Highest Voted 'attacks' Questions - Server Fault Stack Exchange

0

votes

0 answers

favicon.ico in referer field in access.log

There is this line in my nginx access.log: 54.201.239.190 - - [18/Dec/2022:22:34:56 +0100] "GET / HTTP/1.1" 200 64 "http://example.com/favicon.ico" "Mozilla/5.0 (X11; Linux x86_64) ..." Simple question: Can anybody think of a way that a…

log-files attacks scraping

asked Dec 19 '22 at 15:42

archygriswald

143
1
11

0

votes

1 answer

Can a bots scanning my server change its source ip? Why do I keep getting attacks even after blocking the IP?

I have a PBX (VOIP server) where phones connect in order to make phone calls. The pbx I am using is Asterisk. That server is not being used and it's only purpose is to analyze attacks. The PBX service is not important if I wuold have a different…

brute-force-attacks attacks

asked Nov 28 '22 at 23:40

Tono Nam

322
3
17

0

votes

1 answer

Stopping UDP Attack

I am now getting support emails from OVH that there is unusual activity on my server. This is a simple server that I have RDP connections for students to access QuickBooks, Excel, and Word, and there is nothing else on the server, and I have group…

udp attacks

asked Aug 15 '21 at 22:22

QuickBooksRus

3
3

0

votes

1 answer

It seems that a robot is creating a lot of user accounts on my website

I am working on an e-commerce website... there is a bot that keeps creating new users on our website... All the users belong to allmelbet.com and all of them have exactly the same first name and last name: Williamemink WilliameminkQK The signup…

amazon-web-services security attacks

asked Feb 28 '21 at 06:24

Hooman Bahreini

518
6
17

0

votes

1 answer

What is uid in snort means

I was writing a snort rule for the specific exploit and then came across one solution that details as "uid=0(root)". Can someone explain what is that and why it is mentioned in order to capture the packet containing root content in it.

networking snort attacks ids

asked Feb 22 '21 at 00:50

vigneshwar s

1

0

votes

1 answer

Remote code execution attacks

It is probably a very stupid question but I would like to confirm. I found lines like 93.71.247.71 - - [19/Jan/2021:17:37:59 +0100] "GET…

attacks

asked Jan 19 '21 at 16:49

Photon

101

0

votes

1 answer

Meaning of Log File (DDOS)

We are currently facing attacks (probably DDOS) on our server. The incoming network traffic goes from an average of 20Mbps to 1Gbps in just 2-3 minutes. The lines in our log files usually look like: 101.101.101.101 - - [23/Nov/2020:01:01:01 +0200]…

log-files ddos attacks

asked Nov 25 '20 at 08:25

arety_

103
2

0

votes

0 answers

IS this error an Ancient “su – hostile” vulnerability in Debian 8 & 9 ? $ bash: cannot set terminal process group (-1): Inappropriate ioctl for device

Just received this error >> bash: cannot set terminal process group (-1): Inappropriate ioctl for device then the disk partition went into READ-Only mode ; also noticed gnome-software was communicating both upload and download over the…

ubuntu security malware attacks hardening

asked Nov 08 '20 at 01:56

Marc Cox

1

0

votes

0 answers

BigBlueButton getting unusaul traffic

We are running a bare-metal server which can handle 400 concurrent video conferencing users. We are using BigBlueButton application for video conferencing. It was running smoothly for the past 6 months. Last 2 weeks we having a strange high peak in…

networking ubuntu-16.04 traffic attacks

asked Oct 21 '20 at 05:18

Ebin Manuval

101
1

0

votes

4 answers

Stop attacker without affecting others on same IP

How can I stop a client that's running a multirequest script on my server that reconnects and continues no matter what, without affecting the other people/clients that are connected to my server from the same ip as the attacker? The port is…

security tcpip attacks

asked Jun 10 '20 at 12:52

Arre

3
1

0

votes

3 answers

Sharing IP black lists

Are there any tools similar to fail2ban that would allow sharing of IP black lists? What I'm looking for is something similar to a DNS based blackhole list or real-time blackhole list as is used to stop the spread of spam. However I'm not so much…

spam brute-force-attacks attacks rbl

asked Feb 19 '20 at 15:55

Toddinpal

101

0

votes

1 answer

Nginx Redirection Giving unexpected response

I'm using google compute engine as a proxy server using nginx. I make several POST requests to it and it redirects them to a third party server. The issue is, from today I started getting unexpected responses for my all POST requests through proxy…

nginx proxy reverse-proxy attacks

asked Feb 04 '20 at 12:58

Abhay Sehgal

51
3

-1

votes

1 answer

Am I under ddos attack ? Many random requests (usually to images)

Do requests like these look like a DDOS attack ? 180.157.250.126 /9301451791bb460e8a5aec3e123884ba.jpg <<< match 180.157.250.126 /b29a2302afd6dfd918a2b7c3b6a05e31.jpg <<< match 183.199.78.159 /img/6445ae665386ca14406c1d8614d44b36.jpg <<<…

security ddos url attacks

asked Apr 08 '19 at 18:57

adrianTNT

1,077
6
22
43

-1

votes

1 answer

How to deal with these indirect attacks from Facebook and Google bot?

Our site is smashed by Google bot and Facebook: 66.249.90.50 - - [03/Apr/2017:09:26:41 +1000] "GET /news/?vmowv= HTTP/1.1" 200 48925 "-" "Mediapartners-Google" 66.249.90.49 - - [03/Apr/2017:09:26:42 +1000] "GET /news/?dmsdv= HTTP/1.1" 200 48920 "-"…

google attacks

asked Apr 02 '17 at 23:47

starchx

533
10
24

-1

votes

1 answer

Server Blocked by Provider Sending UDP Packages to certain IP - what does that mean?

My webserver got blocked by my provider recently for the reason that it was performing an attack to another server. The email contained the following log: 08:26:39.219940 68:05:ca:07:02:01 > 78:fe:3d:46:e8:a5, ethertype IPv4 (0x0800), length 1057:…

security log-files attacks

asked Jul 18 '15 at 17:55

user3553828

13
3

Questions tagged [attacks]