Ubuntu Security :: Undesired Access Attempt To Localhost
Jun 29, 2011
While investigating my localhost access logs during an investigation to resolve locking myself out of my own server(!) I noticed this recent access attempt from a proxy referrer. I wouldn't expect this on a local server - currently set to listen on 127.0.01. The request was 403 forbidden, but surely the request should not have even reached this far? Is this an example of an unauthorised access attempt? I don't think it is me because all of my usual access requests are in moz 5 and im logged in to linux currently.
Note please do not click this link as I do not know where it leads ^^^^! (and i dont know how to disable it on this forum)
View 8 Replies
ADVERTISEMENT
Jun 25, 2011
I am looking for a file monitor to tell me when a file was attempted to be accessed, but was denied. A windows equivalent could be the auditing feature in server 2k3. I don't know which account or which file is attempting to access or be accessed, but I was hoping something built into Linux would support some sort of file auditing for security purposes.
View 2 Replies
View Related
Nov 19, 2010
Just like the title says, if I were to try to run anything through gksu and accidentally put in an incorrect password, instead of the gksu window coming up again, it would just terminate.
Code:
theyain@theyain-laptop:~$ gksu update-manager
GNOME_SUDO_PASSGNOME_SUDO_PASSSorry, try again.
sudo: 3 incorrect password attempts
Whats interesting is that it gives me the sudo error after only one incorrect password attempt.
View 8 Replies
View Related
Jul 6, 2010
I have a LVM snapshot that triggers these kernel errors when any LVM-related commands run:
Jul 6 10:31:38 itmanager kernel: attempt to access beyond end of device
Jul 6 10:31:38 itmanager kernel: dm-28: rw=0, want=66156996183394672, limit=25165824
dm-28 is the snapshot volume in device mapper. I think this error is generated because most LVM commands will check the first 4K of various drives and volumes for LVM metadata and labels, but attempts to read any of the first eight sectors (ie: 4K) of this particular snapshot logical volume trigger this error.The most interesting thing is that the snapshot is 25165824 sectors long (12G), but attempts to access the first eight sectors result in an attempt to access sector 66156996183394672!I've obtained an info dump from getinfo.sh disk, and added the output from lvs. You can find the results here:URL.. It's not as if the sectors that back the first 4K of the volume are corrupt, either: the read request never hits any hardware because the read request is attempting to read a non-sensical sector, instead of the correct sector. Perhaps the COW metadata for the snapshot is corrupt?
How do I find the cause of this problem?Is this a critical error that I should file a bug report for?I first noticed this some time after turning the machine on Sunday afternoon.As far as I can tell from the logs, the shutdown the previous evening was normal.I use LVM fairly heavily on this machine, and this is the first time I've ever seen this kind of problem..I've worked around the problem by copying the first eight sectors from the Origin volume, and the rest from the Snapshot volume, to a new normal logical volume.However, I'm still concerned about how this error occurred in the first place.
View 1 Replies
View Related
Aug 11, 2009
I keep getting hundreds of SSH failed logins per day. Is there a way with iptables, i can say if a user connects too to port 22 over 8 times in 10 minuntes, then block them for an hour?
View 7 Replies
View Related
Mar 3, 2010
A few minutes ago I was using google chrome when suddenly the scroll-lock indicator on my keyboard turned on... I pressed the scroll-lock key, but nothing happened, the light remained. I opened a terminal and ran "top" to find what processes were running when I was automatically logged out. I logged back and checked the logs and found the following entries in my auth.log:
Code:
CRON[2971]: pam_unix(cron:session): session opened for user root by (uid=0)
CRON[2971]: pam_unix(cron:session): session closed for user root
[code]....
View 1 Replies
View Related
Feb 17, 2009
I'm experiencing some strange issues with a C5 installation on a Dell server with a QLA2460 HBA. When it boots up, I got a lot of these messages on dmesg:
[Code]...
View 4 Replies
View Related
Aug 2, 2010
Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?
View 9 Replies
View Related
Jan 16, 2011
I learned that, even while on Linux, using Iceweasel/Firefox 3.0.6 is not safe. So I tried to update the browser for my PPC G4 iMac (256 MB RAM, 800 MHz processor).
1. I downloaded a backported Iceweasel .deb from URL...
2. I then tried to install it with dpkg -i PathToIceweasel.deb
3. There was an error. I remember seeing xulrunner-1.9.1 is not installed. I tried to install that with apt-get but it was not available.
4. Now when I click on web browser I get the error "Failed to execute default Web Browser: Input/Output error".
5. What can I do without having to reinstall?
View 11 Replies
View Related
Jan 7, 2011
I want to filter and block failed attempt to access my proftp server. Here are few line from the /var/log/secure file:Quote:
Jan 2 18:38:25 server1 proftpd[17847]: server1.XYZ.com (93.218.93.95[93.218.93.95]) - Maximum login attempts (3) exceeded
Jan 2 18:38:27 server1 proftpd[17864]: server1.XYZ.com (93.218.93.95[93.218.93.95]) -
[code]....
View 9 Replies
View Related
Aug 30, 2010
the following security alert made me checking my httpd.conf:
Code:
Summary:
SELinux is preventing the http daemon from reading users' home directories. Detailed Description: SELinux has denied the http daemon access to users' home directories. Someone is attempting to access your home directories via your http daemon. If you have not setup httpd to share home directories, this probably signals an intrusion attempt. Even though in httpd.conf there is a line that reads
Code:
LoadModule userdir_module modules/mod_userdir.so
in the same conf-file the access to home-dirs is disabled:
Code:
<IfModule mod_userdir.c>
[Code]....
View 12 Replies
View Related
Dec 1, 2010
I have set up a user to login remotely to our Red Hat 5 server via SSH. A rule in our department firewall enables this user to login from a single static ip address. The ssh port on our server is 22. I am able to login to port 22 from locations within our department firewall. Our administrator says the firewall configuration is unchanged. The remote user had been successful logging in. But now the remote user gets a Connection Timed Out message, before being asked to authenticate by the server.
I regenerated security keys, but the remote user still gets the connection timed out message. (I can login locally with the new keys). I suspect either a firewall or an authentication problem--inclining a firewall problem. Am I correct? Is there a Linux command to check whether port 22 is available or blocked, prior even to authentication, for login from the user's remote location?
View 3 Replies
View Related
Jul 7, 2011
I've just reinstalled XAMPP in my machine. Now, I can't get phpmyadmin to work. Before this was okay. But since I lost its password I need to reinstall it again. Now I got it reinstalled, another problem occured. When I enter localhost/phpmyadmin in my browser, it tells me to open the file with a program which is obviously something must be wrong during the installation or the system is screwed. Here's the screenshot:
Another problem is I can't get Apache and MySQL to run using the XAMPP wizard. But by using shell I can get it worked, but when I see the wizard, it just says stopped. What's wrong? Although I have pressed Execute it still can't be run.
From terminal:
Code:
me@me-laptop:~$ sudo /opt/lampp/lampp start
[sudo] password for me:
Starting XAMPP for Linux 1.7.4...
XAMPP: Another web server daemon is already running.
XAMPP: Another MySQL daemon is already running.
XAMPP: XAMPP-ProFTPD is already running.
XAMPP for Linux started.
View 2 Replies
View Related
May 27, 2010
I have a laptop with Apache, MySQL, PHP, etc, and I'm able to work on web programming on my local server while at home, connected to my network. But I would like to be able to work on the local websites when I'm not connected to any networks, both for demonstrating a site, or simply working on it.
I was surprised to find that I could not connect to localhost at all without a network connection. I tried my normal Google for a solution, but, of course, that was futile without a network.
Now, I'm at home, and of course, it works because I have wireless. I don't really want to disconnect that to figure it out, so I thought maybe some nice soul here might know how to do this. Surely it can't be hard, can it? But, it's certainly not obvious.
View 3 Replies
View Related
Aug 18, 2010
I recently installed Ubuntu (normal version) on to my netbook (Samsung N140) and I'm sharing my wireless connection over ethernet to my desktop using the method outlined in the Ubuntu wiki on ICS.
However, I do Ruby on Rails development, so run a local server on the netbook. I found out yesterday while working remotely that I cannot access 'localhost:3000' while I have no internet connection, and I get an error about 'sendmsg: operation not permitted' if I try to ping localhost. Likewise, I cannot access 127.0.0.1 the same way.
View 3 Replies
View Related
May 25, 2011
I am not able to access my system on 22 port:
$ telnet localhost 22
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
When I try to start sshd service it shows command not found:
# /etc/init.d/sshd start
Starting sshd:/bin/bash: sshd: command not found
[Code].....
View 14 Replies
View Related
Sep 28, 2010
After installing SuSE 11.3 with KDE 4.4.4 "release 2", if find the followingrather annoying behavior:After dragging a window by its titlebar along the top edge of the screenand releasing it, in invariably maximizes. Dragging the same window belowthe edge and then moving it vertically up, it stays as is (and as desired).Found no related settings in "system setup - window behavior".
View 8 Replies
View Related
Dec 16, 2010
A few days ago I had a problem with my screen resolution after a safe-upgrade. I struggled a little but I finally downgraded and pinned the intel driver. But now, each time I turn my computer on I get a notification of "1 update aviable" I've checked and the update is correctly pinned (I used keep and forbid-version), it does not upgrade. As you can see, this is not critical, but I would apreciate a fix.
Details:
Debian sqeeze/sid with KDE4 on Acer Aspire One ZG5. I manage my programs with aptitude.
View 3 Replies
View Related
Apr 25, 2009
I just upgraded from Ubuntu 8.10 to 9.04. I installed Webmin 1.470 but when I tried to run it from Firefox 3.09 I got the following message.
localhost:10000 uses an invalid security certificate. The certificate is not trusted because it is self signed. (Error code: sec_error_untrusted_issuer).
Never had this problem with Ubuntu 8.04.
View 9 Replies
View Related
Sep 21, 2010
I need to test an application on a Ubuntu Server that works as a database server for the network.
On this server's /etc/mysql/my.cnf, I have:
Code:
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
bind-address = <server-ip-address>
This means that I can't access the mysql server from 127.0.0.1, right?
I tried adding the following entry to /etc/hosts.allow :
Code:
mysqld : 127.0.0.1 : allow
I feel like I need to restart the service that reads /etc/hosts.allow, is this approach correct?
Or on /etc/mysql/my.cnf I can have two (or more) bind-addresses entries?
View 5 Replies
View Related
May 15, 2011
i was hoping that someone in here could possibly help me out with my iptables rule set. First here is what i would like iptables to do, i want iptables to deny all packets or traffic from the outside coming in and for output allow the things i need like web and irc etc... Also, i would like iptables to deny access to all services like sendmail and ssh except i would like localhost to have access to everything. What i mean by localhost is that when i run my iptables script it loads fine except when i try ssh from localhost i get this output:ssh -l user localhostssh_exchange_identification: Connection closed by remote hostI know what most of you are thinking, why do i need to ssh into localhost from localhost just open another terminal, well i am getting myself familiar with iptables i want all services logged and blocked but not from localhost. I cant seem to figure out this problem and i have tried several different things. Here is my iptables script, I am hoping that someone out there can tell me what i am doing wrong...
#!/bin/bash
iptables -v -F;
iptables -v -A INPUT -i lo -j ACCEPT;
[code]....
View 5 Replies
View Related
Feb 16, 2011
Let's say you have a host with some kind of locally installed root kit detector/scanner.
If someone managed to get root access to that box. Wouldn't the first thing to do, before installing a root kit, be to remove any kind root kit detector?
View 3 Replies
View Related
Jun 16, 2011
I already installed apache 2 & php 5 .. but I don't know where I create .php pages so I can access them using http://localhost
View 4 Replies
View Related
Jun 1, 2010
I'm running Fedora 12 on x86_64. I've installed squirrelmail, along with dovecot on my office server, and cannot access it through http://localhost/webmail. I have followed all the configuration steps I could find (including http://www.server-world.info/en/note...12&p=httpd&f=7).
I know that everything else is working (I can send and receive mail, access IMAP mailboxes, webserver is working), browsing to
http://localhost/webmail
just gives me
"Problem loading page"
in Firefox. Sometimes, however the message is "Unable to connect."
I will add that I already tried installing Squirrelmail on another (i686) machine and had exactly the same problem.
/var/log/httpd/error_log says:
File does not exist: /var/www/html/squirrelmail
This makes it seem like aliasing is not working somehow.
View 3 Replies
View Related
Jul 3, 2011
i setup a localhost in my system. but am not getting access to the phpmyadmin by entering the user name and password i entered at the time of set up. the /etc/phpmyadmin/config-db.php file is shown below.
<?php
##
## database access settings in php format
## automatically generated from /etc/dbconfig-common/phpmyadmin.conf
## by /usr/sbin/dbconfig-generate-include
[code]....
when i access http://localhost/phpmyadmin/ , the login screen appears but entering the username and password as in the file gives the error #1405 cannot log into mysql server.
View 3 Replies
View Related
Dec 14, 2010
ubuntu terminal. I have installed mysql-server, but i have no access. I have set the password during installation process.
Used command:
mysql -u root -p
error message:
[code]....
View 3 Replies
View Related
Jun 13, 2010
Can't access localhost test page, but opens localhost page when I use full dns, at least from local network machines?
Running slackware13.1, Httpd2.2.15, 2wire gateway. Firewall web&http pinholes for ports 80,443. Port 80 is working.
Code:
Returns error:
Quote:
Code:
Code:
Added 4400host.net to Resolve DNS on 2Wire Gateway(Never had to do this before to access httpd test from same machine or network machine?
Changed HTTPD.conf
Code:
Code:
Quote:
"It Works!"
Never encountered this before, usually httpd test worked for "localhost" with minimal effort. I am concerned to procceed with this odd behavior. Has anyone else encountered this configuration is?
View 5 Replies
View Related
Jan 27, 2009
I followed this tutorial for setting up my server. Whatever I type into mysql or mysqladmin all I get back is Quote:ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
View 1 Replies
View Related
Jan 30, 2010
i have fedora 11 installed in my laptop and apache server by default. after starting httpd and mysqld services i was able to access localhost through browser.(e.g. [URL]). before installing phpMyAdmin everything goes right. after installing phpMyAdmin it created problem in localhost. now typing [URL] it opens joomla site but without images and without intending of content. when i type [URL] in browser it ask for user name and password. i already provide user name(root) and password(my_root_password) in /etc/phpMyAdmin/config.inc.php. but it doesnt open.
View 1 Replies
View Related
Mar 14, 2011
I did something silly and changed my root user access for mysql access to Any from localhost using webmin. I get an access dented when i try to open up the mysql editing page on webmin. Can any of you tell me if there is a way to change it back to hosts=localhost I am using webmin 1.5.30 on Centos 5.5. I am hoping I can change it by command line or if I can access the config files and change it that way?
View 2 Replies
View Related
