On IIS6 many of thesite are under cross scripting attack I tried by remove the the code but it affects again after some time I reset the ftp password and passowrd is a combination of complex alpna numeric character.I have cheked the permission it is ok.
How you guys fight with cross dcripting attack.
I've used Servage for about 18 months. For most of that time there have been no problems. Then they decided to upgrade the cluster. This happened 3 weeks ago. Since then, there has been a catalogue of problems, mostly centred around a Perl script my site uses to implement a wiki.
The first problem was that they had removed four of the supporting Perl modules used by my Perl script. All of the missing modules are ones you would expect to find on any server that claims to support Perl. They had warned that this might happen (obviously too difficult for them to make sure that the upgraded server has all the Perl modules) so I notified them with a list of missing modules expecting the modules to be restored quickly. It actually took 1 week, during which time their support team tried their best to annoy me by giving responses related to PHP (apparently they'd managed to kill PHP scripting completely) and a non-working link to a list of installed modules (I knew what was installed already).
Having now got the script running, I hit a further problem. Prior to the upgrade the script had run under the "webserver" account. It was now running under the "you" account. This meant it couldn't write to its own data files. I had real trouble getting Servage to understand this one, let alone fix it. Most of their answers were about how to change the ownership of my script, which makes absolutely no difference to the problem. Eventually, after 4 days, they tried to fix the problem. The result was that my website became completely inaccessible. Even the static content was giving a 403 error. Again, it took support a while to understand the problem and about 1.5 days to fix it.
At this point Servage claimed to have fixed all outstanding issues. However, my script was still running under the wrong account. In frustration, I changed the ownership of all the script's data files to "you", which at least got my wiki running again.
However, I now find that people can't upload images to the site. Any attempt to do so produces an error "CGI open of tmpfile: Permission denied".
I've given up. I think my chances of getting Servage to even understand the problem are minimal. I'm not even going to try. I will be moving to another host as soon as possible - probably a VPS. That way I should be able to fix most problems myself.
I am currently trying to create a bash script which I will run off a loop with a sleep interval that will query tcpdump (udp packets only) on a network interface, and is looking for length 10 packets.
So far so good, not that hard to code I know (Already made it / coded it this far perfectly). Now here is the tricky part, I only want the bash script to identify IP's that have sent over 15 packets with the length of 10. (This is the part that I can't seem to find a way to code).
I was thinking, from the output maybe to calculate the number of lines with the same equal IP's.
Once this script identifies that, it will automatically run a command which I have set. (Quite easy, and I can do this).
I am looking for someone to help me with this. It is a fairly simple and quick job (editing the script I have at the moment). I am willing to also pay (if needed) an amount for this to be completed too. Obvieusly not that much, but still something I am sure we can work out.
I have my site in asp scripting but it was suspended yesterday because of high resource usage on shared server. Thats why am looking for VPS, though it is difficult to find a good windows VPS, so i have decided to get a Linux VPS. But am confused that whether a linux vps will meet my requirement.
My site is using asp scripting with access databases on backend. I can host my access databases on a windows server and can provide the link in connection string. So, will webserver on a linux server be able to execute my asp scripting fine as IIS do on windows server.
Also i have music section that plays file in .wma format using windows media player, as i have used embedded object for windows media player. So there must be windows media player installed on linux server.
whether it is good decision to host site on linux server and will my objective be met in this case.
I currently have a script with code below that works great when the permissions on the dbconnect.php file are 755. The problem with this is that anyone on the web can see this config file which contains passwords DOH! If I change it to 751, then it tells me "cannot connect". The user and group on both the page and this script are the same.
With apache, i use the setting to store http and https files in the same directory.
Any ideas how to make this a little more secure? Changing the permission to 751 would do the trick but then it breaks the script. I don't understand why the script would be running taking "other" permissions into account...it should be running with "user" permissions instead. it might even have something to do with who the apache executable is running as...
<?php
include("../../../cgi-bin/dbconnect.php");
// Connect to server and select database.
mysql_connect("$databasehost", "$dbuser", "$dbpword")or die("cannot connect");
mysql_select_db("$dbname")or die("cannot select DB");
I'm writing an inode and directory size counter, but hit a snag with directories that contain a space.
Simple code, finds all directories within a folder, sets the current directory:
for i in `find . -type d`; do ls $i; done
Looks correct? It works great, until you hit directories with spaces. So I try the following methods:
for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
for i in `find . -type d|sed 's/ / /g'`; do ls "$i"; done
What is happening is, at the ( for i in ), it treats each item at the first break, if its
or a ' '. Is there a flag I can set to make it only use
? When I pipe the data, it sends each chunk of the directory through.
[root@home /home/mindbend/dev_html]# for i in `find . -type d|sed 's/ / /g'`; do ls $i; done
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3: No such file or directory
ls: ./test: No such file or directory
ls: ing: No such file or directory
ls: 12: No such file or directory
ls: 3/test: No such file or directory
ls: 2: No such file or directory
# ls -d test ing 12 3/
test ing 12 3/
#ls -d test ing 12 3/test 2/
test ing 12 3/test 2/
GNU bash, version 3.2.39(1)-release (i386-portbld-freebsd7.1)
Copyright (C) 2007 Free Software Foundation, Inc.
Issue exists on linux and freebsd, same code.
I tried grant a user to have access to a database via a shell script.
Database 'userdb' and user 'user1' are already setup.
This is my code .
Code:
#!/bin/sh
mysql -u root -pROOTPASS <<!
grant all privileges on userdb.* to user1@localhost
identified by 'dbpasswd' with grant option;
!
The code doesn't work.
I have a facility that offers racks and bandwidth (expensive), however the same facility is a POP for Cogent as well, who after I contacted informed me that I can buy bandwidth from them directly and just have the racks with said facility.
Now, besides my servers, do I need to own anything in order for me to mix my 100MB uplink from my Rack provider and Cogent?
I am assuming that with Cogentco I will be able to get IPs more easily and thru them, so if I renew my contract I don't have to migrate class C no matter what datacenter I host (as long as I have cogent in the mix, correct?)
BTW; is it usual to get charged anything for BGP or cross-connect, what do you pay?
I'm getting a cabinet colocation with a provider and on the sales order there is a setup and re-occurring fee for "cross connect". My rep explained it's for the connection from my cabinet to their switch. Is this a typical charge for colocation? I thought cross connect is for connecting from their facility to 3rd party providers.
View 13 Replies View Related# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
That's the wordpress .htaccess
What makes me wonder is if we delete RewriteCond %{REQUEST_FILENAME} !-f, it won't work.
As if there is a recursion. However, there can't be a recursion given the [L] thing right?
I have two RedHat EL 4 boxes linked via a cross-connect. One is a web server (10.0.0.3) and one is a mySQL server (10.0.0.2), the interface between them is eth1 on both machines and a second interface eth0 connects to the internet.
I want to use the web server to send queries to the database server via eth1, 10.0.0.2:3306 in this case. If I send a database query via eth1 there is a delay of about 10-20 seconds before the result comes back. If I send the same query to the database server but use it's main IP instead of the internal IP so that the query is being sent to it over the internet (xx.xx.xx.xx:3306), the result comes back instantly.
Similarly, if I send a query from any remote server the result is instant.
Why should there be such a huge delay when sending a query directly through the cross-connect?
The routing table ( ip route show ) for the web server is:
xx.xx.xx.xx/xx dev eth0 proto kernel scope link src xx.xxx.xx.xx
10.0.0.0/24 dev eth1 proto kernel scope link src 10.0.0.3
default via xx.xx.xx.xx dev eth0
and the routing table on the database server is:
xx.xx.xx.xx/xx dev eth0 proto kernel scope link src xx.xx.xx.xx
10.0.0.0/8 dev eth1 proto kernel scope link src 10.0.0.2
default via xx.xx.xx.xx dev eth0
I have ifcfg-eth1 on both boxes:
DEVICE=eth1
ONBOOT=yes
TYPE=Ethernet
IPADDR=10.0.0.3 / 10.0.0.2
NETMASK=255.255.255.0
Both boxes can ping each other and transfer files using wget without any apparant problems or delays.
Anyone have any ideas on how to fix this 10-20 second delay when sending queries through the cross-connect?
I would like to make a cgi cross platforms. Some servers are running Ubuntu server, 32 bit others are running Centos 64 bit and so one. How do i make a cgi script that run well at least for Linux based operating systems such as Debian, Ubuntu, RedHat and so one ?
View 1 Replies View RelatedI have two VPS's, VPS1 has one vbulletin community. VPS2 has about 10 cpanel accounts, mostly email, a blog site, etc. Both VPS's well under 10 gig in size not including any backups stored on the VPS.
For the more important VPS, VPS1, I am packaging the cpanel account (50mb) and SCPing it to VPS2.
I am also running pckgacct on the cpanel accounts on VPS2 (about 2 gig total, 1 tar.gz is 1.5gb, three others around 250mb, others smaller) and storing them on VPS2.
I then have WS_FTP scheduled to download the cpanel tar.gz files each night to a local machine.
I also have WHM setup to do daily incremental backups, but am not moving any of these offsite.
So, it seems I have three options:
Keep doing what I am doing.
Keep moving VPS1 tar.gz files to VPS2, but also start moving VPS2 tar.gz files to VPS1.
Start moving tar.gz files (or raw files with rsync) to offsite storage.
I'm curious on some feedback about the three options. These are personal sites, I am not reselling any sites/packages.
It seems like from a data security standpoint (email and stuff), the more 'locations' introduced into the loop, the less security there will be. Does anyone get concerned about moving their email and other data to offsite storage services?
As I said, I have a technical solution currently working, but I am wondering about the theory/data protection aspects of the various options for going forward.
How much do cross connect fees cost in the Equnix/Dallas Infomart and a Level3 owned datacenter? Is it priced according to what size circuit?
View 1 Replies View Relatedi am about to sign up for equinix's colocation service in LA. I am just curious if anyone else is paying similarly outrageous cross connect fees.. they are charging $300 for ethernet, and $200 for DS3.
View 14 Replies View RelatedI'm trying to set up a login script on twenty subdomains that will be checked on another subdomain. I've found this example for different domains and figure it should be simple enough to utilise but my ereg is crappy
<IfModule mod_headers.c>SetEnvIf Origin "http(s)?://(www.)?(domain1.com|domain2.com)$" AccessControlAllowOrigin=$0$1Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin</IfModule>
apperently cPanel does not wish to fix a cross-site request forgery because it would be a so called feature. Maybe due the weekend someone had a drink to many
Anyways ; from The register:
Quote:
The vulnerability in cPanel is triggered by luring a user to a malicious website while logged in to the program, which is one of the most widely used web-hosting applications.
The attack is able to trick cPanel into carrying out sensitive commands by making it appear as if they came from the victim.
"If you logged in as root and you hit my website or you hit any website I control, I can do anything I want," Bailey said. "I can reset your root password, I can upgrade software, I can modify any setting I want. That's scary and that's bad."
Even more troubling, Bailey continued, was the reply he got when he notified cPanel officials of the bug. "The response I got from cPanel was we can't fix this because it's a feature. Apparently, they're worried it's going to break integration with third party billing software, so they can't fix this."
if anyone have experience with remote MySQL server setup
I have 2 servers in the same datacenter, 1 serve as web server, and 1 serve as mysql server.
would my remote MySQL server slows down my site load if it's not connected through cross cable? it's on the same datacenter though
We have following rule in httpd-vhosts.conf and it was working all ok.
All of sudden we have found on one day that it stopped working and we did some configuration tweak with this rule but none of them worked.
During troubleshooting, last change was disabling mod_security and after that it started working again. However, next day we had again enabled mod_security to get issue replicated but found it working all ok.
Any clue for such behaviour of Apache ? Why all of sudden following working rule may get stopped working and then starts working again ?
<IfModule mod_headers.c>
SetEnvIf Origin "https://(www.)?(v1.abc.com|v1ak.abc.com|v2.asite.com)$" AccessControlAllowOrigin=$0$1
Header Set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header Set Access-Control-Allow-Credentials "true"
Header Set Access-Control-Allow-Methods "GET, POST, OPTIONS"
Header Set Access-Control-Allow-Headers "origin, content-type, accept, X-Requested-With"
Header always unset Expires
</IfModule>
OS and Apache Version details are below:
Apache Version :2.2.27(win32), OS: Windows 2008 R2, ModSecurity Rule Set ver.1.5
OP: Linux Centos
I just got an additional 500GB hard drive added and mounted it to /home2
There are files that are in /home1 (orginal HD) that will need to be constantly moved over to /home2 via a ftp
But i keep getting this error
550 Rename/move failure: Invalid cross-device link
Does anyone have any ideas? I tried changing permissions but no luck also tried mounting the 2nd hard drive within a directory in /home1. Still gives the error.
Quote:
Mar 10 20:17:55 host kernel: printk: 102 messages suppressed.
Mar 10 20:17:56 host kernel: printk: 3 messages suppressed.
Mar 10 20:18:01 host kernel: printk: 98 messages suppressed.
Mar 10 20:18:35 host kernel: printk: 34 messages suppressed.
Mar 10 20:18:51 host kernel: printk: 189 messages suppressed.
Mar 10 20:18:56 host kernel: printk: 195 messages suppressed.
Mar 10 20:19:02 host kernel: printk: 249 messages suppressed.
Mar 10 20:19:06 host kernel: printk: 36 messages suppressed.
Mar 10 20:19:21 host kernel: printk: 3 messages suppressed.
Mar 10 20:19:26 host kernel: printk: 342 messages suppressed.
Mar 10 20:19:31 host kernel: printk: 509 messages suppressed.
Mar 10 20:19:47 host kernel: printk: 54 messages suppressed.
Mar 10 20:19:51 host kernel: printk: 421 messages suppressed.
Mar 10 20:19:56 host kernel: printk: 542 messages suppressed.
Mar 10 20:20:01 host kernel: printk: 785 messages suppressed.
Mar 10 20:20:16 host kernel: printk: 340 messages suppressed.
Mar 10 20:20:21 host kernel: printk: 337 messages suppressed.
Mar 10 20:20:26 host kernel: printk: 430 messages suppressed.
Or is this something else? It's been going on for about 40 minutes. I seen my load jump to 20, to 100 and back and fourth
I'm sure that i have Trojans and Viruses on my Server but every time i contacted My Company they ask me to pay money and then they will check and scan my server
so is it any Free application which can scan and remove all bad files on my Server? i'm looking for free applications to scan the whole server
My server stop responding, I couldn't access via webmin or ssh, and DNS were not responding, so I have to ask for a reboot and now everything is fine.
Looking at the logs I found this:
Code:
Jul 18 19:23:12 server sshd[18484]: Failed password for root from 61.145.196.117 port 56817 ssh2
Jul 18 19:23:12 server sshd[18485]: Failed password for root from 61.145.196.117 port 60227 ssh2
Jul 18 19:23:13 server sshd[18488]: Failed password for root from 61.145.196.117 port 38038 ssh2
Jul 18 19:23:15 server sshd[18493]: Failed password for root from 61.145.196.117 port 49884 ssh2
Jul 18 19:24:30 server sshd[18497]: Failed password for root from 61.145.196.117 port 37929 ssh2
Jul 18 19:25:06 server sshd[18521]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:09 server sshd[18508]: Did not receive identification string from 61.145.196.117
Jul 18 19:25:14 server sshd[18505]: fatal: Timeout before authentication for UNKNOWN
Jul 18 19:26:00 server sshd[18509]: Did not receive identification string from 61.145.196.117
And searching that IP on google I found it here: http://www.tcc.edu.tw/netbase/net/in...?fun=240&prd=3
And is flagged as a SSH Attack.
Any ideas why my server stopped working? and how to prevent it?
Im using CentOS 5.0
i found my site load slowly, the cpu load is good. I run this command
[root@host ~]# netstat -nap |grep SYN |wc -l
526
It's seem my server is having problem with SYN attack. Is there anyway to protect it ?
I'm running apache 2.
My site currently in prolong HTTP flood attack since 2 weeks ago. The attack was never stop and for this moment i could only mitigate the attack using my own firewall (hardware).
Since my ISP is not interested to help from upstream, even provide any mitigation services, i could only doing mitigation on my own source or using proxy services alternatively as well, but i've chose to tried on my own. I've tried once on one of well-known mitigation services out there but it seems not fully satisfied me since most of legitimate traffic is blocked from their source.
What i could do now is keep staying alive as well as will not going down on whatever situation becomes worst (but if the attack change to udp attack, i couldn't help myself coz there must be high incoming bandwidth into my network). My network is totaling 10MB last time but since this attack i've been forced to subscribe for 30MB in order to keep balance on the attack.
I've blocked all access except for my country and some other neighbours. If i change policy to allow all countries, the load of firewall will become max and after that hang will hang in less than a minute. I've done load balancing of 4 servers (8GB memory each one) and it seems the condition is getting under control with slight problem of server hang (memory shortage) and very limited keep alive connection.
Now what am i thinking is to buy a router objectively to null route incoming specific IP of countries so i can change my firewall policy to allow all connections as well as to help the firewall itself release its burden halting blocked IP that currently keep hitting itself that could might impact its performance.
Which brands of router is possible doing this thing?
Do you have some other suggestions instead of buying router?
i am just having one issue in one of my highly visited website hangibar.com, its being hosted in softlayer, we are facing synattack too much in this website.
the solution which microsoft given in their website related with tcp/ip registry entry but thing is same , some where and some connections become increases too much over tcp/ip. due to that reason website become very sticky and it stop functioning the execution of sql process, during this issue i have to restart the server to establish a fresh connection.
im getting a syn attack and my vps getting overloaded what im doing is banning ip's that gets most connections
after banning server get normal but if there anyway to stop this post method
My server is under dos attack (http) , I have installed APF firewall and ddos deflate. I configure them to work together.
now if any IP with more than 100 connections is black listed by dos deflate, I can see it in apf's deny_hosts.rules file.
everything seems correct, but my server still very slow.
the ip which is causing that has more than 1000 request and is blacklisted.
There are lot of perl process with 100% usage on server. When i tried to view error_log it shows following:
[root@local ~]# tail -f /var/log/httpd/error_log
=> `Lnx.txt'
Resolving gihkus.com... 208.98.48.116
Connecting to gihkus.com|208.98.48.116|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 16,577 (16K) [text/plain]
0K .......... ...... 100% 316.78 KB/s
05:26:03 (316.78 KB/s) - `Lnx.txt' saved [16577/16577]
When i tried to view this http://gihkus.com/Lnx.txt it seems to be attack on my server. http://gihkus.com/Lnx.txt is not hosted by us. I have disabled perl support on all domains hosted on our server but still we are under attack. There is nothing special in /tmp.
Over the past day one of my servers has seen a huge rise in incomming traffic (from normal web requests to a constant 4Mbit/s, peaking upto 80Mbit/s). My outgoing traffic has remained at its normal profile, so I am pretty sure that these are not web requests, and it does not seem to be having an adverse effect on the server (the site still runs perfectly well and quick and load is still less than 1).
However, I am unsure as to how to identify what this traffic is? Are there any easy ways to tell on a FreeBSD server what the source and type of incomming traffic is? I have tried playing with netstat, but an not getting anything useful - I would like to see which ports are involved.
