Search Results

Search found 865 results on 35 pages for 'kinect hacking'.

Page 9/35 | < Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >

  • Got Hacked. Want to understand how.

    - by gaoshan88
    Someone has, for the second time, appended a chunk of javascript to a site I help run. This javascript hijacks Google adsense, inserting their own account number, and sticking ads all over. The code is always appended, always in one specific directory (one used by a third party ad program), affects a number of files in a number of directories inside this one ad dir (20 or so) and is inserted at roughly the same overnight time. The adsense account belongs to a Chinese website (located in a town not an hour from where I will be in China next month. Maybe I should go bust heads... kidding, sort of), btw... here is the info on the site: http://serversiders.com/fhr.com.cn So, how could they append text to these files? Is it related to the permissions set on the files (ranging from 755 to 644)? To the webserver user (it's on MediaTemple so it should be secure, yes?)? I mean, if you have a file that has permissions set to 777 I still can't just add code to it at will... how might they be doing this? Here is a sample of the actual code for your viewing pleasure (and as you can see... not much to it. The real trick is how they got it in there): <script type="text/javascript"><!-- google_ad_client = "pub-5465156513898836"; /* 728x90_as */ google_ad_slot = "4840387765"; google_ad_width = 728; google_ad_height = 90; //--> </script> <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> </script> Since a number of folks have mentioned it, here is what I have checked (and by checked I mean I looked around the time the files were modified for any weirdness and I grepped the files for POST statements and directory traversals: access_log (nothing around the time except normal (i.e. excessive) msn bot traffic) error_log (nothing but the usual file does not exist errors for innocuous looking files) ssl_log (nothing but the usual) messages_log (no FTP access in here except for me)

    Read the article

  • IIS 7.5 website application pool with 'full control' permissions hackable?

    - by Caroline Beltran
    Although I would never set this permission, I would like to know how a static html website with the permission mentioned in the title could be compromised. In my humble opinion, I would guess that this would pose no threat since a web visitor has no way to upload/edit/delete anything. What if the site was a simple PHP website that simply displayed ‘hello world’? What if this PHP site had a contact us form that was properly sanitized? Thank you EDIT: I should mention that restricting IIS to GET and POST requests only, otherwise people anybody can delete and upload content.

    Read the article

  • Hacked website, code is encrypted in hex, unable to identify

    - by dhakad
    my web site hacked and i am getting code in index page, but i am unable to find that where is the code in my web site... %3c%68%74%6d%6c%3e%3c%68%65%61%64%3e%0d%0a%3c%6d%65%74%61%20%63%6f%6e%74%65%6e%74%3d%22%74%65%78%74%2f%68%74%6d%6c%3b%20%63%68%61%72%73%65%74%3d%75%74%66%2d%38%22%3e%0d%0a%3c%74%69%74%6c%65%3e%2e%2f%20%72%45%64%20%58%20%7c%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%61%75%74%68%6f%72%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%6b%65%79%77%6f%72%64%73%22%20%63%6f%6e%74%65%6e%74%3d%22%72%45%64%20%58%2c%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%2c%5a%6f%6e%65%2d%48%2c%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%22%20%2f%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%64%65%73%63%72%69%70%74%69%6f%6e%22%20%63%6f%6e%74%65%6e%74%3d%22%5b%20%72%45%64%20%58%20%2e%2e%20%54%68%65%20%52%65%61%6c%20%4f%75%74%72%61%67%65%6f%75%73%20%5d%22%20%2f%3e%0d%0a%3c%6c%69%6e%6b%20%72%65%6c%3d%22%53%48%4f%52%54%43%55%54%20%49%43%4f%4e%22%20%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%75%73%2e%79%69%6d%67%2e%63%6f%6d%2f%69%2f%6d%65%73%67%2f%65%6d%6f%74%69%63%6f%6e%73%37%2f%36%31%2e%67%69%66%22%3e%0d%0a%3c%73%74%79%6c%65%20%74%79%70%65%3d%22%74%65%78%74%2f%63%73%73%22%3e%0d%0a%62%6f%64%79%20%7b%62%61%63%6b%67%72%6f%75%6e%64%2d%69%6d%61%67%65%3a%20%75%72%6c%28%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%33%38%32%35%30%34%33%31%5f%31%2d%62%67%2e%67%69%66%29%3b%0d%0a%62%61%63%6b%67%72%6f%75%6e%64%2d%63%6f%6c%6f%72%3a%20%62%6c%61%63%6b%3b%63%6f%6c%6f%72%3a%20%23%46%46%41%35%30%30%3b%66%6f%6e%74%2d%77%65%69%67%68%74%3a%20%62%6f%6c%64%3b%74%65%78%74%2d%61%6c%69%67%6e%3a%20%63%65%6e%74%65%72%3b%7d%0d%0a%69%6d%67%7b%6f%70%61%63%69%74%79%3a%30%2e%37%35%3b%20%66%69%6c%74%65%72%3a%61%6c%70%68%61%28%6f%70%61%63%69%74%79%3d%37%35%29%3b%7d%0d%0a%2e%72%65%64%78%20%7b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%36%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%2c%20%30%20%30%20%35%70%78%20%72%65%64%3b%63%6f%6c%6f%72%3a%20%23%46%46%46%7d%0d%0a%3c%2f%73%74%79%6c%65%3e%0d%0a%3c%2f%68%65%61%64%3e%0d%0a%3c%62%6f%64%79%20%6f%6e%63%6f%6e%74%65%78%74%6d%65%6e%75%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6b%65%79%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%20%6f%6e%6d%6f%75%73%65%64%6f%77%6e%3d%22%72%65%74%75%72%6e%20%66%61%6c%73%65%22%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%50%61%6c%61%74%69%6e%6f%20%4c%69%6e%6f%74%79%70%65%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%34%36%70%78%3b%22%20%63%6c%61%73%73%3d%22%72%65%64%78%22%3e%2e%3a%3a%20%72%45%64%20%58%20%57%61%73%20%48%65%72%65%20%3a%3a%2e%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%69%6d%67%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%6d%65%64%69%61%2e%73%6f%6d%65%77%68%65%72%65%69%6e%62%6c%6f%67%2e%6e%65%74%2f%69%6d%61%67%65%73%2f%6f%6e%64%68%6f%6b%61%72%65%72%5f%72%61%6a%70%75%74%72%61%5f%31%33%35%33%35%35%32%36%35%31%5f%31%2d%72%65%64%2d%78%2e%6a%70%67%22%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%6d%61%6e%20%4f%6c%64%20%53%74%79%6c%65%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%6d%61%72%67%69%6e%3a%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%2d%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%2d%31%70%78%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%31%70%78%20%30%20%33%70%78%20%23%30%30%46%46%30%30%3b%22%3e%50%72%6f%75%64%20%54%6f%20%62%65%20%61%20%42%61%6e%67%6c%61%64%65%73%68%69%20%48%61%63%6b%65%72%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%65%72%6c%69%6e%20%53%61%6e%73%20%46%42%3b%63%6f%6c%6f%72%3a%20%23%31%35%31%42%35%34%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%30%30%46%46%30%30%2c%20%30%20%30%20%33%70%78%20%23%66%66%66%2c%20%30%20%30%20%35%70%78%20%23%46%30%30%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%44%65%61%72%20%41%44%4d%49%4e%3c%62%72%2f%3e%21%20%53%65%63%75%72%65%20%79%6f%75%72%20%53%49%54%45%20%21%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%31%38%70%78%3b%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%43%65%6e%74%75%72%79%20%47%6f%74%68%69%63%3b%63%6f%6c%6f%72%3a%20%23%30%30%30%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%33%70%78%20%6c%69%6d%65%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%2c%20%30%20%30%20%35%70%78%20%23%66%66%32%64%39%35%3b%22%3e%72%65%64%2d%78%40%68%61%63%6b%65%72%6d%61%69%6c%2e%63%6f%6d%3c%2f%64%69%76%3e%0d%0a%3c%62%72%2f%3e%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%22%3e%2e%2e%3a%3a%7c%20%47%72%65%65%74%7a%20%7c%3a%3a%2e%2e%3c%2f%64%69%76%3e%0d%0a%3c%64%69%76%20%73%74%79%6c%65%3d%22%66%6f%6e%74%2d%66%61%6d%69%6c%79%3a%20%42%6f%6f%6b%20%41%6e%74%69%71%75%61%3b%63%6f%6c%6f%72%3a%20%67%72%65%79%3b%66%6f%6e%74%2d%73%69%7a%65%3a%20%32%30%70%78%3b%74%65%78%74%2d%73%68%61%64%6f%77%3a%20%72%65%64%20%31%70%78%20%2d%30%70%78%20%36%70%78%22%3e%2e%3a%3a%20%78%33%6f%2d%31%33%33%37%20%7c%20%47%61%62%62%79%20%7c%20%24%70%21%72%21%74%7e%24%33%33%6b%33%72%20%7c%20%46%72%45%61%4b%79%20%3a%3a%2e%3c%62%72%2f%3e%41%6c%6c%20%4d%65%6d%62%65%72%73%20%6f%66%20%33%78%70%31%72%33%20%43%79%62%65%72%20%41%72%6d%79%3c%2f%64%69%76%3e%3c%62%72%2f%3e%0d%0a%3c%65%6d%62%65%64%20%73%72%63%3d%22%68%74%74%70%3a%2f%2f%79%6f%75%74%75%62%65%2e%67%6f%6f%67%6c%65%61%70%69%73%2e%63%6f%6d%2f%76%2f%70%74%5a%31%77%6f%33%4a%73%50%63%26%61%75%74%6f%70%6c%61%79%3d%31%26%6c%6f%6f%70%3d%31%22%20%74%79%70%65%3d%22%61%70%70%6c%69%63%61%74%69%6f%6e%2f%78%2d%73%68%6f%63%6b%77%61%76%65%2d%66%6c%61%73%68%22%20%77%6d%6f%64%65%3d%22%74%72%61%6e%73%70%61%72%65%6e%74%22%20%77%69%64%74%68%3d%22%31%22%20%68%65%69%67%68%74%3d%22%31%22%3e%3c%2f%62%6f%64%79%3e%3c%2f%68%74%6d%6c%3e'

    Read the article

  • Is there a peripheral that lets my computer monitor the connectivity of pairs of wires?

    - by raldi
    I've got a bunch of physical switches and circuits that act like switches (they're either connected to ground or they're just an open wire). Is there some sort of thing I can plug into my computer (ideally, via USB) that has a bunch of screw terminals, and I can attach wires to the screws and have the computer keep track of which circuits are closed and which are open? Bonus points if the device also lets the computer open and close switches, too. I don't even know what to google for.

    Read the article

  • is there any valid reason for users to request phpinfo()

    - by The Journeyman geek
    I'm working on writing a set of rules for fail2ban to make life a little more interesting for whoever is trying to bruteforce his way into my system. A good majority of the attempts tend to revolve around trying to get into phpinfo() via my webserver -as below GET //pma/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //admin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //dbadmin/config/config.inc.php?p=phpinfo(); HTTP/1.1 GET //mysql/config/config.inc.php?p=phpinfo(); HTTP/1.1 I'm wondering if there's any valid reason for a user to attempt to access phpinfo() via apache, since if not, i can simply use that, or more specifically the regex GET //[^>]+=phpinfo\(\) as a filter to eliminate these attacks

    Read the article

  • How can I disrupt my roommate's BitTorrent?

    - by bob
    We're on a 50 mb/s Comcast connection and our connection right now is coming in under 1.5 mb/s. Our roommate left for a week with BitTorrent running (Azureus client, we think). Our latency is approaching 300 ms. His door is locked up tight, and both his machine and the router for the house are located inside. I've even flipped the power breaker in the house and that barely works for 2 minutes. His laptop keeps on running, and once the cable modem and router come back up and the machine reconnects, the torrents resume in earnest. I've been running nmap and identified his IP on our LAN. Is there anything I can do over the LAN to make his torrents start to fail or slow down?

    Read the article

  • Would SSL prevent replay tampering by the authenticated user

    - by Coder 42
    In the context of a game (HTML5/Flash/Silverlight) which sends data to an online service to record progress (e.g. player killed an orc), would communicating with the service over SSL implicitly prevent the player from recording and replaying the message? I know SSL includes a nonce, but does it remain constant for the duration of the connection or does it change after each request/response cycle?

    Read the article

  • Attempted hack on VPS, how to protect in future, what were they trying to do?

    - by Moin Zaman
    UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file. Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away. I have some inkling as to how they managed to do this: My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?! I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions. Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?

    Read the article

  • My servers been hacked EMERGENCY

    - by Grant unwin
    I'm on my way into work at 9.30 pm on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere I'm not sure till j get there. Does anyone have any tips on how I can track this down quickly. Were in for a whole lot of litigation if I dont get the server back up asap. Any help appreciated.

    Read the article

  • Someone try to hack my site, want to understand the log

    - by garconcn
    I have a wordpress site hosted on CentOS 6. After see the following access log, I checked the server, it seems ok. Can anyone explain what does this guy trying to do? Did they get what they want? I have disabled allow_url_include, and restricted open_basedir to web dir and tmp(/etc is not in the path). 190.26.208.130 - - [05/Sep/2012:21:24:42 -0700] "POST http://my_ip/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n/?-d%20allow_url_include%3DOn+-d%20auto_prepend_file%3D../../../../../../../../../../../../etc/passwd%00%20-n HTTP/1.1" 200 32656 "-" "Mozilla/5.0"

    Read the article

  • Someone tried to hack my Node.js server, need to understand a GET request in the logs

    - by Akay
    Alright, so I left my Node.js server alone for a while and came back to find some really interesting stuff in the logs. Apparently some moron from China or Poland tried to hack my server using directory traversal and what not, while it seems though he did not succeed I am unable understand few entries in the log. This is the output of a "hohup.out" file. The attack starts, apparently he is trying to find out some console entry in my server. All of which fail and return a 404. [90mGET /../../../../../../../../../../../ [31m500 [90m6ms - 2b[0m [90mGET /<script>alert(53416)</script> [33m404 [90m7ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET /pz3yvy3lyzgja41w2sp [33m404 [90m1ms[0m [90mGET /stylesheets/style.css [33m404 [90m0ms[0m [90mGET /index.html [33m404 [90m1ms[0m [90mGET /index.htm [33m404 [90m0ms[0m [90mGET /default.html [33m404 [90m0ms[0m [90mGET /default.htm [33m404 [90m1ms[0m [90mGET /default.asp [33m404 [90m1ms[0m [90mGET /index.php [33m404 [90m0ms[0m [90mGET /default.php [33m404 [90m1ms[0m [90mGET /index.asp [33m404 [90m0ms[0m [90mGET /index.cgi [33m404 [90m0ms[0m [90mGET /index.jsp [33m404 [90m1ms[0m [90mGET /index.php3 [33m404 [90m0ms[0m [90mGET /index.pl [33m404 [90m0ms[0m [90mGET /default.jsp [33m404 [90m0ms[0m [90mGET /default.php3 [33m404 [90m0ms[0m [90mGET /index.html.en [33m404 [90m0ms[0m [90mGET /web.gif [33m404 [90m34ms[0m [90mGET /header.html [33m404 [90m1ms[0m [90mGET /homepage.nsf [33m404 [90m1ms[0m [90mGET /homepage.htm [33m404 [90m1ms[0m [90mGET /homepage.asp [33m404 [90m1ms[0m [90mGET /home.htm [33m404 [90m0ms[0m [90mGET /home.html [33m404 [90m1ms[0m [90mGET /home.asp [33m404 [90m1ms[0m [90mGET /login.asp [33m404 [90m0ms[0m [90mGET /login.html [33m404 [90m0ms[0m [90mGET /login.htm [33m404 [90m1ms[0m [90mGET /login.php [33m404 [90m0ms[0m [90mGET /index.cfm [33m404 [90m0ms[0m [90mGET /main.php [33m404 [90m1ms[0m [90mGET /main.asp [33m404 [90m1ms[0m [90mGET /main.htm [33m404 [90m1ms[0m [90mGET /main.html [33m404 [90m2ms[0m [90mGET /Welcome.html [33m404 [90m1ms[0m [90mGET /welcome.htm [33m404 [90m1ms[0m [90mGET /start.htm [33m404 [90m1ms[0m [90mGET /fleur.png [33m404 [90m0ms[0m [90mGET /level/99/ [33m404 [90m1ms[0m [90mGET /chl.css [33m404 [90m0ms[0m [90mGET /images/ [33m404 [90m0ms[0m [90mGET /robots.txt [33m404 [90m2ms[0m [90mGET /hb1/presign.asp [33m404 [90m1ms[0m [90mGET /NFuse/ASP/login.htm [33m404 [90m0ms[0m [90mGET /CCMAdmin/main.asp [33m404 [90m1ms[0m [90mGET /TiVoConnect?Command=QueryServer [33m404 [90m1ms[0m [90mGET /admin/images/rn_logo.gif [33m404 [90m1ms[0m [90mGET /vncviewer.jar [33m404 [90m1ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m7ms - 240b[0m [90mOPTIONS / [32m200 [90m1ms - 3b[0m [90mTRACE / [33m404 [90m0ms[0m [90mPROPFIND / [33m404 [90m0ms[0m [90mGET /\./ [33m404 [90m1ms[0m But here is when things start getting fishy. [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET /robots.txt [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m3ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://37.28.156.211/sprawdza.php [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET http://www.daydaydata.com/proxy.txt [33m404 [90m19ms[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m2ms[0m [90mGET / [32m200 [90m4ms - 240b[0m [90mGET http://www.google.pl/search?q=wp.pl [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET http://www.google.pl/search?q=onet.pl [33m404 [90m1ms[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.pl/search?q=ostro%C5%82%C4%99ka [33m404 [90m1ms[0m [90mGET http://www.google.pl/search?q=google [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET http://www.baidu.com/ [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mPOST /api/login [32m200 [90m1ms - 28b[0m [90mGET /web-console/ServerInfo.jsp [33m404 [90m2ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m10ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://proxyjudge.info [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m2ms - 240b[0m [90mGET / [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m3ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m3ms - 240b[0m [90mGET http://www.baidu.com/ [32m200 [90m1ms - 240b[0m [90mGET /manager/html [33m404 [90m0ms[0m [90mGET /manager/html [33m404 [90m1ms[0m [90mGET http://www.google.com/ [32m200 [90m2ms - 240b[0m [90mHEAD / [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/ [32m200 [90m1ms - 240b[0m [90mGET http://www.google.com/search?tbo=d&source=hp&num=1&btnG=Search&q=niceman [33m404 [90m2ms[0m So my questions are, how come my server is returning a "200" OK for root level domains? How did the hacker even manage to send a GET request to my server such that "http://www.google.com" shows up in the log while my server is simply an API that works on relative URLs such as "/api/login". And, while I looked up the OPTIONS, TRACE and PROPFIND HTTP requests that my server has logged it would be great if someone could explain what exactly was the hacker trying to achieve by using these verbs? Also what in the world does "[90m [32m [90m1ms - 240b[0m" mean? The "ms" makes sense, probably milliseconds for the request, rest I am unable to understand. Thank you!

    Read the article

  • Server load increases by lot of httpd request with same PID

    - by user3740955
    I can see that my server load increases to more than 200-300 range. Before 1 week the maximum load was around 20-25. In top and ps -ef i can see a lot of httpd threads and the PPID of most of the httpd request are of the same PID. When i verified this the parent process ID is of root. Please let me know how i can reduce the server load. I have searched a lot for this but not able to find out a proper solution for this. Please let me know. Please see below a part of the top output. apache 29698 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29700 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29701 2062 10 16:54 ? 00:00:02 /usr/sbin/httpd apache 29702 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29703 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29705 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29706 2062 3 16:54 ? 00:00:00 /usr/sbin/httpd apache 29707 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29708 2062 1 16:54 ? 00:00:00 /usr/sbin/httpd apache 29709 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29710 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29711 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd apache 29712 2062 0 16:54 ? 00:00:00 /usr/sbin/httpd Server version: Apache/2.2.3

    Read the article

  • Finding a way to enter gmail in Company

    - by stckvrflw1
    Hello all, I am entering network over DNS's of my company. Here my company blocks lots of IP's for reasons like entertainment, sports, music, messaging boards etc. General e-mail is also one of those topics and I can't enter gmail.com. The proxy sites are also blocked in the company and the one's I have found (by spending much afford) are not accepting cookies. Also I am not able to enter the gmail from Igoogle too, this is also blocked. How can I enter gmail ? Thanks.

    Read the article

  • Sony ouvre le PlayStation Move aux développeurs universitaires et amateurs en sortant Move.Me : suffisant pour contrer Kinect ?

    Sony ouvre son PlayStation Move aux développeurs Universitaires et amateurs en sortant Move.Me : suffisant pour contrer le Kinect de Microsoft ? Il y a un an de cela lors de l'événement annuel Game Developers Conference 2010, Sony avait dévoilé officiellement son contrôleur à détection de mouvements pour sa console de Jeux la PlayStation 3, le PlayStation Move. Un an après, à l'occasion du même événement qui se déroule actuellement à San Francisco , Sony a annoncé Move.Me, un SDK que les étudiants, les chercheurs et les amateurs peuvent utiliser pour créer de nouvelles applications en utilisant le PlayStation Move.

    Read the article

  • Login code sample which has been hacked via SQL Injection, although mysql_real_escape_string...

    - by artmania
    Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user table $query = $this->db->getwhere('users', array('username'=>$username, 'password'=>$password)); if ($query->num_rows() > 0) { // success login data Am I using the mysql_real_escape_string wrong? or what? Appreciate helps!

    Read the article

  • Rainbow Tables: How to improve upon them??

    - by CVS-2600Hertz-wordpress-com
    I recently obtained the l0pht-CD for windows and tried it out on my PC and It WORKS!! http://2600hertz.wordpress.com/2009/12/22/100-windows-xp-vista-7-password-recovery/ I have also read http://kestas.kuliukas.com/RainbowTables/ I'm designing a "Login-Simulator" that stores pwd-s in a similar manner. The current implementation will be vulnerable to the above attack. Plz could anyone illustrate (in as simple terms as possible), how to strengthen the rainbow tables against such an attack. MY GOAL : Build "Login-Simulator" to be as secure as possible. (Read Hacking Competition ;-) ) Thank You.

    Read the article

  • How to change socket bind port of program? without source code.

    - by hunmr
    Hello everyone, PROBLEM: I have a program dummy.exe on windows. this program will bind to UDP port 5060, after started. but another program also want to bind port 5060. WHAT I HAVE DONE: using windbg to start dummy.exe, and set breakpoint on ws2_32!bind when the breakpoint hit, i changed the parameter (port value) with command ew this dummy.exe will bind to the new port, and worked well. QUESTION: How can i do that easily? write a simple windows debugger? Maybe i can hacking or modify the dummy.exe file, but how to do that? what's your way to achieve this? thanks

    Read the article

  • IndexOutofRangeException while using WriteLine in nested Parallel.For loops

    - by Umar Asif
    I am trying to write kinect depth data to a text file using nested Parallel.For loops with the following code. However, it gives IndexOutofRangeException. The code works perfect if using simple for loops but it hangs the UI since the depth format is set to 640x480 causing the loops to write 307200 lines in the text file at 30fps. Therefore, I switched to Parallel. For scheme. If I omit the writeLine command from the nested loops, the code works fine, which indicates that the IndexOutofRangeException is arising at the writeline command. I do not know how to troubleshoot this. Please advise. Any better workarounds to avoid UI freezing? Thanks. using (DepthImageFrame depthImageframe = d.OpenDepthImageFrame()) { if (depthImageframe == null) return; depthImageframe.CopyPixelDataTo(depthPixelData); swDepth = new StreamWriter(@"E:\depthData.txt", false); int i = 0; Parallel.For(0, depthImageframe.Width, delegate(int x) { Parallel.For(0, depthImageframe.Height, delegate(int y) { p[i] = sensor.MapDepthToSkeletonPoint(depthImageframe.Format, x, y, depthPixelData[x + depthImageframe.Width * y]); swDepth.WriteLine(i + "," + p[k].X + "," + p[k].Y + "," + p[k].Z); i++; }); }); swDepth.Close(); } }

    Read the article

  • My Website was hacked using Statcounter! Does Statcounter keep a record of cookies?

    - by Cyril Gupta
    I had a rather interesting case of hacking on my ASP.Net MVC website. For this website I had implemented a rather uncomplicated authentication system for my admin area -- an encrypted cookie which had an identifying signature for the member. Whenever the admin visits the website the cookie would be decrypted and signature verified. If matching he wouldn't have to sign in. Couple of days ago a visitor on my site told me that he was able to sign into my website simply by clicking no a referral link on his Statcounter console which pointed to my admin area (I had visited his site from a link inside my admin view). He just clicked on a link in statcounter and he was signed in as the admin! The only way this could have happened was if statcounter somehow recorded my cookies and used those when he clicked on the link pointing to my admin! Is that logical or fathomable? I don't understand what's going on. Do you have any suggestions as to how I can protect my website against things like this?

    Read the article

  • Code Space : le projet de Microsoft qui introduit une nouvelle façon de collaborer en utilisant Kinect, terminaux tactiles et PC

    Code Space : le projet de Microsoft qui introduit une nouvelle façon de collaborer En utilisant Kinect, terminaux tactiles et PC Microsoft research vient de mettre sur pied un projet qui présente un nouveau concept de partage de l'information lors des réunions ou séance de travail en petit groupe. Le projet baptisé « Code Space », démocratise l'accès, le contrôle et le partage d'informations à travers de multiples dispositifs personnels et de présentation publique. [IMG]http://rdonfack.developpez.com/images/CodeSpace.jpg[/IMG] Le système comme son nom l'indique, a été conçu à la base pour les développeurs. Avec cette technologie, ceux-ci peuvent facilement...

    Read the article

  • Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés

    Pwn2Own 2011 : BlackBerry et l'iPhone 4 vaincus lors du concours de hacking, les produits Google demeurent intouchés Mise à jour du 11.03.2011 par Katleen Pour sa deuxième journée, le Pwn2Own a encore fait quelques victimes, mais en a aussi épargné certains. Les victimes potentielles de la journée étaient les systèmes d'exploitation mobile mais aussi Firefox (3.6), le navigateur qui n'avait pas été malmené hier. Seulement, Sam Dash, qui devait lui régler son compte, ne s'est pas présenté au concours. "Je ne peux pas écrire une code d'exploitation viable" pour ce challenge, s'est-il justifié. En revanche, l'iPhone 4 et le BlackBerry Torch sont tombés. Pour le s...

    Read the article

  • How to hack Drupal

    - by Ryan Nelson
    Does anyone know how to hack into a Drupal site? This is for ethical purposes, just a contest with me and my friend to see who can hack each other the most. He's got a Drupal site I need to get past. Anyone know how? Anything is useful (Gaining admin access, modifying stuff, etc.) Thanks!

    Read the article

  • php security holes POCs

    - by Flavius
    Hi Please provide examples for all of these: XSS, CSRF, SQL injection with both the source code and the attack steps for each. Other attack vectors are welcome. The most complete answer gets a accepted. The configuration is a fairly standard one, as of PHP 5.3.2, core settings: allow_call_time_pass_reference => Off => Off allow_url_fopen => On => On allow_url_include => Off => Off always_populate_raw_post_data => Off => Off arg_separator.input => & => & arg_separator.output => & => & asp_tags => Off => Off auto_append_file => no value => no value auto_globals_jit => On => On auto_prepend_file => no value => no value browscap => no value => no value default_charset => no value => no value default_mimetype => text/html => text/html define_syslog_variables => Off => Off disable_classes => no value => no value disable_functions => no value => no value display_errors => STDOUT => STDOUT display_startup_errors => On => On doc_root => no value => no value docref_ext => no value => no value docref_root => no value => no value enable_dl => Off => Off error_append_string => no value => no value error_log => syslog => syslog error_prepend_string => no value => no value error_reporting => 32767 => 32767 exit_on_timeout => Off => Off expose_php => On => On extension_dir => /usr/lib/php/modules/ => /usr/lib/php/modules/ file_uploads => On => On highlight.bg => <font style="color: #FFFFFF">#FFFFFF</font> => <font style="color: #FFFFFF">#FFFFFF</font> highlight.comment => <font style="color: #FF8000">#FF8000</font> => <font style="color: #FF8000">#FF8000</font> highlight.default => <font style="color: #0000BB">#0000BB</font> => <font style="color: #0000BB">#0000BB</font> highlight.html => <font style="color: #000000">#000000</font> => <font style="color: #000000">#000000</font> highlight.keyword => <font style="color: #007700">#007700</font> => <font style="color: #007700">#007700</font> highlight.string => <font style="color: #DD0000">#DD0000</font> => <font style="color: #DD0000">#DD0000</font> html_errors => Off => Off ignore_repeated_errors => Off => Off ignore_repeated_source => Off => Off ignore_user_abort => Off => Off implicit_flush => On => On include_path => .:/usr/share/pear => .:/usr/share/pear log_errors => On => On log_errors_max_len => 1024 => 1024 magic_quotes_gpc => Off => Off magic_quotes_runtime => Off => Off magic_quotes_sybase => Off => Off mail.add_x_header => On => On mail.force_extra_parameters => no value => no value mail.log => no value => no value max_execution_time => 0 => 0 max_file_uploads => 20 => 20 max_input_nesting_level => 64 => 64 max_input_time => -1 => -1 memory_limit => 128M => 128M open_basedir => no value => no value output_buffering => 0 => 0 output_handler => no value => no value post_max_size => 8M => 8M precision => 14 => 14 realpath_cache_size => 16K => 16K realpath_cache_ttl => 120 => 120 register_argc_argv => On => On register_globals => Off => Off register_long_arrays => Off => Off report_memleaks => On => On report_zend_debug => Off => Off request_order => GP => GP safe_mode => Off => Off safe_mode_exec_dir => no value => no value safe_mode_gid => Off => Off safe_mode_include_dir => no value => no value sendmail_from => no value => no value sendmail_path => /usr/sbin/sendmail -t -i => /usr/sbin/sendmail -t -i serialize_precision => 100 => 100 short_open_tag => Off => Off SMTP => localhost => localhost smtp_port => 25 => 25 sql.safe_mode => Off => Off track_errors => Off => Off unserialize_callback_func => no value => no value upload_max_filesize => 2M => 2M upload_tmp_dir => no value => no value user_dir => no value => no value user_ini.cache_ttl => 300 => 300 user_ini.filename => .user.ini => .user.ini variables_order => GPCS => GPCS xmlrpc_error_number => 0 => 0 xmlrpc_errors => Off => Off y2k_compliance => On => On zend.enable_gc => On => On

    Read the article

< Previous Page | 5 6 7 8 9 10 11 12 13 14 15 16  | Next Page >