I am facing problem on my Linux server, those runing php sites, most of the time hacker upload file in my website and take the control, and hack the sites, shoot the thousands of mail etc
View 7 RepliesI've recently been running a game server from my desktop, as well as a web page to accompany it.I use the ports 80/8123(HTTP)/5900(VNC)/50500(GAME)/5839(ADMINISTRATION).What's the best solution to protect my server from security threats? On a side note, I plan on adding a MySQL server later, but I want to keep it local only.
View 9 Replies View RelatedI have just configured Centos 5.5 LocalMailServer with fetchmail and sendmail , Proxy with Squid and FileServer with samba. Now my concern is security.. How can i protect my server with outside attack. Will I need to block some ports or I need special tools or script so no one from outside can attack my machine. My machine is working on intranet with local ip only.. No web server or static ip exists. Machine is connected with ADSL router to access internet.
View 5 Replies View RelatedI was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
View 4 Replies View RelatedI'm trying to implement this method to block php injection attack using fail2ban: here it is, however I'm not sure it applies to Ubuntu. You see, there's this filter that must be added to the fail2ban jail file:
HTML Code:
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
[Code]....
Our client-accounts were recently injected with the following script and since there are too many files that were injected (only index.php and index.html) how this script can be traced with a search command and removed in all files found.
[Code].....
currently I'm fiddling around with mod_security for apache2 configurations on CentOS boxes, right now in a test environment first (i.e. separate non production box).CentOS includes the mod_security "Core Rule Set" by Breach Security Inc, the devs behind that module.So far all's running mostly, logs/auditlogs etc.For simple testing, I made a small php form as following:
Code:
<?php
$link = mysql_connect("localhost",$user,$pass); //un/pw obfuscated for forum post
[code]...
I want to do some pen-testing using aircrack-ng on my local network and currently the only wireless adapter I have is the WNA 1100 netgear adapter. I am using the ath9k_htc driver.
View 7 Replies View RelatedI would like to know how to protect networks against VPN attacks? How does big industries do it? What does the government tend to use? Are any tools open source that I may get?
View 1 Replies View RelatedI was wondering if firestarter (software firewall) works out of the box or does it need some kind of configuration in order for it to provide protection? Is firestarter even needed with ubuntu?
View 6 Replies View RelatedI create music and usually gets sold world wide. I have some distributors that have been able to access a private server and get the new tunes I make to download via ftp. Well that server is getting full and I was trying to create another directory on my website itself.I created the directory. made the ".htaccess" file. Then I tried to make the htpasswd file but my server just keeps saying no command by that name.
View 8 Replies View RelatedI want to start using videos/music files downloaded from untrusted sources (BT,Sharing Forums, etc.). Haven't made this a habit b4 because of the security risks. I want to take steps to reduce the risk & protect my computer from anything malicious. What are some good choices for this? The biggest step I took so far is using Ubuntu since it's very virus resistant, but other threats do exist out there (rootkits, malicious scripts, etc.). When downloading files from untrusted sources, who knows what may be hidden inside.Some options I'm thinking about:
1) Using a VM (with Ubuntu installed inside) & playing the files inside the VM. If anything malicious happen, it would be trapped inside & I could easily revert to a clean snapshot.
2) Using AppArmor to restrict what the files or program used to play the files can/can't do. AA seems very complicated though.
Are the above overkill? Would it be sufficient enough to just open these files on a non-admin user account since no access to root or sudo?
I am planning a trip for a few days and I will be staying at an inn with Wifi access. All the guests are allowed to use it. A friend of mine has been there, he told me there are several other private spots around the house, i.e. lots of other people using Wifi. My friend told me the inn uses WEP, so who knows how many times their access point has been hacked and accessed without permission...
My concern is that I will be there for a few days with my notebook, I will have to work once in a while, connected to the Internet. Is there some precaution I should take to protect my notebook from intruders? Is it advisable to install a firewall in my notebook (iptables?) or am I just overreacting? Is it possible for one of the guests or neighbors to break into my notebook?
are there any programs that will protect my computer on the Internet. Just started using fed 10 from windows so i am not sure what i need to do. I am using an acer aspire 5630 laptop.
View 1 Replies View RelatedI was wondering how to password protect certain file folders?
View 6 Replies View Relatedim currently trying to configure SE Linux policy for a folder so that only my user with root privileges can access it and not just root but i don't know the commend to run on the folder to change its permissions
View 4 Replies View RelatedI want to password protect evolution. How would I do that? I want to allow anyone to access all my other software, but my business email needs to be privateMy current solution seems to be to setup another account. But all the user switching and other what not seems a little much for one program.
View 2 Replies View RelatedI've already read and tested the various guides for pasword portecting the menu items. What I need is a little bit different. I need to protect the whole boot menu so normal users cannot select any entry at all and only let the default entry boot.
View 4 Replies View RelatedI would usually just root the permissions to 000 but I need to password protect a folder on a usb drive and then open it on windows.
View 1 Replies View RelatedThis might sound really stupid, so you'll all have to excuse my lacking knowledge. I read that USB attacks get more and more common, like putting in an USB stick with a malicious autorun script on it, and it's game over. Can AppArmor protect devices and limit their access to the file system?
View 5 Replies View RelatedI am using postfix as spam Mailscanner to protect my mail server running sendmail. The problem is that when I forward an email from MailScanner mail me back with the following error:
<postmaster@localhost.@mydomain.com.>... Real domain name required for sender address (in reply to MAIL FROM command))
Jul 27 13:15:59 smtp postfix/local[28465]: C68AC1000001: to=<root@smtp.mydomain.com>,
[code]....
I just want to know is it possible to protect our kernel through password. If i have three kernels and i want to protect it through kernel so any one without providing the correct password could not be able to boot from that kernel.
View 1 Replies View RelatedToday I've found several attempt to access the following url on my website: [URL] After googleing a bit it seems that in some cases, using this attack, the bag guy is able to change the code in some of your files. it also seems to affect only a certain version of oScommerce. I don't use oScommerce, so I do believe that I'm on the safe side, but it's not the first time that I see some similar attempt of attack on my website. So to protect my self I was wondering if using .htaccess restriction would be enough?
Code:
########## Begin - Rewrite rules to block out some common exploits
#
RewriteEngine on
Options +FollowSymLinks
[code]....
But I do think that these rewrite string are more specificity write to protect oScommerce site. how to protect my web site from such attach and similar?
I run a small website, and the customers need to contact me from our website,and I run sendmail, but I get lots of spam, they use my sendmail to send spam, here is the ps aux: all those url are spam url, and slow my vps down.I believe I need to use SMTP to accept connect so that my customers can contact us from our website, (plz correct me if i'm wrong..I'm new to those stuff..)by the way, we did not need to receive any email from the sendmail server,
View 2 Replies View RelatedTo Protect Web Page Directories With Passwords i have done the below configuration but the problem is when i click the linux it is not asking username and password,
Created new account for logging into web interface:
htpasswd -c /etc/httpd/conf/.htpasswd travelkarega
Created a file name .htaccess in /opt/apps/deploy/websites/travelkarega/html/
vi .htaccess
AuthUserFile /etc/httpd/conf/.htpasswd
AuthName "Please enter password"
AuthType Basic
<Limit GET POST>
require user travelkarega
</Limit>
Added these above entries in the file .htaccess
Im running apache2 on a debian webserver and i was wondering how i can password protect a folder in my www directory when someone try to access it from the web.
View 1 Replies View RelatedI want protect my server from syn attack
My server Linux - Cantos 5.6.
if there is any free software there used to protect Fedora from spyware and virus?
View 8 Replies View RelatedWe are trying to define an appliance based on Suse for an application server and Web server Apache, so we would like to know configuration best practices for network and security, is there any paper/doc about best practices?
View 3 Replies View RelatedTrying to delete injected code (one line) into multiple .php and .html files of a server with sed command but it seems there is a problem with sed when " and / are included in the string to be deleted.The string that needs to be deleted is <img heigth="1" width="1" border="0" src="http://imgddd.net/t.php?id=16382836"> However the last part of the string (id=########) is not constant (the number is variable) so I used the following:find /home -type f -iname index.html* -o -iname index.php* -o -iname index.html* -o -iname index**| while read FILE; do sed -i "s|<img heigth="1" width="1" border="0" rc="http:\imgddd.net*">||g" "${FILE}"; doneFor some reason it successfuly deleted the injection on .html files but NOT in .php files
View 8 Replies View Related