Search Results

Search found 5560 results on 223 pages for 'brute force attacks'.

Page 8/223 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Wordpress: Forcing a widget to display?

    - by meds
    I've been trying to make a widget which stays active permanently on a wordpress sidebar, preferably being on top before all other widgets. However the only way I have figured I can do this is by manually modifying individual sidebar.php's but that is slow and inefficient. So is there a way I can force a widget to display in a sidebar? If I was to change actual wordpress code where would I go about doing htis? I Know where a widget is registered but I don't know where a widget is activated, if I knew this I think I could force the main widget I want to see active all the time be active.

    Read the article

  • Netscan detected from host

    - by Etam
    I am using Hetzner's dedicated servers. Today I have got a message: We have received information that there was an attack from your server. ----- attachment ----- ########################################################################## # Netscan detected from host ?.?.?.? # ########################################################################## time protocol src_ip src_port dest_ip dest_port --------------------------------------------------------------------------- Thu Dec 6 09:52:00 2012 TCP ?.?.?.? 52204 => 68.64.12.28 21 Thu Dec 6 09:52:00 2012 TCP ?.?.?.? 53276 => 68.64.12.29 21 Thu Dec 6 09:52:00 2012 TCP ?.?.?.? 47344 => 68.64.12.30 21 ... How can I find out what is causing the problem and how do I fix it? Thanks in advance, Etam.

    Read the article

  • Need to organize words based on their components, any other way aside from brute force?

    - by Lathan
    I'm not sure if this process has a name. I have some words (about 9,000). They are in Japanese, but I'll try to explain this using English words. I want to categorize the words by the components (in English, letters). A B C act bar play This should create: A: play B: bar C: act Now, 'a' appears in all 3 words, but I want to make sure that each category (letter) has at least word. Now, it would make sense to delete a word after it's used, but there are a few cases where 2 letters make up one word and that's each letter's only word--so I'd like to account for that somehow. Is there an approach for solving this aside from brute force? Dynamic programming perhaps? Even a name for this process (if it exists) would be great.

    Read the article

  • How to force certain traffic through GRE tunnel?

    - by wew
    Here's what I do. Server (public internet is 222.x.x.x): echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf sysctl -p iptunnel add gre1 mode gre local 222.x.x.x remote 115.x.x.x ttl 255 ip add add 192.168.168.1/30 dev gre1 ip link set gre1 up iptables -t nat -A POSTROUTING -s 192.168.168.0/30 -j SNAT --to-source 222.x.x.x iptables -t nat -A PREROUTING -d 222.x.x.x -j DNAT --to-destination 192.168.168.2 Client (public internet is 115.x.x.x): iptunnel add gre1 mode gre local 115.x.x.x remote 222.x.x.x ttl 255 ip add add 192.168.168.2/30 dev gre1 ip link set gre1 up echo '100 tunnel' >> /etc/iproute2/rt_tables ip rule add from 192.168.168.0/30 table tunnel ip route add default via 192.168.168.1 table tunnel Until here, all seems going right. But then 1st question, how to use GRE tunnel as a default route? Client computer is still using 115.x.x.x interface as default. 2nd question, how to force only ICMP traffic to go through tunnel, and everything else go default interface? I try doing this in client computer: ip rule add fwmark 200 table tunnel iptables -t mangle -A OUTPUT -p udp -j MARK --set-mark 200 But after doing this, my ping program will timeout (if I not doing 2 command above, and using ping -I gre1 ip instead, it will works). Later I want to do something else also, like only UDP port 53 through tunnel, etc. 3rd question, in client computer, I force one mysql program to listen on gre1 interface 192.168.168.2. In client computer, there's also one more public interface (IP 114.x.x.x)... How to forward traffic properly using iptables and route so mysql also respond a request coming from this 114.x.x.x public interface?

    Read the article

  • Wishful Thinking: Why can't HTML fix Script Attacks at the Source?

    - by Rick Strahl
    The Web can be an evil place, especially if you're a Web Developer blissfully unaware of Cross Site Script Attacks (XSS). Even if you are aware of XSS in all of its insidious forms, it's extremely complex to deal with all the issues if you're taking user input and you're actually allowing users to post raw HTML into an application. I'm dealing with this again today in a Web application where legacy data contains raw HTML that has to be displayed and users ask for the ability to use raw HTML as input for listings. The first line of defense of course is: Just say no to HTML input from users. If you don't allow HTML input directly and use HTML Encoding (HttyUtility.HtmlEncode() in .NET or using standard ASP.NET MVC output @Model.Content) you're fairly safe at least from the HTML input provided. Both WebForms and Razor support HtmlEncoded content, although Razor makes it the default. In Razor the default @ expression syntax:@Model.UserContent automatically produces HTML encoded content - you actually have to go out of your way to create raw HTML content (safe by default) using @Html.Raw() or the HtmlString class. In Web Forms (V4) you can use:<%: Model.UserContent %> or if you're using a version prior to 4.0:<%= HttpUtility.HtmlEncode(Model.UserContent) %> This works great as a hedge against embedded <script> tags and HTML markup as any HTML is turned into text that displays as HTML but doesn't render the HTML. But it turns any embedded HTML markup tags into plain text. If you need to display HTML in raw form with the markup tags rendering based on user input this approach is worthless. If you do accept HTML input and need to echo the rendered HTML input back, the task of cleaning up that HTML is a complex task. In the projects I work on, customers are frequently asking for the ability to post raw HTML quite frequently.  Almost every app that I've built where there's document content from users we start out with text only input - possibly using something like MarkDown - but inevitably users want to just post plain old HTML they created in some other rich editing application. See this a lot with realtors especially who often want to reuse their postings easily in multiple places. In my work this is a common problem I need to deal with and I've tried dozens of different methods from sanitizing, simple rejection of input to custom markup schemes none of which have ever felt comfortable to me. They work in a half assed, hacked together sort of way but I always live in fear of missing something vital which is *really easy to do*. My Wishlist Item: A <restricted> tag in HTML Let me dream here for a second on how to address this problem. It seems to me the easiest place where this can be fixed is: In the browser. Browsers are actually executing script code so they have a lot of control over the script code that resides in a page. What if there was a way to specify that you want to turn off script code for a block of HTML? The main issue when dealing with HTML raw input isn't that we as developers are unaware of the implications of user input, but the fact that we sometimes have to display raw HTML input the user provides. So the problem markup is usually isolated in only a very specific part of the document. So, what if we had a way to specify that in any given HTML block, no script code could execute by wrapping it into a tag that disables all script functionality in the browser? This would include <script> tags and any document script attributes like onclick, onfocus etc. and potentially also disallow things like iFrames that can potentially be scripted from the within the iFrame's target. I'd like to see something along these lines:<article> <restricted allowscripts="no" allowiframes="no"> <div>Some content</div> <script>alert('go ahead make my day, punk!");</script> <div onfocus="$.getJson('http://evilsite.com/')">more content</div> </restricted> </article> A tag like this would basically disallow all script code from firing from any HTML that's rendered within it. You'd use this only on code that you actually render from your data only and only if you are dealing with custom data. So something like this:<article> <restricted> @Html.Raw(Model.UserContent) </restricted> </article> For browsers this would actually be easy to intercept. They render the DOM and control loading and execution of scripts that are loaded through it. All the browser would have to do is suspend execution of <script> tags and not hookup any event handlers defined via markup in this block. Given all the crazy XSS attacks that exist and the prevalence of this problem this would go a long way towards preventing at least coded script attacks in the DOM. And it seems like a totally doable solution that wouldn't be very difficult to implement by vendors. There would also need to be some logic in the parser to not allow an </restricted> or <restricted> tag into the content as to short-circuit the rstricted section (per James Hart's comment). I'm sure there are other issues to consider as well that I didn't think of in my off-the-back-of-a-napkin concept here but the idea overall seems worth consideration I think. Without code running in a user supplied HTML block it'd be pretty hard to compromise a local HTML document and pass information like Cookies to a server. Or even send data to a server period. Short of an iFrame that can access the parent frame (which is another restriction that should be available on this <restricted> tag) that could potentially communicate back, there's not a lot a malicious site could do. The HTML could still 'phone home' via image links and href links potentially and basically say this site was accessed, but without the ability to run script code it would be pretty tough to pass along critical information to the server beyond that. Ahhhh… one can dream… Not holding my breath of course. The design by committee that is the W3C can't agree on anything in timeframes measured less than decades, but maybe this is one place where browser vendors can actually step up the pressure. This is something in their best interest to reduce the attack surface for vulnerabilities on their browser platforms significantly. Several people commented on Twitter today that there isn't enough discussion on issues like this that address serious needs in the web browser space. Realistically security has to be a number one concern with Web applications in general - there isn't a Web app out there that is not vulnerable. And yet nothing has been done to address these security issues even though there might be relatively easy solutions to make this happen. It'll take time, and it's probably not going to happen in our lifetime, but maybe this rambling thought sparks some ideas on how this sort of restriction can get into browsers in some way in the future.© Rick Strahl, West Wind Technologies, 2005-2012Posted in ASP.NET  HTML5  HTML  Security   Tweet !function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0];if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src="//platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs"); (function() { var po = document.createElement('script'); po.type = 'text/javascript'; po.async = true; po.src = 'https://apis.google.com/js/plusone.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(po, s); })();

    Read the article

  • How to wipe RAM on shutdown (prevent Cold Boot Attacks)?

    - by proper
    My system is encrypted using Full Disk Encryption, i.e. everything except /boot is encrypted using dmcrypt/luks. I am concerned about Cold Boot Attacks. Prior work: https://tails.boum.org/contribute/design/memory_erasure/ http://tails.boum.org/forum/Ram_Wipe_Script/ http://dee.su/liberte-security http://forum.dee.su/topic/stand-alone-implementation-of-your-ram-wipe-scripts Can you please provide instructions on how to wipe the RAM once Ubuntu is shutdown/restarted? Thanks for your efforts!

    Read the article

  • Force save files all browsers - not open in browser window

    - by Joshc
    I'm after a simple solution to work in all browsers. For specific file types, or targeted links via a class: how can I get them to simply force download in all major browsers. I thought I found the perfect solution for apachce server - by adding this into the .htaccess. http://css-tricks.com/snippets/htaccess/force-files-to-download-not-open-in-browser/ AddType application/octet-stream .csv AddType application/octet-stream .xls AddType application/octet-stream .doc AddType application/octet-stream .avi AddType application/octet-stream .mpg AddType application/octet-stream .mov AddType application/octet-stream .pdf Seems to work in Firefox and Safari, but not chrome or IE (have not tested anything else) Can any one please help me with a solution on how to make links to force download the file, instead of opening in the browser, for ALL browsers. I can't seem to find a full browser proof solution. Is it not possible? Any links to tutorial or snippets would be awesome. My website if PHP based so can make it work with PHP if posible. Thanks

    Read the article

  • How do I force SSL for some URLs and force non-SSL for all others?

    - by brad
    I'd like to ensure that certain URLs on my site are always accessed via HTTPS while all other URLs are accessed via HTTP. I can get either case working in my .htaccess file, however if I enable both, then I get infinite redirects. My .htaccess file is: <IfModule mod_expires.c> # turn off the module for this directory ExpiresActive off </IfModule> Options +FollowSymLinks AddHandler application/x-httpd-php .csv RewriteEngine On RewriteRule ^/?registration(.*)$ /register$1 [R=301,L] # Force SSL for certain URL's RewriteCond %{HTTPS} off RewriteCond %{REQUEST_URI} (login|register|account) RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # Force non-SSL for certain URL's RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !(login|register|account) RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] # Force files ending in X to use same protocol as initial request RewriteRule \.(gif|jpg|jpeg|jpe|png|ico|css|js)$ - [S=1] # Use index.php as the controller RewriteCond %{REQUEST_URI} !\.(exe|css|js|jpe?g|gif|png|pdf|doc|txt|rtf|xls|swf|htc|ico)$ [NC] RewriteCond %{REQUEST_URI} !^(/js.*)$ RewriteRule ^(.*)$ index.php [NC,L]

    Read the article

  • force laptop mode on

    - by Vi
    root@vi-notebook:/home/vi# laptop_mode start force Laptop mode enabled, not active How to start laptop mode? It starts successfully when AC adapter is removed, but not by explicit command. The system is GNU/Linux Debian i386 squeeze (not up to date), 2.6.30-zen2-31270-gc7099db-dirty, Acer Extensa 5220.

    Read the article

  • Force logout a user

    - by Mithun
    I When I logged into the machine as root and typed who to see which users are logged in, I found somebody else too logged in as root devuser pts/0 2011-11-18 09:55 (xxx.xxx.xxx.xxx) root pts/1 2011-11-18 09:56 (xxx.xxx.xxx.xxx) testuser pts/2 2011-11-18 14:54 (xxx.xxx.xxx.xxx) root pts/3 2011-11-18 14:55 (xxx.xxx.xxx.xxx) How can I force a root user at pts/3 to logout?

    Read the article

  • How to force iscsi initiator to login only once

    - by Disco
    Trying to setup a few CentOS nodes to connect to a Dell MD3600i array, i'm running into the issue that the MD3600i shows 4 different portals (with different IP addresses) and when i launch the initiator on host side well, it connects to every IP address it has seen during the discovery phase; resulting in duplicates. How can I 'force' the initiator to discard every other IP and let me choose only one IP portal to connect to ? Must be damn stupid but I can't figure out how. Thx

    Read the article

  • Can you force an app to use Cleartype?

    - by alex
    The app we use for development (CodeWright 7) is quite old and has Cleartype turned off by default. A newer version has the option to turn on font smoothing, but I'm stuck with this version and upgrading is not an option for me. Is there a way to force the app to use Cleartype?

    Read the article

  • Force gdm login screen to the primary monitor

    - by JIa3ep
    I have two monitors attached to my video card. Primary monitor has a resolution equal to 1280x1024 and second has 1920x1200. My gdm login screen always appears on the second monitor even if it is switched off. My question is how to force gdm to show login screen always on primary monitor with resolution 1280x1024? I use Ubuntu 10.04.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >