Questions tagged [server-side-attacks]
65 questions
0
votes
1 answer
What is the place the JSONP in CORS platform?
I m researching CORS Attacks, XSS and JSONP and Cross Origin Embedding models to getting informations about cross origin resource sharing. But I dont understand clearly JSONP logic. I m new for this topic. Any person can use JSONP for attacks? And…
Kle
- 1,003
- 2
- 14
- 24
0
votes
1 answer
More than 5300 message to my website had a JS content
I create a website, and I receive more than 5300 message in 1 day, had a JavaScript content
I resolve the problem to stop the messages adding the CAPTCHA
But I want to know what's is this
The content of message…
ThaTest
- 105
- 5
0
votes
0 answers
Can a loopback log entry represent an attack to apache webserver?
Since approximately one month I have been cumulating a lot of these entries as below list in my server in the Apache2 log file. I have spent several days trying to find out if this is really a hack in the server and how to really interpret this kind…
Carlos Vasquez
- 1
- 1
0
votes
0 answers
Filter Traffic Before Hitting Server Environment
We have a pretty robust setup for our websites. Firewall with load balancer with 2 web servers behind it and 2 high availability MySQL servers. Our business is to send as much traffic as possible to our advertiser-supported websites.
Lately, we…
user1759665
- 11
- 1
- 4
0
votes
0 answers
How to pass sensitive data to my python application
I want to pass a critically sensitive key to my python application. Say an attacker gets root access to the server. I don't want him to discover the key by any means. How can I achieve this?
Yevhen
- 1
- 1
0
votes
1 answer
XSS attack vectors
What are some common XSS vectors for websites aside from unsanitized input from text fields finding there way back into pages? Trying to prevent malicious access to csrf tokens in cookies. I'm escaping unsafe characters from text inputs (probably…
Slayer0248
- 1,231
- 3
- 15
- 26
0
votes
0 answers
SQL Injection Attack against escaping single quotes
I have been told that the method of escaping single quotes is easy to bypass in a sql injection attack. For example, if I were to have the line:
username='admin' and password='$password'
where the user types in "$password", and any single quote…
Logan
- 1,172
- 9
- 23
0
votes
1 answer
What to do after php XSS attack?
My server is infected with XSS attack. All of the php files (all of wordpress, my custom .php scripts and applications) have got injected with a similar type of encrypted code seen as below.
What is the course of action in a situation like this?…
putun
- 11
- 2
0
votes
1 answer
Multiple HTTP requests from server IP, but no script is making them
My server is facing thousands of requests like this every minute:
**.**.***.*** - - [24/Sep/2015:17:01:14 +0200] "GET /imagefolder/someimage.jpeg HTTP/1.0" 200 19606 "-" "-" 92
**.**.***.*** - - [24/Sep/2015:17:01:14 +0200] "GET…
user3323610
- 9
- 2
0
votes
1 answer
Magento setting up demo version - security threat?
I will be making demo version of Magento for a showcase. I want to give users admin credentials so they can see what Magento's administration has to offer.
a) Am I exposing server to some kind of security threat? I know that you can upload…
be-codified
- 5,704
- 18
- 41
- 65
0
votes
1 answer
HTML and Javascript Files Attacked
I have many javascript and html files in my IIS server. Some days before, some strange code injected into the files. Code below.
/*ec8243*/
document.write('