Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [hacking]

Hacking is the violation of server or network security via exploitation of weaknesses in that security.

Hacking is the violation of server or network security via exploitation of weaknesses in that security.

Some of the most common ways security may be compromised include:

  • Social engineering, in which a person is persuaded to give up sensitive information such as passwords
  • Exploiting unpatched or not generally known (0-day) security holes in software
  • Brute force, that is, trying common usernames and passwords repeatedly until something works

Less commonly, hacking refers to the uncommonly creative solution of a software or hardware problem. Some see this original definition as the correct one and wish to preserve it, though they seem to be fighting a losing battle.

Detailed security questions and answers which do not fit at Server Fault may be welcome at IT Security Stack Exchange.

479 questions
11
votes
7 answers

Hacking prevention, forensics, auditing and counter measures

Recently (but it is also a recurrent question) we saw 3 interesting threads about hacking and security: How do I deal with a compromised server?. Finding how a hacked server was hacked File permissions question The last one isn't directly…
tmow
  • 1,227
  • 9
  • 20
10
votes
1 answer

Security Wordpress on IIS hosted sites.

Since yesterday I,ve got strange things happening on one of my websites. The index.php of my wordpress site on IIS changed from 1 kb to 80 KB. Also map.xml and sitemap.xml are new in the directory. Some additional files are also found in…
Lt Lev
  • 101
  • 5
10
votes
5 answers

How did Matasano get hacked?

from: http://seclists.org/fulldisclosure/2009/Jul/0388.html If I understand it best from the posts from: http://news.ycombinator.com/item?id=723798 the Matasano guys left sshd internet accessible - any proposed solutions for this (from a programming…
user14898
  • 225
  • 5
  • 10
10
votes
2 answers

My linux server was hacked. How do I find out how and when it was done?

I have a home server running a desktop ubuntu distribution. I found this in my crontab * * * * * /home/username/ /.access.log/y2kupdate >/dev/null 2>&1 and when looking in that directory (the space after username/ is a directory name) I found a lot…
Jonatan Kallus
  • 203
  • 2
  • 6
10
votes
6 answers

What are the attack vectors for passwords sent over http?

I am trying to convince a customer to pay for SSL for a web site that requires login. I want to make sure I correctly understand the major scenarios in which someone can see the passwords that are being sent. My understanding is that at any of the…
KevinM
  • 203
  • 1
  • 5
10
votes
5 answers

My site was recently attacked. What do I do?

This is a first for me. One of the sites I run was recently attacked. Not at all an intelligent attack - pure brute force - hit every page and every non-page with every extension possible. Posted with garbage data to every form and tried to post…
chrishomer
  • 297
  • 1
  • 3
  • 8
9
votes
2 answers

Dissecting a website attack through a compromised FTP account

My site has been hacked and at this point, I know some details, but I'm at a loss at exactly how it happened or how to prevent it in the future. I need your help in trying to dissect the attack so that I can prevent it from happening again. This is…
Dear Abby
  • 91
  • 2
9
votes
4 answers

has my server been hacked w00tw00t.at.ISC.SANS.DFind

I'm quite sure my server's been hacked. I'm seeing these entries in my access log as the last two before a series of 500 error messages, It's related to the DB but I haven't found out the exact error yet. I'm still trying to figure out what it means…
Jakob
  • 201
  • 1
  • 2
  • 4
8
votes
3 answers

Unsecured MySQL 'root'@'localhost' account accessed remotely?

A little background: We've just had our PBX system hacked. The server itself seems secure (no logged unauthorised console access - SSH etc), but somehow the hackers have managed to inject a new admin user into the PBX software (FreePBX, backed by…
TFk
  • 83
  • 1
  • 4
7
votes
7 answers

Website hacked again

Final Update: Things have been peaceful for the past few weeks and taught me much more about website security and risks. Here's my version of story - I was using an older version of wordpress and probably this person caught me from google. I think…
Arpit Tambi
  • 481
  • 3
  • 5
  • 11
7
votes
3 answers

Could this server log mean my server is being used as a proxy?

I came across the following entry in my access.log: 58.218.199.147 - - [05/Jun/2012:12:56:04 +1000] "GET http://proxyproxys.com/ HTTP/1.1" 200 183 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" Normally when I see a full URL entry in my…
So Over It
  • 173
  • 1
  • 4
7
votes
2 answers

Bypassing htaccess restrictions?

I found this in my apache access logs access.log:555.555.555.555 - - [05/May/2011:12:12:21 -0400] "GET /somedir/ HTTP/1.1" 403 291 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101 Firefox/5.0" access.log:555.555.555.555 - -…
Hrvoje Špoljar
  • 5,245
  • 26
  • 42
7
votes
4 answers

Could/Should you be held liable for server vulnerabilities?

Is there precedent in North America or elsewhere where a server administrator was held accountable for leaving a server vulnerable? For example, if there is a known exploit in IIS - Microsoft issue a patch for it and for reason X you don't apply it…
jfrobishow
  • 71
  • 10
7
votes
3 answers

What is the ip range of EC2

I'd like to setup a rule to block ssh request from EC2 since I've been seeing a large amount of ssh based attack from there and was wondering if anyone knew what their IP ranges are. EDIT: Thank you for the answer, I went ahead and implemented the…
Nicolas Kassis
  • 316
  • 2
  • 7
6
votes
1 answer

Apache 2.4 log PHP command 200 success, but what is it doing? POST /?q=die('z!a'.'x'); etc

I am running a CentOS 7.x VPS with Apache 2.4.29 and PHP 7.0.28 and I started seeing the following in my logs. I have php.ini secured as best as I can from articles online for a while now, but I am wondering why I am seeing an HTTP status code of…
Tim
  • 203
  • 1
  • 9
1 2
3
31 32