Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 224/3920 | < Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231  | Next Page >

• Can I build a VPN on top of Tor?

  - by Thilo

  If I understand correctly, the Tor client works as a combination of a proxy server and application plugins (such as the Firefox Torbutton) that enable use of the proxy and contain additional application-specific privacy features (such as suppressing cookies, sandboxing JavaScript, turning off Flash). That works very well with applications that support it (such as Firefox). But is there a way to establish a VPN over Tor, so that my whole Wifi network can be protected, including applications that do not support proxy configuration and devices like iPod touches?

  Read the article

• Duplicate GET request from multiple IPs - can anyone explain this?

  - by dwq

  We've seen a pattern in our webserver access logs which we're having problem explaining. A GET request appears in the access log which is a legitimate, but private, url as part of normal e-commerce website use (by private, we mean there is a unique key in a url form variable generated specifically for that customer session). Then a few seconds later we get hit with an identical request maybe 10-15 times within the space of a second. The duplicate requests are all from different IP addresses. The UserAgent for the duplicates are all the same (but different from the original request). The reverse DNS lookup on the IPs for all the duplicates requests resolve to the same large hosting company. Can anyone think of a scenario what would explain this? EDIT 1 Here's an example that's probably anonymised beyond being any actual use, but it might give an idea of the sort of pattern we're seeing (it's from a search query as they sometimes get duplicated too): xx.xx.xx.xx - - [21/Jun/2013:21:42:57 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "http://www.ourdomain.com/index.html" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; WOW64; Trident/6.0)" xx.xx.xx.xx - - [21/Jun/2013:21:43:03 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:03 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" xx.xx.xx.xx - - [21/Jun/2013:21:43:04 +0100] "GET /search.html?search=widget&Submit=Search HTTP/1.0" 200 5475 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_6_7) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.91 Safari/534.30" UPDATE 2 Sometimes it is part of a checkout flow that's duplicated to I'd think twitter is unlikely.

  Read the article

• Multiple *NIX Accounts with Identical UID

  - by Tim

  I am curious whether there is a standard expected behavior and whether it is considered bad practice when creating more than one account on Linux/Unix that have the same UID. I've done some testing on RHEL5 with this and it behaved as I expected, but I don't know if I'm tempting fate using this trick. As an example, let's say I have two accounts with the same IDs: a1:$1$4zIl1:5000:5000::/home/a1:/bin/bash a2:$1$bmh92:5000:5000::/home/a2:/bin/bash What this means is: I can log in to each account using its own password. Files I create will have the same UID. Tools such as "ls -l" will list the UID as the first entry in the file (a1 in this case). I avoid any permissions or ownership problems between the two accounts because they are really the same user. I get login auditing for each account, so I have better granularity into tracking what is happening on the system. So my questions are: Is this ability designed or is it just the way it happens to work? Is this going to be consistent across *nix variants? Is this accepted practice? Are there unintended consequences to this practice? Note, the idea here is to use this for system accounts and not normal user accounts.

  Read the article

• Which ports to open on domain vs internet

  - by zsharp

  I have a web server/database/domainController. I notice that ports 137 and 138 on the public IP AND private IP are open on all machines there are also other open ports on 0.0.0.0.(ie. 135, 2002) Can and should I close 137-139 on the public IP only? will that interfere with any services.

  Read the article

• Lastpass VS Sxipper. which one is better at their thing?

  - by Fellknight

  Well, i've been using sxipper for some time now, but recently came across lastpass. I can't tell which one is more secure or has a better functionality, sxipper however seems easier to use.

  Read the article

• /etc/hosts.deny ignored in Ubuntu 14.04

  - by Matt

  I have Apache2 running on Ubuntu 14.04LTS. To begin securing network access to the machine, I want to start by blocking everything, then make specific allow statements for specific subnets to browse to sites hosted in Apache. The Ubuntu Server is installed with no packages selected during install, the only packages added after install are: apt-get update; apt-get install apache2, php5 (with additional php5-modules), openssh-server, mysql-client Following are my /etc/hosts.deny & /etc/hosts.allow settings: /etc/hosts.deny ALL:ALL /etc/hosts.allow has no allow entries at all. I would expect all network protocols to be denied. The symptom is that I can still web browse to sites hosted on the Apache web server even though there is a deny all statement in /etc/hosts.deny The system was rebooted after the deny entry was added. Why would /etc/hosts.deny with ALL:ALL be ignored and allow http browsing to sites hosted on the apache web server?

  Read the article

• Google Chrome suspicious connections

  - by Poni

  I'm using Chrome at Windows and with TCPView (of the SysInternals freeware suit) I see that chrome.exe establish connections to these IPs: 173.194.37.104 209.85.146.138 Using http://www.ipaddresslocation.org/ I check about these IPs and see they're related to Google. Now, in order to clarify, these are the exact things I do: Open up chrome, the default page is set to BLANK (i.e no homepage whatsoever). Then I get into my website which has a blank page, so no "other" http requests are made. Right from this point there is a persistent connection, usually to '173.194.37.104'. What are these?? Very suspicious.. Edit #1: - I'm in 'incognito' mode right from start, when launching Chrome, using a shortcut with the '-incognito' switch. - I've turned off all phishing protections and other "advance" features in order to reduce Chrome's network activity.

  Read the article

• Tools to Hide IP address for webapp

  - by Jake Barti

  I am looking out for a paid software where I can 'choose' an IP address from a different country and browse a site. So if I want to see how the site will look to US users, I should be able to choose the IP from US. We are building a web app that will be used in many countries and we want to make sure we test it before releasing. Any recommendations ?

  Read the article

• Steps to make sure network is not blacklisted...Again

  - by msindle

  I have an interesting issue. I have a client that just got blacklisted due to spam being sent out over the last 2 days. I have my firewall configured to only allow mail to go outbound on port 25 from our mail server (Exchange 2010) exclusively and I have verified that there are no open relay's on our transport rules. We are running Vipre Business and after running deep scans with updated definitions all computers come back clean. I ran a message tracking report on our Exchange server that shows all mail sent via the mail server over the last couple of weeks and didn't see anything malicious or out of the ordinary. I have also verified that there are no home devices or rouge computers on the network. For all practical purposes it appears that the network is clean, but we still wound up on 5 or 6 blacklists...Where should I start looking next? Is there a "best practices" guide that can help eradicate this issue? Thanks in advance! msindle

  Read the article

• What will happen if I (accidentaly) pour a bucket of water inside my pc?

  - by ULTRA_POROV

  Is it dangerous what will happen to me and the PC? EDIT: It's a serious question, the other day i almost spilled a bottle of cola inside my pc (the case was open).

  Read the article

• Recommend an SFTP solution for Windows (Server & Client) that integrates well with Dreamweaver

  - by aaandre

  Could you please recommend a secure FTP solution for updating files on a remote windows server from windows workstations? We would like to replace the FTP-based workflow with a secure FTP one. Windows Server 2003 on the remotely hosted webserver, WinXP on the workstations. We manage the files via Dreamweaver's built-in FTP. My understanding is Dreamweaver supports sFTP out of the box so I guess I am looking for a good sFTP server for Windows Server 2003. Ideally, that would not require cygwin. Ideally, the solution would use authentication based on the existing windows accounts and permissions. Thank you!

  Read the article

• How do I format this regex so it will work in fail2ban?

  - by chapkom

  I've just installed fail2ban on my CentOS server in response to an SSH brute force attempt. The default regular expressions in fail2ban's sshd.conf file do not match any entries in audit.log, which is where SSH seems to be logging all connection attempts, so I am trying to add an expression that will match. The string I am trying to match is as follows: type=USER_LOGIN msg=audit(1333630430.185:503332): user pid=30230 uid=0 auid=500 subj=user_u:system_r:unconfined_t:s0-s0:c0.c1023 msg='acct="root": exe="/usr /sbin/sshd" (hostname=?, addr=<HOST IP>, terminal=sshd res=failed)' The regular expression I am attempting to use is: ^.*addr=<HOST>, terminal=sshd res=failed.*$ I've used regextester.com and regexr to try to build the regex. The testers give me a match for this regex:^.*addr=\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}, terminal=sshd res=failed.*$ but fail2ban-regex complains if I don't use the <HOST> tag in the regex. However, using ^.*addr=<HOST>, terminal=sshd res=failed.*$ gives me 0 matches. At this point, I am totally stuck and I would greatly appreciate any assistance. What am I doing wrong in the regex I am trying to use?

  Read the article

• Restrict SSH user to connection from one machine

  - by Jonathan

  During set-up of a home server (running Kubuntu 10.04), I created an admin user for performing administrative tasks that may require an unmounted home. This user has a home directory on the root partition of the box. The machine has an internet-facing SSH server, and I have restricted the set of users that can connect via SSH, but I would like to restrict it further by making admin only accessible from my laptop (or perhaps only from the local 192.168.1.0/24 range). I currently have only an AllowGroups ssh-users with myself and admin as members of the ssh-users group. What I want is something that works like you may expect this setup to work (but it doesn't): $ groups jonathan ... ssh-users $ groups admin ... ssh-restricted-users $ cat /etc/ssh/sshd_config ... AllowGroups ssh-users [email protected].* ... Is there a way to do this? I have also tried this, but it did not work (admin could still log in remotely): AllowUsers [email protected].* * AllowGroups ssh-users with admin a member of ssh-users. I would also be fine with only allowing admin to log in with a key, and disallowing password logins, but I could find no general setting for sshd; there is a setting that requires root logins to use a key, but not for general users.

  Read the article

• Code deploy system [closed]

  - by Turnaev Evgeny

  Currently we deploy code to servers in a various ways: freebsd package freebsd ports part of config files and static just svn up'ed and a symlink is changed to new upped folder The distribution of freebsd packages to target servers is done through custom tool that uses ssh. I am looking for a code deploy system that will allow: deploy several packages (freebsd or linux) atomic (ether deploy all or none of them to server) can save a history of last stable version - so in case of bad deploy i can easily rollback to last working version all servers ease deployment of config and static files - and integrate those into atomic deploy/rollback system. should work with freebsd or linux (apt-get system)

  Read the article

• QR vcard with a photo

  - by Cayetano Gonçalves

  I am about to get a ton of business cards printed from my new corporation, and I am allowed to have a QR code on it, and I would really like to be able to add a photo to be attached to the vcard. I know in the raw vcard you can add a photo like this: BEGIN:VCARD VERSION:4.0 N:Gump;Forrest;;; FN: Forrest Gump ORG:Bubba Gump Shrimp Co. TITLE:Shrimp Man PHOTO:http://www.example.com/dir_photos/my_photo.gif TEL;TYPE=work,voice;VALUE=uri:tel:+1-111-555-1212 TEL;TYPE=home,voice;VALUE=uri:tel:+1-404-555-1212 ADR;TYPE=work;LABEL="42 Plantation St.\nBaytown, LA 30314\nUnited States of America" :;;42 Plantation St.;Baytown;LA;30314;United States of America EMAIL:[email protected] REV:20080424T195243Z END:VCARD But I can't find any way to include the photo field into a QR code, any suggestions would be greatly appreciated.

  Read the article

• Wifi Snooping over phone

  - by pulsarjune

  I connect to the wifi acccess-point at work, but recently I suspect that data on my phone is being snooped-out from my phone connected to my office's Wifi network. [Phone Model: Sony Ericsson Xperia Neo V, Android v2.3; Wifi accespoint: Belkin G] How can i check my suspicion? Or What are the ways i could get over them? (obviously i want to stay connected to the wifi n/w) Any thoughts on these points?

  Read the article

• Windows: disable remote access of local drive, even by domain admin

  - by Matt

  We have a network of Windows 7 PCs that are managed as part of a domain. What we want is for the domain admin to be unable to view the PC's local drive (C:) unless he is physically at the PC. In other words, no remote desktop and no ability to use UNC. In other words, the domain admin should not be allowed to put \\user_pc\c$ in Windows Explorer and see all the files on that computer, unless he is physically present at the PC itself. Edit: to clarify some of the questions/comments that have come up. Yes, I am an admin---but a complete Windows novice. And yes, for the sake of this and my similar questions, it is fair to assume that I am working for someone who is paranoid. I understand the arguments about this being a "social problem versus a technical problem", and "you should be able to trust your admins", etc. But this is the situation in which I find myself. I'm basically new to Windows system administration, but am tasked with creating an environment that is secure by the company owner's definition---and this definition is clearly very different from what most people expect. In short, I understand that this is an unusual request. But I'm hoping there is enough expertise in the ServerFault community to point me in the right direction.

  Read the article

• SQL Server: how to check securables

  - by jrara

  I would like to make a t-sql query to check which logins have 'view server state' permission in server type securables. How to achieve this? This query from mssqltips don't show this: http://www.mssqltips.com/tip.asp?tip=1718 SELECT prin.[name] [User], sec.state_desc + ' ' + sec.permission_name [Permission] FROM [sys].[database_permissions] sec JOIN [sys].[database_principals] prin ON sec.[grantee_principal_id] = prin.[principal_id] WHERE sec.class = 0 ORDER BY [User], [Permission];

  Read the article

• hosts.allow and hosts.deny WHM Host Access Control - what if my IP changes?

  - by beingalex

  I want to use WHM/Cpanel's Host Access Control interface to change some settings in hosts.allow and hosts.deny. I want to block all access to our SSH exept from the IP we have from our office. Daemon Access List Action Comment sshd ALL EXCEPT x.x.x.x deny Deny access from all other IPs apart from ours But I am worried about what happens if our IP changes, which it does about twice a week. How would I get back in to edit the hosts.allow / hosts.deny files?

  Read the article

• How to decide where to purchase a wildcard SSL certificate?

  - by user664833

  Recently I needed to purchase a wildcard SSL certificate (because I need to secure a number of subdomains), and when I first searched for where to buy one I was overwhelmed with the number of choices, marketing claims, and price range. I created a list to help me see passed the marketing gimmicks that the greater majority of the Certificate Authorities (CAs) plaster all over their sites. In the end my personal conclusion is that pretty much the only things that matter are the price and the pleasantness of the CA's website. Question: Besides price and a nice website, is there anything worthy of my consideration in deciding where to purchase a wildcard SSL certificate?

  Read the article

• How safe is the quicken encryption of files?

  - by jmvidal

  Quicken has a password-protection option where you type in a password and your file is encrypted. How good is this encryption and how does it depend on the length or complexity of my password? A google search reveals a lot of "quicken password recovery" programs, like this one, which make me feel like the password is just for keeping the really dumb criminals away, not the ones with large computers.

  Read the article

• Can I disable Pam Loginuid? Can I find out options used to configure kernel?

  - by dunxd

  I am getting a lot of the following types of error in my secure log on a CentOS 5.4 server: crond[10445]: pam_loginuid(crond:session): set_loginuid failed opening loginuid sshd[10473]: pam_loginuid(sshd:session): set_loginuid failed opening loginuid I've seen discussion of this being caused when using a non-standard kernel without the correct CONFIG_AUDIT and CONFIG_AUDITSYSCALL options set. Where this is the case, it is advised to comment out some lines in the pam.d config files. I am running a Virtual Private Server where I need to use the kernel provided by the supplier. Is there a way to find out what options they used to configure the kernel? I want to verify if the above is the cause. If this turns out not to be the cause, what are the risk of disabling pam_loginuid for crond and sshd?

  Read the article

• rhel configure: limit root direct login to systems except through system consoles

  - by zhaojing

  I have to configure to limit root direct access except system consoles. That is, the ways of telnet, ftp, SSH are all prohibited. Root can only login through console. I understand that will require me to configure the file /etc/securetty. I have to comment all the tty, just keep "console" in /etc/securetty. But from google, I found many peoples said that configure /etc/securetty will not limit the way of SSH login. From my experiment, I found it is. (configure /etc/securetty won't limit SSH login). And I add one line in /etc/pam.d/system-auth: auth required pam_securetty It seems root SSH login can be prohibited. But I can't find the reason: What is the difference of configure pam_securetty and /etc/securetty? Can anyone help me with this? Only configure /etc/securetty could work? Or Have I to configure pam_securetty at the same time? Thanks a lot!

  Read the article

• password protect a VPS account?

  - by Camran

  I ordered a VPS today, and am about to upload my website. It uses java, mysql, php etc... However, I need to password protect the site at first... I use Ubuntu 9.10 and have installed LAMP just now. How can I easiest do this? Thanks PS: Have problem with the serverfault website, thats why I am posting this here. sorry.

  Read the article

• How to allow password protected start-stop-daemon functionality?

  - by Mahmoud Abdelkader

  I would like to use Ubuntu's start-stop-daemon to start my application, but the application protects some sensitive information, so I have a mechanism where the application prompts for a password that's then used to generate a hashkey, which is used as the secret key for a symmetric encryption (AES) to encrypt and decrypt things from a database. I'd like to daemonize this application and have it run from start-stop-daemon, so that sudo service appname stop and sudo service appname start would work, but, I'm not sure how to go about doing this with the added complexity of a password prompt. Is there something that supports this or do I have to program it from scratch? I figured I should ask first before re-inventing the wheel. Thanks in advance.

  Read the article

< Previous Page | 220 221 222 223 224 225 226 227 228 229 230 231  | Next Page >