Defend Against Browser Spoofing
Aug 10, 2008How do you defend against browser spoofing? From the tutorials shown at [url]. it seems really easy to spoof a firefox useragent.
View 5 Replies
ADVERTISEMENT
DDoS Attacks :: How To Defend
Nov 24, 2008how to prevent my web servers from DoS attacks?
View 12 Replies View RelatedDNS & Email Spoofing
Aug 4, 2008I got an email "failure delivery notification" but i did not sent that email. It had my email address though.
So I contacted host and got a very quick reply:
Quote:
The is caused due to the email spoofing. Someone was spoofing your email account and sending mails by adding the mail header so that the appears to have originated from the actual source. By setting SPF record correctly in the DNS zone of the domain, we can almost prevent this.
Here The SPF record was not setup correctly. Now we have made some changes in the SPF record in the DNS zone file "/var/named/domainname.com.db".
------------
v=spf1 a mx ip4:67.21.1.226 ?all -----> v=spf1 a mx ip4:67.21.1.226 ~all
------------
Now I can understand that they have quickly fixed the problem. BUT I need to learn more on what is going on here.
I can understand that email spoofing is that spammer is sending email with header that shows it is my email address (which it is not).
But I dont understand the second part that a DNS record fix it.
What does that DNS line mean,
DNS stuff is really complicated and am lost when it comes to it.
When Did Email Spoofing Become Legal
Apr 16, 2008I got a bounced back message that I never sent. I was profoundly shocked to discover (through the header info) that the message originated from dotworlds.net; a site that ostensibly is a spoof email service provider.
Should such sites be allowed to exist?
DNS Spoofing/poisoning Attack Defense
Nov 8, 2007I'm concerned about dns spoofing
As explained here:
w w w. securesphere(dot)net/download/papers/dnsspoof.htm
I note the recommendations:
- To limit the cache and check that it's not keeping additional records.
- Not to make security systems to use/rely on DNS.
- Use cryptography like SSL, even if the problem remains the same, it increase difficulty level for the attacker (See article on Man in the Middle)
I did not on another site that the latest version of BIND for DNS should be installed.
I'm quite sure I'm being attacked in this way by a guy on the same network as my numerous commercial websites.
I'm setting a new server. I'm getting my own name server.
What steps should I take to best protect my self and my business against these attacks please?
(firewall? tips etc beside the above?) Please let me know as I want to set up and have a better than even bet I have shaken the guy.
How To Prevent Spoofing From Postfix/local Part
Apr 29, 2009I have similar problem that explained [url]
The detail of my problem is below:
Some people sent spoofing mails from our mail users sent to our user from Postfix/local that is listed in maillog like below:
Apr 29 16:57:02 ns1 postfix/local[3075]: EC2153565E3: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=486, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
Bu i do not know how to prevent this people not to use my Postfix/local delivery part. How can i prevent this attack?
When i connect to my mail server to sent or receive my mail it look like
Apr 29 17:25:28 ns1 dovecot: pop3-login: Login: user=<user@mydomain.com>, method=PLAIN, rip=***.***.***.***, lip=***.***.***.***
....
Apr 29 17:25:55 ns1 dovecot: POP3(user@mydomain.com): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0....
But the attackers connect directly like below:
Apr 29 17:29:59 ns1 postfix/local[2456]: 3192E357FD9: to=<user-mydomain.com@ns1.mydns.com>, orig_to=<user@mydomain.com>, relay=local, delay=261, status=sent (delivered to command: /usr/bin/procmail-wrapper -o -a $DOMAIN -d $LOGNAME)
....
Apr 29 17:29:59 ns1 postfix/qmgr[2218]: 3192E357FD9: removed
How can the spammer connect to Postfix/local part? My mail server not open relay. i test it from internet.
Stop Spammers From Spoofing My Email Domain
May 4, 2007Is there any way to stop spammers from spoofing my address? I've had issues ever since I started this server with getting bounced spam where the "From:" field was (jibberish)@mydomain.com which was annoying but not that constant.
I came online this morning to check my mail and had over 1200 e-mails and all of them have "online@wellsfargo.com" as the "From:" address, but the message-ID has my domain name in it..
Quote:
------ This is a copy of the message, including all the headers. ------
Return-path: <nobody@host.mydomain.com>
Received: from nobody by host.mydomain.com with local (Exim 4.63)
(envelope-from <nobody@host.mydomain.com>)
id 1Hju9b-0002y3-TH
for lwilder1999@yahoo.com; Fri, 04 May 2007 05:32:43 -0400
To: lwilder1999@yahoo.com
Subject: Update Your Account Records
From: Wells Fargo Online <online@wellsfargo.com>
Reply-To:
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: 8bit
Message-Id: <E1Hju9b-0002y3-TH@host.mydomain.com>
Date: Fri, 04 May 2007 05:32:43 -0400
There's gotta be some way (make that 1204.. just got 4 more bounces) to block spammers from doing this. Could someone help a newbie out?
Cant See Gmail At Browser
Oct 6, 2008I cant access gmail from my internet connection, but google is opening and also all other emils are opend(yahoo,aol...). Im using windows 2000 OS. Is it a problm of mail server of gmai?
View 4 Replies View RelatedStrange Browser Agent
May 10, 2009i recently got multiple logs regarding this weird browser user agent,
Browser Agent:
XXX<? echo "w0000t"; ?>XXX
anyone have information regarding this?
Downloading Using Browser On Linux
Mar 15, 2008I'm trying to download this 1 GB file on my Linux server CentOS. But its requiring me to enter a Captcha image which doesn't show up using Elinks or Lynx the two browser I tried.
Wget was my first thing that I tried but that wouldnt work since its impossible to enter the captcha using wget command.
So I need some help how should I download this to my server I'm on Slow DSL connection and it would take weeks to download 1 GB using my desktop and then reuploading it again to server using FTP.
How To Access Ftp From A Browser (for Cpanel)
Mar 25, 2007I know that if you want to access your ftp account from a browser you use this link format:
ftp://username : password@yourdomain.com
But what happens when your usersame is in the form of: username@yourdomain.com
How can I access my ftp from a browser then?
Dedicated Hosting For A Browser Game
Jan 7, 2009i run a browser based game in (php/mysql/javascript) and i currently have noticing with the growing numbers of players that my shared hosting is not going to handle the load, obviously.
i am not sure if this is the right place to ask but are there any hosting companies out there willing to negotiate a deal where they provide hosting for such a thing in return of advertising?
we havent even began to advertise the game and expand it, it will reach thousands of players easely... we would need atleast 2 highend boxes to split up the database from the webserver.
That SSL Invalid Error Shown In A Browser
Apr 21, 2009This is the error i'm getting after i installed my cert.
i did the installation in plesk 9 and it asked for three files:
1. private key
2. certificate
3. CA bundle
for the CA bundle i used the: intermediary_certificate1.cst, intermediary_certificate2.cst, & root_certificate.cst files and in that order.
What could have went wrong? and how can i get rid of this error?
New VPS, Files In Httpdocs Inaccessible Via Browser
Jul 16, 2009My client was rather forcibly moved to a VPS by their host (long story, involving inadequate PHP memory allocations).
I've run sites on MediaTemple's VPS's without any issues. This one, via Network Solutions (not my pick) is driving me nuts. It uses Plesk and Virtuozzo, and is, I believe, running Redhat.
I am able to FTP files into httpdocs, but when I try to pull them up via browser, I get 404's. Additionally, the default landing page persists, even though I deleted their index.html.
I can SSH with root, but have thus far not been able to find my way to httpdocs via command line. Updated: scratch that. Found it. Files are there...
I am accessing solely via IP, as I do not want to redirect the domain until the new site is up and running.
Any thoughts on where I need to be looking for a solution? I'm not really a server person, though this is the first time I've encountered so much trouble. I do not foresee NS support being much help, per prior (recent) experience.
Blocking A Country Using Browser Language
Nov 3, 2008I got a list of IPs from the country i want to block from blockacountry.com and i added them to my .htaccess as I have no access to PF or IP tables firewall.
I am concerned about the server load if I get too many requests from that country to access the webpage, I have been told of a better solution, blocking someone based on the browser language they use, for example for China that is "zh-CN" but I don't know how to implement this and I have not been able to find it through Google, help with this appreciated.
Second thing, anyone knows what happens when someone attempts to access a webpage from a blocked IP? Do they get a "Page not found" or "your IP is blacklisted" message?
If I block by browser language it would be good if the blocking message does not tell the user about this
(Notice that I am aware that blocking by browser language is not a perfect solution).
Addon Domain Browser Location
May 10, 2007I have setup an Addon Domain in cPanel.
[url]is pointing to:
[url]
That is working fine, test it for yourself.
However, I want the URL in the browser to read: [url]but currently as you can see the long URL appears.
How can I make the short clean URL appear in the browser?
Hot Link Prevention And Browser Security
Dec 23, 2007I recently initiated "Hot Link Prevention" on one of my web sites on my Dedicated server (via CPanel). It woks well in re-directing hotlinked images to a small image that says "Unauthorized Hotlink Image." This of course prevents other web sites from leaching my bandwidth. However, I have had a number of people complain that when they visit my forum, they don't get my site's images, but instead see the Unauthorized Hotlink Image. The common thread seems to be the people with the problem are using Security Software. In one case, a guy is using Norton Confidential. Another guy is using some Security software provided by his ISP. I'm guessing that this security software is somehow messing with the Referer in tehir browser and confusing my server into thinking the images are being hotlinked from some other site. Short of turning off Hot Link Prevention, does anyone have any suggestions to tell the folks...are there settings in their Security Software for example that will prevent the problem when they visit my site?
View 4 Replies View RelatedApache :: After Upgrading To 2.4 Does Not Get PHP Output In Browser
Dec 20, 2013I have upgraded to Apache 2.4 and Php 5.5.7. I am not able to get any php script to show output in the browser. Html and text files work fine.
phpinfo works fine and shows output.
Phpmyadmin gives "No data received" in chrome and "The connection was reset" in Firefox.
In command line php -f filename gives me output.
Last lines of my Apache error log:
[mpm_winnt:notice] [pid 2028:tid 376] AH00456: Apache Lounge VC11 Server built: Nov 21 2013 20:13:01
[Fri Dec 20 2013] [core:notice] [pid 2028:tid 376] AH00094: Command line: 'C:Program FilesApache Software FoundationApache24binhttpd.exe -d C:/Program Files/Apache Software Foundation/Apache24'
[Fri Dec 20 2013] [mpm_winnt:notice] [pid 2028:tid 376] AH00418: Parent: Created child process 2628
[Fri Dec 20 2013] [mpm_winnt:notice] [pid 2628:tid 276] AH00354: Child: Starting 64 worker threads.
In Php log it is giving no error.
httpd -t shows: Syntax ok
php -v shows:
PHP 5.5.7 (cli) (built: Dec 11 2013 13:48:27)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies
Apache :: Unable To Access VPS Through Browser
Apr 14, 2014i signed up for vps from vps.me and i got ssh credential i logged in ssh using token2shell but when i put my server ip "10.223.1.157" in google chorome but then it says unable to find even i am not able to access ftp through filezilla also
View 3 Replies View RelatedFTP, Email, Browser Access To Server Not Working
Jun 12, 2007My server was hacked so they did a OS reload. Everything seemed ok then they did the Level 2 Security Plan which includes
Update kernel to the latest release
Update security patches
Thorough security audit
Installation and configuration of firewall
Installation of security updates as released by OS vendor
Installation of security updates as released by Control Panel vendor
Configuration changes as desired by customer
Disabling of unused and insecure services
Removal of insecure packages and unnecessary software
Regular scans for easy-to-guess users passwords
Log auditing for unusual activity
Investigating hacking attempts
Restoring files from backup
Anti-spam configuration
Anti-virus configuration
Anti-DoS/DDoS kernel code tweaking
Default system users removal
SSH server hardening
Mod_Security (Intrusion detection and prevention engine for web applications)
Securing /tmp directory
Kernel tuning with sysctl
Snort (Network Intrusion Detection System)
Acid (Analysis Console for Intrusion Databases)
Smartd (HDD Reliability monitor)
SIM (System Integrity Monitor)
PRM (Process Resource Monitor)
SPRI (System Priority)
BFD (Brute Force Detection)
PMON (Socket Monitor)
Tripwire (keeps track of every file being moved/edited in the system)
CHkrootkit (Rootkit/Exploit scanner reports sent daily)
1. Now I get a timed out message via my browsers IE & Mozilla
2.When I try to FTP into an account I get this message, same message on all accounts.
[06:37:47] Connecting to 72.21.49.74 Port: 21
[06:38:08] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
3. When I try to retrieve my email via Outlook 2007 I get this
Receiving reported error (0x80042108) 0UTLOOK CANNOT CONNECT TO YOUR INCOMING (pop3) EMAIL SERVER
Here are the traceroute results (image below) Note the timed out message
Servstra keeps telling me everything works on their end...... yet I cannot get to the server any longer.
Apache :: Access To WebDAV Folders Via Browser
Mar 19, 2013I am working with an Apple Lion Server. I want to give users the possibility to gain access to certain share points with the webbrowser via the WebDAV protocol. The OS allows to define sharepoints with the GUI. In this GUI you can adjust, that the users are allowed to access the sharepoints via WebDAV but it is not possible to access the folders via a browser. You just get an error from the webserver after a login:
You don't have permission to access /webdav/ on this server.
So I have looked for the relevant configuration file "httpd_webdavsharing.conf" (apache v2.2)
Code:
#
# Apache Config for WebDAV Sharing
# Activated and deactivated by com.apple.webapp.webdavsharing webapp
#
RegisterResource "WebDAV Sharing: %c %s" /webdav main webdav
RewriteEngine On
RewriteMap webdavmap prg:/usr/libexec/webdavsharing/webdavsharing_mapper
[Code] .....
Is there a way to modify the code in such a way that it allows the favoured access?
Plesk 11.x / Linux :: DNS Settings - Show Www In Browser
Dec 12, 2014I want to know what settings to make in the Dns of my Server so always to show the www. in the browser, before the domain name.
For example, in the url to be www.mydomain.com and not mydomain.com
Plesk 12.x / Linux :: IP - Domain Not Resolve On Browser
Jul 13, 2015Apply an IP fix to a specific domain but this domain dont resolve on browser [URL] .....
On chrome i got this : ERR_NETWORK_ACCESS_DENIED
I already disable iptabes and denyhosts
I check on dnsstuff and everything seems good.
I check ifcfg-eth0 file - ok
IP its add into Plesk panel by ToolSetings -ok
Its set on domain by Hosting parameters -ok
Reverse on IP is ok ....
Plesk 12.x / Linux :: Horde - JavaScript Is Either Disabled Or Not Available On Browser
Jul 17, 2015When i try to go to horde after my upgrade from plesk 11.5.30 to plesk 12.0.18, my horde is loading as minimal cause this:
JavaScript is either disabled or not available on your browser. You are restricted to the minimal view.
But my javascript is enabled for this site.
Browser Timing Out/ftp Issues Asia Pacific/Australia/Oceania To US
Aug 11, 2008I have a VPS located in LA, USA.
For over a week now I have had the following network issues:
- browser timing out (for me and visitors to my site)
- ftp connection issues
The server load is low so it's not server related.
Traceroute TO the server appears fine.
Traceroute FROM the server to users IP's appears to have issues over the SingTel/Optus network.
My webhost says it's an issue for SingTel/Optus.
SingTel/Optus Engineer say:
"Our testings point to a problem either within Cogent's network or on a peering link between Cogent and Singtel in LA.
I'd suggest that the owner of the domain (me!) approach his hosting provider and have them escalate to Cogent. We can't escalate to Cogent as we have no peering with them."
So I've been the meat in the sandwich for over a week with no sign of a fix.
My options appear to be to either move the VPS away from the webhost and host it locally (Australia) or to somehow wait for someone to step up and take responsiblity and get this resolved.
My heart says wait as it's not *my* responsibility but it's costing me financially and professionally.
Anyone else experiencing similiar/same issues from the Asia Pacific region to the US?
How Can I Ban A Browser/client Type Http Request In Apache2 Configuration
Feb 15, 2007How can I ban a browser/client type http request in Apache2 configuration?
For example; I would like to redirect all 'Opera' traffic to another URL or ban it altogether.
Apache :: 2.4.4 Forward Proxy - Response Slow When Tested From Browser
Jan 22, 2014I have Configured Apache2.4.4 for forward Proxy and tested from my browser the response is very slow and even not coming complete Response for some requests.
I also Tested the same for Apache2.2 Forward Proxy it is very fast and good.
May I know what is the Problem in Apache 2.4
Is there any Issues in proxy modules (mod_proxy,mod_proxy_connect.so,mod_proxy_http.so) in Apache2.4
This is the same configuration i used for Apache2.2 and Apache2.4
##########################################################################
## Apache Forward proxy
##########################################################################
<IfModule !proxy_module>
LoadModule proxy_module modules/mod_proxy.so
</IfModule>
<IfModule !proxy_connect_module>
LoadModule proxy_connect_module modules/mod_proxy_connect.so
[Code] ....