I found several requests in my error log which looks like someone was scanning my site for phpMyAdmin. This was a newly created subdomain. So I checked my main site and another subdomain and they also contained similar entries. Should I do something?
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpMyAdmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/phpmyadmin
[Fri Jul 03 03:23:16 2009] [error] [client 65.23.157.214] File does not exist: /var/www/vhosts/mydomain.com/subdomains/mysubdomain/httpdocs/pma ...
A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
Does anyone have experience of PCI DSS scanning on a shared server? Our current hosting company have told us that it's unlikely to pass on a shared server, and that we should move to a Virtual Managed Server for them to make the necessary changes to pass a PCI scan.
In particular, we're talking PCI compliance to use PayPal website payments pro UK.
From Googling there seems to be a lot of debate on this issue - varying from 'all you need for PCI compliance is a SSL certificate' (this seems to be paypals attitude), to 'PCI scans can be passed on a shared server if your host is willing to help' to 'you need separate dedicated servers for the database and site etc'.
Does anyone use website payments pro UK, have a shared server, and regularly pass quarterly PCI scans? Also, we would much prefer a host based in the UK - we seem to get much better performance from our UK host than we did when the site was hosted in the US (our customers are almost completely UK based).
My internet security software blocked port scanning from IANA Internet Assigned Numbers Authority. Who is this and what are they doing scanning the ports on my computer.
I get a lot of messages from CSF about Port Scanning and Bruteforce detection.. Is there a way to avoid all of these attacks ? Because it tries to figure out my clients ftp or pop3 user with several usernames, i.e. administrator, postgres, mysql, httpd, and many more..
I know a little about internet security.. Is it possible to make my public IP of shared hosting untraceable ? Like this one..
Just do a ping to ebay.com or paypal.com and then you will receive RTO message or Destination host unreachable, but actually the site is running well..
Access denied with code 406. Error verifying files: Received no output from the approver script (execution failed?) "/usr/local/apache/htdocs/upload_scan.pl" ....
My main goal was stopping incomingo spam.. and MailScanner is doing a great work on that.. but, it is taking too much time extracting and scanning attachments... does anyone know how to disable scanning the attachments ?
I tried to configure Sendmail as e-mail MTA with ClamAV & SpamAssassin before my local network. I can send and receive e-mail but spamassassin doesn't filter them. Do you know where I should look for?
I was trying to install mailscanner on a cpanel box using chirpy's script [url], followed every step, until this:
Code: [root@server.yourbox.com:~]perl mscpanel.pl -i Unable to open spam.scanning.rules for reading: file or directory doesnt exist at mscpanel.pl line 115. On the 115 line i found this:
Code: open (IN, "</usr/mailscanner/etc/rules/spam.scanning.rules") or die "Unable to open spam.scanning.rules for reading: $!"; The file /usr/mailscanner/etc/rules/spam.scanning.rules just doesnt exists... maybe chirpy's script is not working well installing everything its needed..
I'm running CentOS with Paralells Plesk bundled Paralellls Premium Antivirus (Dr Web). After the latest yum updates DrWeb continously seems to crash and be restarted by the Parallells watchdog. By default there were no logs for DrWeb, but when I enable logging to a file it gets spammed continously with the following error:
Cannot create pipe for communication with scanning childs (Too many open files)and the Drweb process runs at 99% CPU for long periods. This totally fills the disk with logs and I've now disabled logging again and Drweb is back to continously being restarted by the watchdog.
Attached is a (badly) drawn diagram of two sites, connected by a vpn.
The site to the left, is network 10.0.0.0/24 which runs a linux server as the router for the network.
The site to the right, is network 10.1.0.0/24 which runs a windows 2003 server as the router for the network.
Now, my problem is, the clients behind the windows 2003 server can ping any machine on the first network because i setup a static route to route all traffic to 10.0.0.0/24 over the vpn interface.
now, my problem is, only the linux server can ping any machine on the windows 2003 network, any client behind the linux server cant seem to route over the interface.
I have the following route on the linux server: .....
Starting point: a working site using a shared IPv4, dedicated IPv6, and SSL. HTTP and HTTPS work, the latter only using SNI of course.
The good news: If I simply allocate an IP resource of 1 to a subscription it is pulled from the pool, assigned to the service node, assigned to the web site, DNS is updated, and the site is automatically changed to using a Dedicated IPv4 and Dedicated IPv6.
The bad news: visitors land on the default web site of the service node, with the default SSL certificate.
Other info: I can't ping the new IP, even though it shows in "ip a l" and /etc/sysconfig/network-scripts/ifcfg-eth0:0. [edited]
After the IP assignment, it is still installed, and /etc/httpd/conf/plesk.conf.d/ip_default/domainname.conf shows the new certificate is being used.
However, a second set of VirtualHost entries is created in server.conf for this IP for ports 80 and 443, with NameVirtualHost enabled on the new IP. The port 443 entry uses the default certificate. Apache's setup this default VirtualHost entry will override the web site configuration because Apache is listening on port 443 with the wrong cert.
If I go to "Change webspace settings" and toggle to Shared IPv4, Dedicated IPv6 the site works again via HTTPS, and Dedicated IPv4 and Dedicated IPv6 breaks it again. Setting the SSL cert to None and back again does not work.
Setting the SSL cert to None, changing to a dedicated IP, and enabling SSL results in the server being inexplicably inaccessible...browsers no longer connect to either the default site or the correct site, and I don't see any entries in the vhosts's logs.
i downloaded a copy of phpmyadmin and uploaded it to my hosting.. then i run mydomain.com/phpmyadmin/setup configured the server to my hosting IP address but it says i can't login using myusername@localhost do i need to do something on a cpanel mysql server to listen to the external phpmyadmin?
I've only messed around in php/mysql stuff on occasion, so I'm still new to it.
When I access domain.com/phpmyadmin and log in, I see two things that I believe are preventing my stuff from connecting and working properly.
**Your configuration file contains settings (root with no password) that correspond to the default MySQL privileged account. Your MySQL server is running with this default, is open to intrusion, and you really should fix this security hole.
**The mbstring PHP extension was not found and you seem to be using a multibyte charset.
Without the mbstring extension phpMyAdmin is unable to split strings correctly and it may result in unexpected results.
Anyone using phpMyAdmin for MySQL admin, you need to know about a newly discovered attack vector.
Here's the official announcement: [url]
The key to this is in their description, "A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter."
A logged in user... This attack is a combination of SQL injection through CSRF. In other words, you'd have to be logged into your phpMyAdmin program, hit a website setup for CSRF, and then the attacker could have access to your phpMyAdmin as you.
If there's interest here, I could write up a detailed description of CSRF and how to prevent this type of attack.
Just let me know...
You should upgrade immediately to either phpMyAdmin 2.9.11.4 or 3.1.1.0 or apply patch 12100.
I've got phpMyAdmin setup, but when I logout or try to browse a table I get 404 error. Everything is CHMOD as 755. Ideas? I'm also running off of LiteSpeed
i have a problme in the server .. that when any site try to login the phpmyadmin this message appears " #2002 - The server is not responding (or the local MySQL server's socket is not correctly configured)
I've been struggling with getting phpMyAdmin to work on IIS7 for a long time. I've tried just about everything I can possibly think of, in the process, breaking both PHP and MySQL several times.
Ok...so my PHP and MySQL is working great now...but I still can't get phpMyAdmin to work. I get the following message :
Quote:
Cannot load mysql extension. Please check your PHP configuration. - Documentation
If you anyone has some advice, I will appreciate it.
