify

    - by dhakad
    my web site hacked and i am getting code in index page, but i am unable to find that where is the code in my web site... %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%0d%0a%3c%6d%65%74%61%20%63%6f%6e%74%65%6e%74%3d%22%74%65%78%74%2f%68%74%6d%6c%3b%20%63%68%61%72%73%65%74%3d%75%74%66%2d%38%22%3e%0d%0a%3c%74%69%74%6c%65%3e%2e%2f%20%72%45%64%20%58%20%7c%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%61%75%74%68%6f%72%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%6b%65%79%77%6f%72%64%73%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%2c%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%2c%5a%6f%6e%65%2d%48%2c%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%64%65%73%63%72%69%70%74%69%6f%6e%22%20%63%6f%6e%74%65%6e%74%3d%22%5b%20%72%45%64%20%58%20%2e%2e%20%54%68%65%20%52%65%61%6c%20%4f%75%74%72%61%67%65%6f%75%73%20%5d%22%20%2f%3e%0d%0a%3c%6c%69%6e%6b%20%72%65%6c%3d%22%53%48%4f%52%54%43%55%54%20%49%43%4f%4e%22%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%75%73%2e%79%69%6d%67%2e%63%6f%6d%2f%69%2f%6d%65%73%67%2f%65%6d%6f%74%69%63%6f%6e%73%37%2f%36%31%2e%67%69%66%22%3e%0d%0a%3c%73%74%79%6c%65%20%74%79%70%65%3d%22%74%65%78%74%2f%63%73%73%22%3e%0d%0a%62%6f%64%79%20%7b%62%61%63%6b%67%72%6f%75%6e%64%2d%69%6d%61%67%65%3a%20%75%72%6c%28%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%33%38%32%35%30%34%33%31%5f%31%2d%62%67%2e%67%69%66%29%3b%0d%0a%62%61%63%6b%67%72%6f%75%6e%64%2d%63%6f%6c%6f%72%3a%20%62%6c%61%63%6b%3b%63%6f%6c%6f%72%3a%20%23%46%46%41%35%30%30%3b%66%6f%6e%74%2d%77%65%69%67%68%74%3a%20%62%6f%6c%64%3b%74%65%78%74%2d%61%6c%69%67%6e%3a%20%63%65%6e%74%65%72%3b%7d%0d%0a%69%6d%67%7b%6f%70%61%63%69%74%79%3a%30%2e%37%35%3b%20%66%69%6c%74%65%72%3a%61%6c%70%68%61%28%6f%70%61%63%69%74%79%3d%37%35%29%3b%7d%0d%0a%2e%72%65%64%78%20%7b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%36%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%3b%63%6f%6c%6f%72%3a%20%23%46%46%46%7d%0d%0a%3c%2f%73%74%79%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%20%6f%6e%63%6f%6e%74%65%78%74%6d%65%6e%75%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6b%65%79%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%50%61%6c%61%74%69%6e%6f%20%4c%69%6e%6f%74%79%70%65%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%34%36%70%78%3b%22%20%63%6c%61%73%73%3d%22%72%65%64%78%22%3e%2e%3a%3a%20%72%45%64%20%58%20%57%61%73%20%48%65%72%65%20%3a%3a%2e%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%69%6d%67%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%35%33%35%35%32%36%35%31%5f%31%2d%72%65%64%2d%78%2e%6a%70%67%22%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%6d%61%6e%20%4f%6c%64%20%53%74%79%6c%65%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%6d%61%72%67%69%6e%3a%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%2d%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%2d%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%3b%22%3e%50%72%6f%75%64%20%54%6f%20%62%65%20%61%20%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%65%72%6c%69%6e%20%53%61%6e%73%20%46%42%3b%63%6f%6c%6f%72%3a%20%23%31%35%31%42%35%34%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%66%66%66%2c%20%30%20%30%20%35%70%78%20%23%46%30%30%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%44%65%61%72%20%41%44%4d%49%4e%3c%62%72%2f%3e%21%20%53%65%63%75%72%65%20%79%6f%75%72%20%53%49%54%45%20%21%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%31%38%70%78%3b%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%43%65%6e%74%75%72%79%20%47%6f%74%68%69%63%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%72%65%64%2d%78%40%68%61%63%6b%65%72%6d%61%69%6c%2e%63%6f%6d%3c%2f%64%69%76%3e%0d%0a%3c%62%72%2f%3e%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%22%3e%2e%2e%3a%3a%7c%20%47%72%65%65%74%7a%20%7c%3a%3a%2e%2e%3c%2f%64%69%76%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%20%41%6e%74%69%71%75%61%3b%63%6f%6c%6f%72%3a%20%67%72%65%79%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%72%65%64%20%31%70%78%20%2d%30%70%78%20%36%70%78%22%3e%2e%3a%3a%20%78%33%6f%2d%31%33%33%37%20%7c%20%47%61%62%62%79%20%7c%20%24%70%21%72%21%74%7e%24%33%33%6b%33%72%20%7c%20%46%72%45%61%4b%79%20%3a%3a%2e%3c%62%72%2f%3e%41%6c%6c%20%4d%65%6d%62%65%72%73%20%6f%66%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%65%6d%62%65%64%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%79%6f%75%74%75%62%65%2e%67%6f%6f%67%6c%65%61%70%69%73%2e%63%6f%6d%2f%76%2f%70%74%5a%31%77%6f%33%4a%73%50%63%26%61%75%74%6f%70%6c%61%79%3d%31%26%6c%6f%6f%70%3d%31%22%20%74%79%70%65%3d%22%61%70%70%6c%69%63%61%74%69%6f%6e%2f%78%2d%73%68%6f%63%6b%77%61%76%65%2d%66%6c%61%73%68%22%20%77%6d%6f%64%65%3d%22%74%72%61%6e%73%70%61%72%65%6e%74%22%20%77%69%64%74%68%3d%22%31%22%20%68%65%69%67%68%74%3d%22%31%22%3e%3c%2f%62%6f%64%79%3e%3c%2f%68%74%6d%6c%3e'

    Read the article

  • Is there a peripheral that lets my computer monitor the connectivity of pairs of wires?

    - by raldi
    I've got a bunch of physical switches and circuits that act like switches (they're either connected to ground or they're just an open wire). Is there some sort of thing I can plug into my computer (ideally, via USB) that has a bunch of screw terminals, and I can attach wires to the screws and have the computer keep track of which circuits are closed and which are open? Bonus points if the device also lets the computer open and close switches, too. I don't even know what to google for.

    Read the article

  • is there any valid reason for users to request phpinfo()

    - by The Journeyman geek
    I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

    Read the article

  • How can I disrupt my roommate's BitTorrent?

    - by bob
    We're on a 50 mb/s Comcast connection and our connection right now is coming in under 1.5 mb/s. Our roommate left for a week with BitTorrent running (Azureus client, we think). Our latency is approaching 300 ms. His door is locked up tight, and both his machine and the router for the house are located inside. I've even flipped the power breaker in the house and that barely works for 2 minutes. His laptop keeps on running, and once the cable modem and router come back up and the machine reconnects, the torrents resume in earnest. I've been running nmap and identified his IP on our LAN. Is there anything I can do over the LAN to make his torrents start to fail or slow down?

    Read the article

  • Would SSL prevent replay tampering by the authenticated user

    - by Coder 42
    In the context of a game (HTML5/Flash/Silverlight) which sends data to an online service to record progress (e.g. player killed an orc), would communicating with the service over SSL implicitly prevent the player from recording and replaying the message? I know SSL includes a nonce, but does it remain constant for the duration of the connection or does it change after each request/response cycle?

    Read the article

  • Attempted hack on VPS, how to protect in future, what were they trying to do?

    - by Moin Zaman
    UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file. Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away. I have some inkling as to how they managed to do this: My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?! I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions. Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?

    Read the article

< Previous Page | 3 4 5 6 7 8 9 10 11 12 13 14  | Next Page >