Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [hacking]

Hacking is the violation of server or network security via exploitation of weaknesses in that security.

Hacking is the violation of server or network security via exploitation of weaknesses in that security.

Some of the most common ways security may be compromised include:

  • Social engineering, in which a person is persuaded to give up sensitive information such as passwords
  • Exploiting unpatched or not generally known (0-day) security holes in software
  • Brute force, that is, trying common usernames and passwords repeatedly until something works

Less commonly, hacking refers to the uncommonly creative solution of a software or hardware problem. Some see this original definition as the correct one and wish to preserve it, though they seem to be fighting a losing battle.

Detailed security questions and answers which do not fit at Server Fault may be welcome at IT Security Stack Exchange.

479 questions
5
votes
6 answers

How to analyse logs after the site was hacked

One of our web-projects was hacked. Malefactor changed some template files in project and 1 core file of the web-framework (it's one of the famous php-frameworks). We found all corrupted files by git and reverted them. So now I need to find the weak…
Vasiliy Toporov
  • 161
  • 1
  • 5
5
votes
1 answer

How does Windows hide internal users?

I just recognized that Windows hides some special users, like for example the NT Authority\SYSTEM user or the users which are added after the installation of SQL Server (ReportServer$SQLEXPRESS, IIS_IURS, ...). I know that it is possible to execute…
System.Data
  • 183
  • 1
  • 6
5
votes
1 answer

Linux Server hacked?

Possible Duplicate: My server's been hacked EMERGENCY I'm trying to determine if this linex webserver/openfire server has been compromised by some form of malware or a hacker. Can you please help me determine if this server has been hacked? The…
user115848
  • 69
  • 1
  • 2
5
votes
3 answers

Hacked? How does appending a filename allow access to data on site... see example

Visiting all of the following sends you to the login screen: http://mysite.com/admin/configuration.php http://mysite.com/admin/login.php However if you visit (note the last two portions of the url string are both…
Lothar_Grimpsenbacher
  • 1,677
  • 3
  • 19
  • 29
5
votes
4 answers

.htaccess file hacked, how to prevent this in future?

The hacker added a code in .htaccess file to redirect all search engine traffic to a malware website. I am now investigating this incident and trying to find out security loop holes. My situation is almost similar to this person's - .htaccess being…
Arpit Tambi
  • 481
  • 3
  • 5
  • 11
5
votes
1 answer

How do I decode this WordPress hack?

I found an offending string in a client's WordPress-powered website, and I just want to know what it…
Dennis Wurster
  • 201
  • 4
  • 7
5
votes
4 answers

Strange stuff in apache log

I'm building some kind of webapp, and currently the whole thing runs on my machine. I was combing down my logs, and found several "strange" log entries that made me a bit paranoid. Here goes: ***.***.***.** - - [19/Dec/2010:19:47:47 +0100]…
aL3xa
  • 153
  • 5
5
votes
3 answers

Weird set of shell commands in root's .bash_history

I have probably just detected that a user on a server of mine has rooted my server, but that's not what I'm asking. Has anyone ever seen command like these: echo _EoT_0.249348813417008_; id; echo _EoT_0.12781402577841_; echo $PATH && a=`env |grep…
mr.b
  • 583
  • 10
  • 25
5
votes
7 answers

Server was hacked. Now login wont accept 'root' as username comes up invalid

On Fedora, root is coming up invalid. WHat is solution?
mikenicee
5
votes
5 answers

How do companies know they've been hacked?

With the news of Google and others getting hacked, I was wondering how companies find out, detect, and/or know they've been hacked in the first place? Sure, if they find a virus/trojan on user's computers or see a very high access rate to parts of…
Chad
4
votes
6 answers

How long do DDoS attacks last?

I realize the answer to this question will vary, which is why I'm asking it. If you've suffered a DDoS attack before - how long did it last? Just trying to get an idea of how long we'll have to continue to wage this battle (going on a couple weeks…
sbuck
  • 391
  • 2
  • 6
  • 16
4
votes
1 answer

Anomalous connection to china from debian server

TL;DR I didn't ask how to take care of my compromised server. I asked how to detect if a file is anomalous/extraneous/non-official. So this is not a duplicate of the question on compromised servers. This is obvious to anyone who take 2 minutes to…
pietrovismara
  • 159
  • 4
4
votes
1 answer

How to get the identity of the owner of a box trying to hack my server

I saw in the logs of my server that an IP was repeatedly trying to logon as sa onto my SQL Server. The ip is: 75.145.243.233 it resolves back to 5-145-243-233-richmond-va.hfc.comcastbusiness.net. Is there anyway to find out from Comcast who owns…
Peter
4
votes
1 answer

MySQL Database Being Tampered Without Injection

My MySQL database has been getting hacked, and I cannot find the loophole. I have solid protection in PHP to prevent against injection and the hacker himself has communicated with me and says he is not hacking by means of injection. Without…
Tai Kwangi Chicken
  • 141
  • 2
4
votes
3 answers

Check IP who is visiting my site on nginx

I don't really want to know about this since I would like to keep it really private and give my visitor their privacy as much as possible (Not that my blog is popular though). I just installed Ubuntu with nginx from Digital Ocean with the Ghost…
alicoding
  • 43
  • 1
  • 3
1 2 3
31 32