Hot Link Prevention And Browser Security
Dec 23, 2007
I recently initiated "Hot Link Prevention" on one of my web sites on my Dedicated server (via CPanel). It woks well in re-directing hotlinked images to a small image that says "Unauthorized Hotlink Image." This of course prevents other web sites from leaching my bandwidth. However, I have had a number of people complain that when they visit my forum, they don't get my site's images, but instead see the Unauthorized Hotlink Image. The common thread seems to be the people with the problem are using Security Software. In one case, a guy is using Norton Confidential. Another guy is using some Security software provided by his ISP. I'm guessing that this security software is somehow messing with the Referer in tehir browser and confusing my server into thinking the images are being hotlinked from some other site. Short of turning off Hot Link Prevention, does anyone have any suggestions to tell the folks...are there settings in their Security Software for example that will prevent the problem when they visit my site?
View 4 Replies
ADVERTISEMENT
Mar 30, 2013
I moved my wordpress blog from blog.domain.info to domain.net i own both the tld domains. google search already had the posts from old url indexed. if someone clicks in it it shows 404 error. how do i redirect the traffic from old url to new url via htaccess. I dont want duplicate post on google. how to make the transition? i am confused with many online articles about htaccess redirect.
View 2 Replies
View Related
May 13, 2009
I have searched for prevention methods and explanations on what DoS's and DDoS's are capable of. I was hoping someone could shed some light on free alternatives that would help reduce these attacks or help to make me aware if one were to occur.
Linux Distro: CentOS 5.3
I am not running apache or any web related services on my machine.
I run a dedicated server for the sole purpose of hosting a few game servers. I have already contacted my provider and they offered a $599 /mo plan for prevention. This is unreasonable and I simply cannot afford it. I have been threatened with a DDoS because one of my administrators banned a player constantly creating drama, stress, and breaking rules.
I simply cannot afford a gigantic bandwidth bill and this scare tactic has made me a little weary. Is there anything I can do to reduce the damage?
View 8 Replies
View Related
Apr 27, 2008
I would like to know what are the best ways in preventing a UDP D/DoS Attack. DDoS-Deflate and most programs like that are just for TCP connections, and most of the time only for port 80. What is the best option out there for protection (linux wise) for UDP attacks. I was using shorewall before but it did not do so well so I just switched now to CSF [url] with WebMin and seems to be working ok. Even though thoes are both firewalls, they seem to have some protection against UDP Attacks. Please note this is a server that just hosts some game servers, no webhosting. What would be my best option here?
View 3 Replies
View Related
Jan 10, 2007
I have linux server and like to put somekind of DDOS prevention/protection... what kind of device do I need to purcahse to do this?
can anyone advise on this?
View 3 Replies
View Related
Mar 23, 2009
My host has told me that my forum is coming under a DDOS attack. Once was on Friday March 20th and again today (monday march 23). Before those two, there are attacks almost every week, sometimes twice a week.
The host installed DoS-Deflate. It started blocking legitimate traffic and had to be removed.
The operating system is Linux CentOS, the forum software is VBulletin. The server is a VPS with 1 gig of memory.
Besides DoS-Deflate, what other options are out there?
View 7 Replies
View Related
May 20, 2009
any experience with the DDoS prevention feature provided by SoftLayer?
View 6 Replies
View Related
Oct 27, 2008
Today my server was down cause it was overloaded and when i restart my server its running how to stop such problem in the future
View 10 Replies
View Related
May 12, 2008
i am seeing a lot of Local file inclusion (LFI) and mysql injection attacks quite often directed to php scripts.
what is the way to prevent them? would installing mod_security to apache work?
View 6 Replies
View Related
May 21, 2008
if anyone knows a script that is url rewrite mods that can fix this hotlink issue by having the link url change every 20 minute.
View 2 Replies
View Related
May 21, 2007
I have a VPS from hostforweb.com , and my vps every week under ddos attack and 80-150 connection login to apache...
how can i prevention from ddos attack?
View 3 Replies
View Related
Jun 4, 2008
one of my clients seems to be attracting unwanted attention, it seems as if bots or something along those lines are attempting to exploit my box, while they are unsuccessful it would seem. I was wdonering if there was a rule I could put in Mod_Security that would ban them for attempting to
GET "/awstatsf/logger.php?action=log&type=Hybrid&host=hacked101&"
View 0 Replies
View Related
Oct 6, 2008
I cant access gmail from my internet connection, but google is opening and also all other emils are opend(yahoo,aol...). Im using windows 2000 OS. Is it a problm of mail server of gmai?
View 4 Replies
View Related
May 10, 2009
i recently got multiple logs regarding this weird browser user agent,
Browser Agent:
XXX<? echo "w0000t"; ?>XXX
anyone have information regarding this?
View 3 Replies
View Related
Aug 10, 2008
How do you defend against browser spoofing? From the tutorials shown at [url]. it seems really easy to spoof a firefox useragent.
View 5 Replies
View Related
Mar 15, 2008
I'm trying to download this 1 GB file on my Linux server CentOS. But its requiring me to enter a Captcha image which doesn't show up using Elinks or Lynx the two browser I tried.
Wget was my first thing that I tried but that wouldnt work since its impossible to enter the captcha using wget command.
So I need some help how should I download this to my server I'm on Slow DSL connection and it would take weeks to download 1 GB using my desktop and then reuploading it again to server using FTP.
View 3 Replies
View Related
Mar 25, 2007
I know that if you want to access your ftp account from a browser you use this link format:
ftp://username : password@yourdomain.com
But what happens when your usersame is in the form of: username@yourdomain.com
How can I access my ftp from a browser then?
View 2 Replies
View Related
Jan 7, 2009
i run a browser based game in (php/mysql/javascript) and i currently have noticing with the growing numbers of players that my shared hosting is not going to handle the load, obviously.
i am not sure if this is the right place to ask but are there any hosting companies out there willing to negotiate a deal where they provide hosting for such a thing in return of advertising?
we havent even began to advertise the game and expand it, it will reach thousands of players easely... we would need atleast 2 highend boxes to split up the database from the webserver.
View 7 Replies
View Related
Apr 21, 2009
This is the error i'm getting after i installed my cert.
i did the installation in plesk 9 and it asked for three files:
1. private key
2. certificate
3. CA bundle
for the CA bundle i used the: intermediary_certificate1.cst, intermediary_certificate2.cst, & root_certificate.cst files and in that order.
What could have went wrong? and how can i get rid of this error?
View 3 Replies
View Related
Jul 16, 2009
My client was rather forcibly moved to a VPS by their host (long story, involving inadequate PHP memory allocations).
I've run sites on MediaTemple's VPS's without any issues. This one, via Network Solutions (not my pick) is driving me nuts. It uses Plesk and Virtuozzo, and is, I believe, running Redhat.
I am able to FTP files into httpdocs, but when I try to pull them up via browser, I get 404's. Additionally, the default landing page persists, even though I deleted their index.html.
I can SSH with root, but have thus far not been able to find my way to httpdocs via command line. Updated: scratch that. Found it. Files are there...
I am accessing solely via IP, as I do not want to redirect the domain until the new site is up and running.
Any thoughts on where I need to be looking for a solution? I'm not really a server person, though this is the first time I've encountered so much trouble. I do not foresee NS support being much help, per prior (recent) experience.
View 2 Replies
View Related
Nov 3, 2008
I got a list of IPs from the country i want to block from blockacountry.com and i added them to my .htaccess as I have no access to PF or IP tables firewall.
I am concerned about the server load if I get too many requests from that country to access the webpage, I have been told of a better solution, blocking someone based on the browser language they use, for example for China that is "zh-CN" but I don't know how to implement this and I have not been able to find it through Google, help with this appreciated.
Second thing, anyone knows what happens when someone attempts to access a webpage from a blocked IP? Do they get a "Page not found" or "your IP is blacklisted" message?
If I block by browser language it would be good if the blocking message does not tell the user about this
(Notice that I am aware that blocking by browser language is not a perfect solution).
View 8 Replies
View Related
May 10, 2007
I have setup an Addon Domain in cPanel.
[url]is pointing to:
[url]
That is working fine, test it for yourself.
However, I want the URL in the browser to read: [url]but currently as you can see the long URL appears.
How can I make the short clean URL appear in the browser?
View 5 Replies
View Related
Dec 20, 2013
I have upgraded to Apache 2.4 and Php 5.5.7. I am not able to get any php script to show output in the browser. Html and text files work fine.
phpinfo works fine and shows output.
Phpmyadmin gives "No data received" in chrome and "The connection was reset" in Firefox.
In command line php -f filename gives me output.
Last lines of my Apache error log:
[mpm_winnt:notice] [pid 2028:tid 376] AH00456: Apache Lounge VC11 Server built: Nov 21 2013 20:13:01
[Fri Dec 20 2013] [core:notice] [pid 2028:tid 376] AH00094: Command line: 'C:Program FilesApache Software FoundationApache24binhttpd.exe -d C:/Program Files/Apache Software Foundation/Apache24'
[Fri Dec 20 2013] [mpm_winnt:notice] [pid 2028:tid 376] AH00418: Parent: Created child process 2628
[Fri Dec 20 2013] [mpm_winnt:notice] [pid 2628:tid 276] AH00354: Child: Starting 64 worker threads.
In Php log it is giving no error.
httpd -t shows: Syntax ok
php -v shows:
PHP 5.5.7 (cli) (built: Dec 11 2013 13:48:27)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies
View 2 Replies
View Related
Apr 14, 2014
i signed up for vps from vps.me and i got ssh credential i logged in ssh using token2shell but when i put my server ip "10.223.1.157" in google chorome but then it says unable to find even i am not able to access ftp through filezilla also
View 3 Replies
View Related
Jun 12, 2007
My server was hacked so they did a OS reload. Everything seemed ok then they did the Level 2 Security Plan which includes
Update kernel to the latest release
Update security patches
Thorough security audit
Installation and configuration of firewall
Installation of security updates as released by OS vendor
Installation of security updates as released by Control Panel vendor
Configuration changes as desired by customer
Disabling of unused and insecure services
Removal of insecure packages and unnecessary software
Regular scans for easy-to-guess users passwords
Log auditing for unusual activity
Investigating hacking attempts
Restoring files from backup
Anti-spam configuration
Anti-virus configuration
Anti-DoS/DDoS kernel code tweaking
Default system users removal
SSH server hardening
Mod_Security (Intrusion detection and prevention engine for web applications)
Securing /tmp directory
Kernel tuning with sysctl
Snort (Network Intrusion Detection System)
Acid (Analysis Console for Intrusion Databases)
Smartd (HDD Reliability monitor)
SIM (System Integrity Monitor)
PRM (Process Resource Monitor)
SPRI (System Priority)
BFD (Brute Force Detection)
PMON (Socket Monitor)
Tripwire (keeps track of every file being moved/edited in the system)
CHkrootkit (Rootkit/Exploit scanner reports sent daily)
1. Now I get a timed out message via my browsers IE & Mozilla
2.When I try to FTP into an account I get this message, same message on all accounts.
[06:37:47] Connecting to 72.21.49.74 Port: 21
[06:38:08] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
3. When I try to retrieve my email via Outlook 2007 I get this
Receiving reported error (0x80042108) 0UTLOOK CANNOT CONNECT TO YOUR INCOMING (pop3) EMAIL SERVER
Here are the traceroute results (image below) Note the timed out message
Servstra keeps telling me everything works on their end...... yet I cannot get to the server any longer.
View 4 Replies
View Related
Mar 19, 2013
I am working with an Apple Lion Server. I want to give users the possibility to gain access to certain share points with the webbrowser via the WebDAV protocol. The OS allows to define sharepoints with the GUI. In this GUI you can adjust, that the users are allowed to access the sharepoints via WebDAV but it is not possible to access the folders via a browser. You just get an error from the webserver after a login:
You don't have permission to access /webdav/ on this server.
So I have looked for the relevant configuration file "httpd_webdavsharing.conf" (apache v2.2)
Code:
#
# Apache Config for WebDAV Sharing
# Activated and deactivated by com.apple.webapp.webdavsharing webapp
#
RegisterResource "WebDAV Sharing: %c %s" /webdav main webdav
RewriteEngine On
RewriteMap webdavmap prg:/usr/libexec/webdavsharing/webdavsharing_mapper
[Code] .....
Is there a way to modify the code in such a way that it allows the favoured access?
View 1 Replies
View Related
Dec 12, 2014
I want to know what settings to make in the Dns of my Server so always to show the www. in the browser, before the domain name.
For example, in the url to be www.mydomain.com and not mydomain.com
View 1 Replies
View Related
Jul 13, 2015
Apply an IP fix to a specific domain but this domain dont resolve on browser [URL] .....
On chrome i got this : ERR_NETWORK_ACCESS_DENIED
I already disable iptabes and denyhosts
I check on dnsstuff and everything seems good.
I check ifcfg-eth0 file - ok
IP its add into Plesk panel by ToolSetings -ok
Its set on domain by Hosting parameters -ok
Reverse on IP is ok ....
View 3 Replies
View Related
Jul 17, 2015
When i try to go to horde after my upgrade from plesk 11.5.30 to plesk 12.0.18, my horde is loading as minimal cause this:
JavaScript is either disabled or not available on your browser. You are restricted to the minimal view.
But my javascript is enabled for this site.
View 2 Replies
View Related
