Let me start by saying its a school assignment, and therefore not a real world situation. Nevertheless, I would appreciate any help I can get.The company ProvidIT has contacted us, their website has been hacked. Instead of their normal website, it shows Buy creditcard details online, click here (cc4u.jpg). A classical defacement.The following offenses also might have been committed. So its our job to find evidence for those offences.(I had to translate the Dutch law articles, so they might not be 100% acurate legally speaking, but you get the idea)
- Unlawfully accessing automated systems
- Copy or tap (eavesdrop) data after hacking
- Unlawfully access or use system resources of a 3rd party computer
my server is web server with centos 5 & parallel 9, don't why all web sites in this server have been added a home pages which is not mind. even the mysql admin also redirected to other site, what i can do!
Awoke to millions of failed SSH attempts into my public server. Behind a firewall which forwards only SSH and HTTP. Local iptables deny everything except SSH and HTTP. Exact same symptoms and results as Chris over at his site: here.I just want to know how they managed to execute a script, or make changes etc? Here's some info:According to cat /var/log/secure | grep "Accepted" no one besides myself gained entry via SSH.The FTP account (500:48 (Purposely in apache group)) is chrooted to a 775 directory and vsftpd does not accept anonymous entry. vsftpd and xferlog's are empty?
Code: You have new mail in /var/spool/mail/root [root@dev etc]# tail /var/spool/mail/root
I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
My server (Ubuntu 10.04 desktop) was hacked. I had my ethernet plugged in to an Intel 82557 Ethernet Pro card (Pulse) when my server was first attacked. After it was attacked I reinstalled the system but my ethernet card still would not work. Ubuntu recognized it, but it is continually disconnected and the little status lights on the card do not light up anymore.
So then I plugged the ethernet to the mother board itself. Well, my server was hacked again and now the ethernet on the motherboard does not work. Again, Ubuntu (after a reinstall) recognizes the hardware but nothing happens when I plug the etherent in. The motherboard is a BioStar P4M900 VIA chipset. I have a few of the system logs here [URL] which I saved right after the first attack.
I just got control over a server that was hacked several months back. The other day we started receiving rejected emails sent from my server to a yahoo email address that is no longer active that contained users login information. I am trying to find the process that is sending these emails. So far its been like finding a needle in a haystack. The email that is being sent is appending the login information each time it is sent so there must be a local file that contains this information. I have tried using grep and find without any luck.
I am *finally* getting around to rebuilding my file-sharing computer. I'll be sharing files with both Linux and Windoze machines. It's a home network, so there's nothing fancy needed. I know I have to tweak my smb.conf file until I'm satisfied with the features and security. I'm using SWAT and I'm starting with a bare-bones conf file. It's not secure but I can see the server and selected files/directories from my other Linux box.
My really dumb question is, do I have to reboot both the server and the client machines every time I change the SAMBA configuration? I thought I just had to stop and restart the SAMBA service in the SWAT software - but then the server disappears from my client. It looks like I need to reboot both machines for the client to see the server.
My server is probaly hacked and sending spam emails. I see them randomly in maillog (/usr/local/psa/var/log/maillog, server has a plesk panel), sometimes a few in a long time, sometimes a lot of them.Here is a sample of it:
Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: Handlers Filter before-remote for qmail started ... Jan 4 00:47:08 acv360 qmail-remote-handlers[17662]: from=root@acv360.com
I will be relocating to a permanent residence sometime in the next year or two. I've recently begun thinking about the best way to implement a home-based network. It occurred to me that the most elegant solution might be the use of VM technology to eliminate as much hardware and wiring as possible.My thinking is this: Install a multi-core system and configure it to run several VMs, one each for a firewall, a caching proxy server, a mail server, a web server. Additionally, I would like to run 2-4 VMs as remote (RDP)workstations, using diskless workstations to boot the VMs over powerline ethernet.The latest powerline technology (available later this year) will allow multiple devices on a residential circuit operating at near gigabit speed, just like legacy wired networks.
In theory, the above would allow me to consolidate everything but the disklessworkstations on a single server and eliminate all wired (and wireless) connections except the broadband connection to the Internet and the cabling to the nearest power outlets. It appears technically possible, but I'm not sure about the various virtual connections among VMs. In theory, each VM should be able to communicate with the other as if it was on the same network via the server data bus, but what about setting up firewall zones? Any internal I/O bandwidth bottlenecks? Any other potential "gotchas", caveats, issues? (Other than the obvious requirement of having enough CPU and RAM).Any thoughts or observations welcome, especially if they are from real world experience in a VM environment. BTW--in case you're wondering why I'm posting here, it's because I run Debian on all my workstations/servers (running VirtualBox as a VM for Windows XP on one workstation).
I'm running the current release of Debian with the 2.6.26-2 kernel. This is an upgrade from an older (2.4 kernel) series redhat release. One of the things I had working in the older system was a dns server with accompanying monthly update of the root hints file. I tried working through a dns how-to to set this up again, but it seems much has moved around since I last played with this. All of the files listed in the how-to are not where it says they should be. I am looking for a better reference on keeping the dns server running with current server information.
I have installed nfs-kernel-server on the server and nfs-common on the client. Assumeserver 192.168.1.1client 192.168.1.3
content of /etc/exports is: /home 192.168.1.0/255.255.255.0(rw,sync,no_root_squash) /home/nfsroot 192.168.1.0/255.255.255.0(rw,no_subtree_check,async,no_root_squash)
I wanted to setup my server as a router/gateway just for educational purposes and also when it succeeded i will keep the gateway and place it on the front line right after my modem.
My current setup as it is now :
The GATEWAY/ROUTER will be doing the main work to act as a dhcp server and firewall.
Now my setup as it is now :
So now what i ment to do was :
Let the clients connect to the gateway via ETH1 and all the stuff being router to ETH0 which is the NIC that is connected to the internet.
But now i have two huge problems :
1. The DHCP configuration seems to be fine the client machines get their ip adresses and /etc/resolve.conf looks fine to. But somehow the GATEWAY/ROUTER wont let me use the specified external DNs server so i cant do anything on these machines.
2. The firewall script [url] at line 27 should be DROP but if i use this line of code the GATEWAY/ROUTER cannot use his dns server settings so when i try to browse the internet or ping a machine outside my local network it would came up with nothing.
I'm trying to get nfs server working at boot up and it isn't starting because it says portmapper isn't running. I've read through a bunch of documentation on this and have gotten to the point that if the documentation tells me to Code: Select all$ apt-get install nfs-kernel-server portmap I usually stop there as it is outdated. I cant find a process doc that utilizes rpcbind. So, here is what I've done on my own:
setup /etc/exports with a proper nfs dir and exportfs it Code: Select all$ apt-get install nfs-common nfs-kernel-server $ sysv-rc-conf ---│ nfs-kerne$ [ ] [X] [X] [X] [X] [ ] [ ] [ ] │ ---│ rpcbind [ ] [X] [X] [X] [X] [ ] [ ] [ ] │ $ service rpcbind start
[Code] ....
The errors however don't seem critical as I'm able to mount the exported directory. OK so it appears to me that nfs server is working. However through a boot, the nfs-kernel-server and the rpcbind services are not starting. The nfs-kernel-server didn't start because rpcbind wasn't running. So I start rpcbind and then nfs-kernel-server and then nfs server works. So what am I missing? Why will rpcbind not start at boot?
I'm having a lot of difficulty trying to use tab completion while working in my FTP server from a terminal.I access this server with other Linux distros and OSX and the completion works fine. I've tried changing a lot of Debian config, but it seems to only affect the completion within the local scope.
Tab completion does work for system related tasks, no problem.
System: Debian 8.2/Kernel 3.16.0-4-amd64
FTP Server: Trendnet TS-I300 NAS with FTP/upnp
Settings: Enabled in bashrc: Code: Select allif ! shopt -oq posix; then if [ -f /usr/share/bash-completion/bash_completion ]; then . /usr/share/bash-completion/bash_completion elif [ -f /etc/bash_completion ]; then . /etc/bash_completion fi fi
I tryed to install a DNS server on debian lenny, i installed bind9 and webmin, and then i installed a bind module for webmin. I created a domain with webmin but when i tryed to add a address record with it i had a Error-Missing Content-Type Header.
I have ssh and http server running on a linux box.The interface is DHCP configured, using dyndns.org to register its assigned IP, my ADSL modem does not do routing.When i reboot the system none of the servers are visible from the outside...Recently i got a hint to add "ping google.com" to cron run every 5mins. With this hack the servers become visible, and i can see/connect from the outside; - but for obvious reasons ont like this solution.Anyone is able to shed some light why the server needs to do outgoing tarffic to become visible?
I have since a couple of days a vps. I discovered that there's is no nameserver is running.
# host google.com Nameserver not running google.com A record not found, try again
Also there's no resolv.config in /etc/. I re-installed the OS several times without any changes. I ask my host about this but he has not answered my questions.
I'm trying to get my simple home web server on the internet but I cannot seem to make it work. I've set up a LAMP stack to host my website and it works perfectly on my local network (accessing from [URL].. but not from the internet. To test it for now before I set up a dynamic dns service, I am trying to access my website via my WAN IP address from within and outside of my home network (ie http://69. When I do this, I get a "taking too long to respond" message, instead of a host not found or 404 or something of that nature. My box has a pentium 4, 2 gigs of ram, and is on a DSL line so I have a hard time believing anything is "taking too long". Here are the software packages I've installed:
All of these packages work perfectly fine from within my home LAN, but NONE work outside of my network.
Other configs: -My router forwards traffic on port 80 to my server -My iptables allow incoming traffic on port 80 -My ISP, AT&T, does not block port 80 (or any port, according to various online sources)
Perhaps Apache is not configured correctly? What apache config options would be related to this problem?
I've previously tried a similar setup with the dyndns service fully configured (I followed a very thorough guide down to the t - wish I had the link it was excellent), but to no avail - I got the same "too long to respond" accessing from my domain name. I understand that there are a multitude of causes for this problem, so what can I do to narrow down the source? "How to set up a LAMP server" guide, because all of them have lead me to where I am now.
I have a strange problem. I have set up a server to run without a keyboard, mouse, or video. If I boot it connected to a monitor, there is no issue. However, if I boot it without a monitor attached, the CPU just runs at 100%. Below is a shot of my HTOP from the machine: The weird part is that if you sort the processes by CPU%, they don't actually total 100%. I was trying to see what was pushing the CPU so high, but most of the time the running processes only total between 5 and 20%. Has anyone else seen the problem? Any idea what's happening? I'm worried that if I leave it running like that, the processor could burn up. My temporary work around is to boot it up with a monitor, then disconnect the monitor, but that's really inconvenient.
I have a rented vserver running at Strato [URL]. It came preinstalled with Debian 7. I upgraded it to Debian 8, what seemed to run fine, all services running. The problems came up when I tried to reboot the server to test the init system. It just does not come up, I cannot ping it, nothing. I can boot into the rescue system, mount the system partitions and chroot in to the filesystem. In this state I also can run my services, including apache2 and mysql. In the syslog I find nothing about the reboot. Now I need to reboot ino the normal system. I already tried to resume to sysvinit without success.
I need to monitor resource of my server. I have found munin and sysstat, Does munin use systat? or they are different package?because in some documents I have found on net,for installing munin, systat is needed !!for example on RedHat based distor, sysstat package is needed! but on debian is not needed!
I downloaded the most recent version of debian and isntalled it. Everything went really well there. Until i issued free -m on the box. It would appear that the server is missing about 300mb of ram which is okay for i figured perhaps the video card / sound was taking that amount of ram for it'self. it was not until i installed Xen and I found a bigger problem with memory and my system. for what ever reason when I attempt to create a domU with 512mb of ram, i need to add 19MB more ram so that when i issue free -m from within the domU it will show a total of 512. worse yet is that when i raise the total up to 1024 for 1gb or domU ram, i need to addd 28mb or ram. and add 28mb of ram PER GB i wish to add to the domU.
My question is rather simple, but i couldn`t find any answer yet i have a debian box connected to the internet through an ad-hoc wireless connection with a win7 box.Could I run a http server on the linux box and access it from the "outside" somehow, since my linux box has a "private network" type IP, ie: 192.168.137.12 ?
So I'm running proftpd on an old machine just for my own backup purposes, but I'm running out of space. I was wondering if it would be safe/efficent to set up an additional USB hard drive to the LVM drive that I have now? As in, would it write quick enough (USB 2.0), read quick enough and not corrupt data?
- the first of them is the router (firewall, htb, squid, etc.) - the second have installed apache2 - the third sql - and the last one is LTSP server for 40 client.
When the ThinClient connect to the LTSP server ewerything works good, but i can't see all of them on squid access log. Isee one ip address (LTSP server), but i want to see 40 ip adrresses. The same situation is in htb. It's doesn't work on the thin client. Is there any way to get this work that how i want ?
I'm having problems when trying to view my web site from inside my firewall and router. The web server works fine and will resolve from IP address on the local network and port forwarding works for external connections. The problem stems from when I orignally setup the server; I left the domain name field blank when going through the installation process.
I've had a look at the man pages and had a search on Google but cannot find an answer that works. I've changed a few things in '/etc/hosts' and '/etc/networks' but when I make changes they have no effect on the problem. My web site is on a no-ip domain which is [URL]..
What would be necessary to run an ftp server (or a web server) on my local PC so that other people I know could access it and download stuff from it? The idea is to share photos, videos etc with friends/family where the files are a bit too big for email. (All 100% legal, own-content, no copyright issues, needless to say). Security isn't that vital, I'd just put files in the ftp directory, email the link and let them download the files, then remove them again. No passwords are required, and no uploads.
Obviously there's the problem that both computers have to be on at the same time, and I assume I'd have to change my computer's firewall settings and my router's settings to allow the traffic through, but my question is more basic than that - is it even possible? My internet connection is through a router, and as I understand it, my router has the IP address, not my computer. So I can connect through my router using my computer's IP address, but only my router knows my computer's IP address, and all the rest of the internet just sees my router and its IP address. Which means (I think) that I can't just send my IP address for my family to connect to, because that only gets them as far as my router, and the router would have no idea what to do with such requests. Am I right so far?
So is there any way for my family's computers to contact an FTP server or a web server running on my computer? Or does it require some kind of intermediary server to act as a traffic-forwarder? Is there such a thing? I'm assuming that setting up little private torrents would be fiddly and inefficient. Or would it be better/simpler to use one of the free filesharing services and put up with the (sometimes not too family-friendly) adverts associated with them?
