Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
My website is entirely written by me in php on notepad, no WordPress or the like. The only known weakness is that due to a complicated hardware situation, I can not use HTTPS for the login area. It runs on a shared hosting account at iPage. It's 'LAMP'.
I am setup to monitor reasons why the 404 page is called. This is where my concern comes. Someone is making attempts on folders in all lower case. This more alarming because these folders words are in the login area sometimes. For example, if I have a file at /loginArea/myHidden/index.php these odd requests are aimed at /myhidden for some reason. Notice no caps and lack of the first directory. This has been happening at a rate of one per day, from random IP addresses all around the world. You might assume this was a coding mistake on my part at first, but I am 100% certain that has been ruled out by now. They are moving around my folder structure, poking like they are searching for something.
They seem to be limited to folder words they could sniff from http traffic of logged in users. They have not hit one that is known only to me.
No damage seems to have been done, but I am getting DAILY attempts and want to know what they are hoping for.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I am receiving malicious request therefore i seek your help i log page urls visited and some of them are like http://example.com/?a=fetch&content=<php>die(#md5(HelloThinkCMF))</php> and some are like http://example.com/?XDEBUG_SESSION_START=phpstorm and one more like http://example.com/index.php?s=/Index/\think\app/invokefunction&function=call_user_func_array&var what are these user trying to do and how should I improve the security and take precaution
It seems the users are trying to use URL injection to attack your website. They are adding malicious code to urls and sending them to the web server. If this code is run by the Php process, then it can cause damage to databases or the file system.
I faced a similar problem. I was able to fix the problem by installing Fail2Ban and ModSecurity. ModSecurity is an open source Web Application Firewall. It allows blocking malicious requests using predefined rules. Fail2Ban is a server intrusion prevention tool that checks for certain text patterns in log files using regular expressions. It automatically adds rules to the system's firewall, banning the user.
See these blog posts on how to install Fail2ban and Modsecurity.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
so we got hacked and from that we raised a question based on our logs. Can a hacker start uploading a file at one point and specify when should it stop uploading. I.e. we got a HIT from an IP address at 06:50:52 2020-06-19 and the file uploaded later on 2020-06-20. The file is 2Mb so no way it actually took a full day to upload or does it depend on PHP configuration. Also there is no indication on when the file was uploaded only the first HIT was logged.
The client may influence the speed the file is being uploaded. It depends on the configuration of your server whether you timeout such long lasting requests or not. See the slow loris attack example to see how things may work.
you have to find which vulnerabity got exploited. It can be anything from a reverse shell to the webserver gained throu some php vulnerable scripts ...to some WordPress bug. Look thru all the logs
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I am looking for a way to host a webpage and a mySQL data base but in internal network, like an intranet for example.
When I was working on the website and the database, I used MAMP to emule a server on my PC but this work only on one PC. I'm looking for a way to share this website on different PC but only on my internal network.
Sorry for bad english. If there's something not understandable, please ask.
If it's a "repost question", please lead me to the answer I'm looking for. If you need more information, be pleased to ask them.
Thanks.
Unless it is very sensitive I would go for an external webhotel like godaddy.com or similar in your country. And add password protection on the site.
If you want to host it you need a computer that is on 24/7 and install your setup there, but then you are required to handle hardware failures, updating the software and so on.
MAMP and others should work. You might be visiting http://localhost:1234/index.php on your machine so on your network on other device, try http://yourmachinename:1234/index.php. As long as the ports are open, this should work.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
Seomeone placed script in my site that send email, how I cant found this script ?
I use parallels and Linux CentOs.
I'm search keyword in site "mail(", but also cant be that code is like hash
It could be anywhere, and it could be anything. It could even have been deleted.
We did have a situation a while back where a client lost control of their password due to a keylogger and someone was uploading a CGI script to spam emails, running it then deleting it. We only found out via FTP logs what was going on.
Try checking your ftp logs, web server logs and if all that fails and you are sure it is php then try searching for eval( as that is an often used tactic to hide what a script is doing.
More importantly though, my suggestion would be to get someone who is experienced in server management to have a look at your site as a matter of urgency. If they were able to upload a file to your site once, then even if you remove it, it won't stop them doing it again until you find exactly how they were able to do it.
You might also have a look at your scripts. Is there a contact form somewhere on your site? You might have not escaped userinput very well, which gives an attacker the ability to send mails to other recipients.
I had a similar situation in my early days until the host blocked the script and told me to fix it.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
I had mod_pagespeed installed on my previous server. I didn't use it and disallowed via .htaccess because after some testing it turned out that it actually slowed down my site. So it remained "disallowed" via .htaccess for a long time.
Today I moved to a new server and migrated user accounts using cPanel VHM migration feature. Supposedly it migrates only accounts and not configuration, but I have many problems now and I suspect this is primarily due to pagespeed. It's not installed on the new server because I dont need it, but somehow various logs and console messages show that pagespeed versions of files are still requested from time to time like the following "d14dafe2dc85d5ff8142236c3f55e0d4.pagespeed.jm.ReWsy_33cT.js" which causes random 404 errors and even 500 internal server errors.
How can it request pagespeed versions if pagespeed isnt installed? how is it possible? can anyone explain, please.
Ok, fixed it. It was DNS problem.. data was being loaded from both servers. That is, had to wait for DNS propagation to finish.