RDP Sessions - Forcing New Session

Sep 3, 2008

I've come across an issue where our users are not logging out of their terminal services session properly. Whether via TSWeb or MSTSC (remote desktop), if they close the browser or RDP window using the x it keeps the session alive for upto 1 minute.

The problem with this is that we use terminal services to host an application for users who can't install it, so other users that login (using a generic username and password) are adopting/hijacking the original session and seeing someone elses data.

Does anyone know of a way to force a new session each time a user connects to RDP? Whether via TSWeb or MSTSC (remote desktop)?

View 7 Replies


ADVERTISEMENT

(error) IP Address Changed Amidst Session. Possible Session Hijacking

Oct 7, 2007

I have just got a resellers VPS and my host installed HyperVM 2.0 and when I logged in it works but then I get logout and then get this error:

IP Address Changed Amidst Session. Possible Session Hijacking.

then it takes my host admin time to fix it and now they will not do any think so i can not now use it (login). Not Good is there something I can do?

all I can think is that it is my ISP IP (Dynamic IP Address) which keeps changing.

View 13 Replies View Related

Forcing Secure Protocols?

Dec 25, 2008

how customers feel about being forced to use secure protocols?

For example on a cPanel server this would mean:

FTP: requires authentication over TLS
SMTP: relay requires SMTP authentication over TLS.
POP3: requires SSL
IMAP: requires SSL
cPanel: only https port enabled.
WHM: only https port enabled.
Webmail: only https port enabled.

Honestly, I don't think most customers would notice the difference so long as they were initially configured using secure protocols.

Combined with forcing reasonably strong passwords this should prevent a lot of iframe injection issues and SPAM related issues.

View 10 Replies View Related

HiVelocity Forcing Cogent Outbound

Mar 29, 2009

Could you guys look and see if what I am seeing is right? They offer Global Crossing and Cogent officially. So if I use GLBX looking glass, I get this.

Trying trace from node 'Miami, FL, US' to '96.31.73.xxx'
1 64.214.16.65 (64.214.16.65) 0.761 ms 0.608 ms
2 so0-0-0-2488M.ar2.TPA1.gblx.net (67.17.66.165) 5.690 ms 5.695 ms
3 WBS-CONNECT-LLC.ae0.409.ar2.TPA1.gblx.net (64.214.147.222) 5.731 ms 5.880 ms
4 69.46.31.106 (69.46.31.106) 7.442 ms 6.667 ms
5 node1.sarorahosting.com (96.31.73.2) 15.734 ms 15.993 ms
6 96.31.73.xxx (96.31.73.xxx) 15.861 ms 15.795 ms

Now if I tracert from the VPS to the GLBX router, I get this.

traceroute to 64.214.16.65 (64.214.16.65), 30 hops max, 40 byte packets
1 node1.sarorahosting.com (96.31.73.2) 0.072 ms 0.035 ms 0.008 ms
2 69.46.31.105 (69.46.31.105) 0.731 ms 0.863 ms 1.003 ms
3 gi0-6.na21.b001841-0.tpa01.atlas.cogentco.com (38.99.204.33) 1.147 ms 1.142 ms 1.428 ms
4 gi4-1.core01.tpa01.atlas.cogentco.com (38.20.33.89) 0.818 ms 0.814 ms 0.807 ms
5 po2-0.core01.mco01.atlas.cogentco.com (154.54.27.90) 148.004 ms * *
6 po5-0.core01.jax01.atlas.cogentco.com (66.28.4.146) 5.847 ms 5.839 ms 5.872 ms
7 po5-0.core01.atl01.atlas.cogentco.com (154.54.3.197) 11.953 ms 23.819 ms 23.870 ms
8 te3-3.ccr01.atl01.atlas.cogentco.com (154.54.5.38) 11.721 ms 11.752 ms 11.787 ms
9 te8-2.mpd01.atl04.atlas.cogentco.com (154.54.3.174) 11.962 ms 11.921 ms 11.987 ms
10 ge4-1-0-390-1000M.ar4.ATL1.gblx.net (64.208.110.97) 12.252 ms 12.359 ms 12.444 ms
11 64.214.16.65 (64.214.16.65) 16.026 ms 16.061 ms 16.594 ms

Now what would be causing this to happen?

View 1 Replies View Related

Forcing A Webhost To Hand Over My Domain

May 1, 2008

one.com (aka the worst webhost ever) are holding my domain to ransom they refuse to unlock it. Is there anyway i can go over their heads and get control of it? the address is mine, so is the phone number and email. The admin contacts are not.

View 13 Replies View Related

Jaguarpc Lock Up All The VPS Forcing Us To Upgrade

Apr 9, 2008

Jaguarpc lock up all the VPS forcing us to upgrade. could anyone please report to Police or other authority in concern, It 's hijacking and blackmailing.

View 14 Replies View Related

Forcing Script On Page Load

Nov 22, 2007

using somewhat clever techniques, I've managed to put together a script that will check various rbls, honeypots, and the like, ie: to keep the bad guys out, and the good guys in.

I've managed to put this into play on a per site basis, using simple

PHP Code:

<? require_once("/home/user/httpbl/script.php");?>

so that I don't have to change 500 scripts every time I want to modify it, I just change it once per server. Pretty simple there.

The problem is that I'd like to use this on a more global basis, as in putting it in apache configurations, so I don't have to load it on a per-site basis, and can catch more of what needs to be caught.

View 4 Replies View Related

Layeredtech Forcing Me To Migrate Server ... In 3 Weeks

Sep 29, 2008

I've been a layeredtech customer since early 2005, and until this last insane price-hike fiasco, I've never had a major complaint.
But now it keeps getting worse.

I wound up keeping this particular server around after the price hike (for several reasons, one of which was misinformation from a LT sales person regarding the prepay option) and several days ago received an email stating that my server would have to be moved, and that due to the chassis type of my old server, they could not move my server, I would need to migrate to a new server.

The email was less than forthcoming with details, so I tried to phone the person who sent me the email. The call went straight to his voicemail, where I left a couple messages asking him to return my calls, which he never did.

Finally I called their Sales department to figure out what was going on, and finally spoke with a nice & friendly guy (in a different department), who he stated that he felt like he was in the middle, and he just wanted to help us (the affected customers) out.
Okay, I figure I can handle moving all my custom software to a new server figuring that they would find some comparable piece of hardware to move me to at the same cost.

No.

I was told I would have to pay around 10% more per month for a server with only a slightly faster CPU, only 1GB of ram and only 1 hard-drive (current server has 1.5GB of ram & 2 hard-drives mirrored)

Oh, and I have to have everything moved by the 18th of October.
And I'll have to pay for 2 servers while I move.
Or, I might be able to have the server moved to a different space at Savvis, but that would likely only be a short-term solution, and this situation would come up again.

I find this really appalling--they really must hate their customers who helped them through the early years!

View 14 Replies View Related

Plesk 12.x / Linux :: Forcing HTTPS Results Into Many Redirects

May 16, 2015

I've been fiddling with Plesk to get HTTPS to work for [URL] .... Unfortunately I haven't had any successes at forcing HTTPS, all result in a 'to many redirects' message.

The certificate is already activated and can be verified trough; [URL] ....

Code:
proxy_error_log:2015/05/16 16:35:00 [crit] 21266#0: *2336 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 64.41.200.106, server: 151.80.117.38:443
proxy_error_log:2015/05/16 16:36:37 [crit] 21266#0: *2616 SSL_do_handshake() failed (SSL: error:14094085:SSL

[Code] .....

View 11 Replies View Related

Forcing Qmail To Acknowledge Typo In Recipient Email Address And Try Again...

Jul 27, 2006

I was looking at my qmail queue using qmHandle and noticed that one of the emails sitting in the queue was simply there because of a blatant typo in the email address.

Therefore, I went to the appropriate file in

/var/qmail/queue/mess/*/*

and edited the file to reflect the new email address.

Does this work at all, or should the user resend the email? I naturally don't want to look at email that isn't intended for me (which is why qmHandle is a useful tool -- because only headers are available) nor do I want someone to know that I know their email is sitting in the queue (because they might assume that I *am* reading their email even though I'm not!)

I tried qmHandle -a to no avail; the email address has been edited as per my changes, but the email is still just sitting there.

View 3 Replies View Related

Sessions

Aug 16, 2007

I operate vbulletin across my site including a couple of subdomains. I've just moved to a new server only to find that sessions are no longer recorded unless the user actually visits the forum (ie. forum.mysite.com).

The rest of my site uses the following code to track sessions / maintain connection to database:

PHP Code:

// vB Global File$cwdir = getcwd();chdir('/home/mysite/public_html/forum/');require_once 'global.php';chdir($cwdir); 

Would anyone know what could be the problem? I'm running vBulletin 3.6.8, PHP 5.2.3, Apache 1.3 and MySQL 4.1.22. Safe mode is off, mod_security is off, open_basedir is off.

View 2 Replies View Related

PHP 5.2.3 And Sessions

Aug 23, 2007

I recently upgraded to PHP 5.2.3 and now some of my customers sites are throwing errors.

Apache 1 with PHP 5.2.3 on RH.

Code:
Warning: session_start() [function.session-start]: Unknown session.serialize_handler. Failed to decode session object. in /home/kaaoscom/public_html/wow/raids/auth/auth_phpraid.php on line 70

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/kaaoscom/public_html/wow/raids/auth/auth_phpraid.php:70) in /home/kaaoscom/public_html/wow/raids/auth/auth_phpraid.php on line 70

Warning: Unknown: Unknown session.serialize_handler. Failed to encode session object. in Unknown on line 0

View 3 Replies View Related

Php Sessions In Server

Dec 2, 2007

I'm having some problems configuring my server sessions in php.

Server espec:

WHM 11.2.0 cPanel 11.11.0-S18033
CENTOS Enterprise 4.5 i686 on standard - WHM X v3.1.0
PHP version 5.2.4
MySQL version 4.1.22-standard
Apache version 1.3.39 (Unix)

Sessions def. in php.ini:

Quote:

Code:
[Session]
session.save_handler = "files"
session.save_path = "/tmp/sessions"
; in the case of files, this is the
; path where data files are stored
session.use_cookies = 1
session.name = "PHPSESSID"
; name of the session
; is used as cookie name
session.auto_start = 0
session.cookie_lifetime = 0
; or if 0, until browser is restarted
session.cookie_path = "/ "
session.cookie_domain =
session.serialize_handler = "php "
; php is the standard serializer of PHP
session.gc_probability = 1
; 'garbage collection' process is started
; on every session initialization
session.gc_maxlifetime = 1440
; data will be seen as 'garbage' and
; cleaned up by the gc process
session.referer_check =
; externally stored URLs containing ids
session.entropy_length = 0
session.entropy_file =
; session.entropy_length = 16
; session.entropy_file = /dev/urandom
session.cache_limiter = "nocache "
; determine HTTP caching aspects
session.cache_expire = 180
session.use_trans_sid = 1
; by compiling with --enable-trans-sid

Register globals are ON

First I recieved about 7 e-mails from clients saying that in joomla pre instllation teste sessions.save_path was unwritable.
I went to /temp created a sessions folder and chmoded it to 777

After that they still can't login on the admin area
Error: Warning: session_start() [function.session-start]: Cannot find save handler files in /home/asasdosa/public_html/site00/administrator/index.php on line 111

From what I could read on-line in joomla this means that clients can't save sessions file in the session.save_path although it is writable. But never saw a solution for it, because it was all client oriented. All the solutions were contact your isp.

Well they did contact, but the isp doesn't know how to fix it

View 3 Replies View Related

Php.ini Store Sessions In Database

May 28, 2008

Is there a way in the php.ini file to force all sessions to be stored in a database? For example, in ColdFusion you can configure sessions to be stored in a db. Can you do this in PHP? Thereby forcing all sessions no matter what the customer specifies to be stored in a db.

View 3 Replies View Related

IIS 6.0 Sessions Problem Since SP2 Installed

Jun 28, 2007

I have a fairly good understanding of IIS 6.0 and so this is beginning to confuse me some what.

Our clients are running on Windows 2003 server with IIS 6.0 which in turn runs the site that we had created. The thing is our site does rely on sessions so when one ends it runs the Session_OnEnd within the global.asa and runs some other functions.

But just recently a number of our clients are experiencing the problem that the sessions are not ending so the Session_OnEnd is not running therefore causing some major problems with their sites.

Two of our clients has said recently that they had installed SP2 but I am not sure if this would change any of the settings or **cough** BUGS **cough**. Can anyone please shed some light on what the SP2 actually did and if any of the settings for IIS 6.0 would of been reset.

View 3 Replies View Related

Windows 2003 VPS Sessions

Jul 27, 2007

While I was using my VPS, I was disconnected 2 times and when I re-connected again, it told me to choose 1 from 2 sessions to continue? Can anyone please tell me how can I create sessions like this and how to delete one of them ?

View 4 Replies View Related

Sessions Created With No Permissions Set

Apr 16, 2007

I'm in the process of configuring my company's new server and I've hit a slight stumbling block. What's happening is that PHP is creating its sessions like normal with the exception of no permissions being set for them. This then means that errors are thrown up when PHP attempts to open the session files. Can anybody tell me why this is happening? I have set the sessions directory to octal 0777 for the time being.

The server is running Linux redhat.

View 0 Replies View Related

15,000,000 Concurrent Sessions Using Only 2 Dedicated Servers

Jan 10, 2009

I was looking at some load balancers hosting companies offer and some of the load balancer specs say they can handle up to 15million concurrent sessions(users online at the same time), so does this mean if i had a site like wikipedia that had 15 million users online at the same time, would i be able to do this with only 2 dedicated servers, or will the Cpu's not be enough?

View 3 Replies View Related

Windows 2003 Server Max Sessions

Apr 10, 2007

I have a server Windows 2003 Server

I have a problem for ask WHT. I have 3 session in my Windows 2003 Server but we can only 2 person connect but i want 4 or more connection to my server. Hown can i do it?

View 4 Replies View Related

Server Is Taking Sessions Errors

Dec 5, 2008

suddendly some of my sites in my server is taking sessions errors...then after a while all its going ok and then again the same problem...the problem still continues.from what might be the problem?a php update?mysql update?any exprerience?

i havent made any change.my server is linux has centos 4.7

View 5 Replies View Related

Apache :: Limit Number Of Sessions

Nov 18, 2014

I implemented a Reverse Proxy using apache2 v. 2.4... What i need to do is limit number of sessions against a Virtual Host. Is that possible?

View 13 Replies View Related

Apache :: Mod Rewrite - How To Differentiate Sessions

Nov 5, 2014

I am trying to capture 3-4 digits when sent as part of a URL, for them to be proxied to another URL. I have no control over how the source sends this data, I am supposed to redirect it. Which works.

#RewriteCond %{HTTP:whoisd-ussd-message} ([d]{2,4})
#RewriteRule ^/original/individual.do(.*)$ https://other.server.com/somewhere/011$1 [P]

The problem is this works for all URLs that have digits to this server. I am expecting to trap URLs that send digits as part of the first call to the server, but this also affects URL calls that are part of other server call transactions, once digits appear, it gets redirected. What can I do to stop this interference?

View 1 Replies View Related

How To Calculate Concurrent Sessions Off Linux Machine

Mar 23, 2009

I am planning to get a Juniper firewall, but due to SSG140 has a maximum of 48,000 concurrent sessions per second, so it triggers me how do I measure the concurrent session of a linux server of the total throughput instead of just port 80?

OS: CentOS

View 3 Replies View Related

Two Sessions Active At The Same Time With Same Socket Application

Sep 28, 2009

i hosted one server socket application in my dedicated server which is recving the data from different units(vehicle tracking system) through port no 4444.in dedicated machine i am keeping one active session always...that means my socket application exe is opened always in an active session ie sectionA.This session is not logged off insted i used to close the rdp for keeping this session active.Based on settings if userA accessing SessionA then userB cannot able to reach the active sessionA at the same time instead new sessionB will open for userB.

now my question is

if userB also opened socket application in SessionB with same portno ,then which soket application will recive data from the units...whther the applictaion from sessionA or from SessionB?

View 2 Replies View Related

PHP Sessions In Load Balanced Enviroment, Database Or NFS

Mar 31, 2008

We have setup and are currently testing a load balanced cluster using heartbeat and ldirectord. One of the problems we have come across is that we are unable to reliably use the same web server for connections from the same user. As a result the php sessions are getting in a bit of a muddle.

Obviously its not something that we can easily sync between servers like the customers other web content. We are looking at either storing the sessions in a database or NFS.

The site is pretty busy and we are a bit worried that when the site goes live both these options will slow everything down.

Apart from using different load balancing software is there any other solutions we could use for this? Has anyone stored php sessions in a database on a busy site or on a NFS?

View 3 Replies View Related

Windows 2003 VPS + RDP (more Than 2 Sessions Opened At One Time)

Nov 13, 2008

I'm running a Windows 2003 based Vps, I'm looking to have more than 2 sessions of RDP at one time, I think every people know that is setted to 2.

I want only one more, at the moment I have admin acc always running, #1 friend account (where there are running 2 process always) and now I want #2 friend account for run another process.

View 3 Replies View Related

Plesk 11.x / Linux :: Active Sessions Unknown User / IP?

Aug 28, 2014

i saw very often in the active sessions site following line:

Username Empty IP empty Date Nov 30, -0001 12:00 AM Idle time 00:45:39

What is that and how can is stop this or get it fixed ?

View 1 Replies View Related

Session Directory

Oct 30, 2008

I need to make this writeable but I can't find it on my server with my FTPclient. Can someone tell me what it is and where it's likely to be?

Maybe I have to create one?

View 1 Replies View Related

Session Error

Feb 5, 2007

I have a large survey (I use phpsurveyor) on my reseller webdomain running. It takes about 30 minutes to fill in the complete survey. After 24 minutes my respondents get a session error and their data is lost.

I tried to solve this with a .htaccess

php_value max_execution_time 600
php_value session.gc_maxlifetime 3000
php_value session.cookie_lifetime 3000

With phpinfo.php I can see that the Local Values are session.gc_maxlifetime 3000 and session.cookie_lifetime 3000.

View 1 Replies View Related

Session Issue

Feb 6, 2007

I have got error:

Code:
Warning: session_start() [function.session-start]: Cannot send session cache limiter -
headers already sent (output started at /home/myhope/public_html/pro/index.php:1) in /home/myhope/public_html/pro/index.php on line 2

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved