Stack Overflow
Stack Overflow

Questions tagged [server-side-attacks]

65 questions
1
vote
1 answer

URL Vulnerabilities

I'm researching URLs that I'm building against the unique URL that google docs create once you select and send a URL to anyone. My URL looks like: https://example.com/?doc=abcd123) Should I encode the variable doc in base64? Should it betoken…
alexmorgan.cr
  • 270
  • 6
  • 18
1
vote
2 answers

How to protect Malicious attack on django website

My company's site is hosted on AWS. I have 3 months experience so I don't know what is: Not Found: //admin/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Not Found: //api/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php Not Found:…
Karan Yogi
  • 91
  • 6
1
vote
1 answer

What are these POST-requests containing random URLs to my node server

For personal learning purposes i set up a small express webserver in node js and opened it up to the outside world. It only contains a single static page and no other additional end-point. Occasionally some bots make random requests, apparently…
Geopard
  • 11
  • 2
1
vote
0 answers

Prevent DDoS on app authenticating by sms

I have an App where user registers using their phone number and verify using verification code sent in SMS. From the last 2-3 days I'm getting DDoS attacks from random IPs using random numbers and my SMS balance is getting over quickly. Backend is…
user14367818
  • 21
  • 3
1
vote
1 answer

Filter *.my-site.com/ traffic through a load balancer and revoke the rest

I have a site that people access by using a specific urls they're assigned like user1.my-site.com and user2.my-site.com. The users share the same base server and i'd like to limit unwanted traffic. My goal is that if any url doesn't match…
MillerC
  • 663
  • 1
  • 11
  • 26
1
vote
1 answer

Is this a possible attack? Can I avoid it?

today I arrived and I have 200 (automatic) errors in my logs from my applicaction. I'm not sure if it was an attack, or something weird in my IIS or my application. The error was alwasys the same, as someone tried to go to a inexistent page. The…
pepemadruga
  • 55
  • 7
1
vote
3 answers

malformed div tag and piratebay links being inserted into wordpress site

On a wordpress site a malformed div tag and a link to thepiratebay.in.ua are being inserted through some kind of attack. The inserted code is: div style="position:absolute;top:-1488px;">
KauaiCoder
  • 23
  • 2
1
vote
1 answer

Nodejs is based on javascript, is there a posibilty the user can hack the code

For for my Understanding, I want to know if, since NodeJS is based on JavaScript, is there a possibility the end user can hack the code in a way that causes a security vulnerability. What I mean is since the NodeJS is JavaScript, and JavaScript…
RONE
  • 5,415
  • 9
  • 42
  • 71
0
votes
0 answers

Recaptcha valid more than once

I am managing to validate the same recaptcha more than once through the "https://www.google.com/recaptcha/api/siteverify" api, I thought this was not possible considering that it is a paid product. Has anyone had the same problem? During the two…
Monalisa Martins
  • 1
0
votes
0 answers

How to detect cyberattacks to websites on ASP.net C#?

I have a challenging question to ask. Is there any way to detect cyberattacks and security breaches on asp.net website using C# codes and without using CloudFlare Services? I used the methods to collect error logs from the website and the server to…
Mohammad Genius
  • 49
  • 3
0
votes
0 answers

WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding

We are experiencing the “WP <= 6.1.1 – Unauthenticated Blind SSRF via DNS Rebinding” issue in WordPress version 6.1.1 on my website OlxPraca.com, it means that there is a security vulnerability in the software that allows an attacker to carry out a…
OlxPraca
  • 1
0
votes
1 answer

IP, XSS, Cross-Site-Scripting, x-forwarded-for

I have applied filter in code to block the IP Address of user that try to cross-site-scripting attack on my website. but issue is this here some IP Address come in text format Like below example, what is reason for…
Ashhh
  • 1
  • 2
0
votes
0 answers

My node js website was attacked. How do I analyze what hapened?

I am new to web programming and I coded a Node js website. I know C very well but not JS. I recently changed the port forward to port 80 and it didn't take long before I was attacked. I saved the logs and undid the forwarding of port 80. Could…
Renaud Gagnon
  • 9
  • 1
0
votes
0 answers

SQL injection attack. Best possible defense review

For the last few days my logs have been revealing an attack on my system. I don't know what they are trying to accomplish? They seem to be attacking my style sheets only with GETS and POSTS to them. the queries they are running are variations of…
James
  • 196
  • 14
0
votes
0 answers

How can the attacker exploit the blind SQL inject vulnerability apart from sleeping the server?

In one of my projects I discovered a blind-sql-injection vulnerability, that goes like this: the url index.php/company/lang/action can be injected with some extra sql like this index.php/company'%20and%20''='/lang/action the only thing I've found…
Alex Radyuk
  • 31
  • 2
1
2
3 4 5