Search Results

Search found 30932 results on 1238 pages for 'rogue security software'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 189/1238 | < Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >

  • Significant number of non-HTTP requests hitting my site

    - by Mark Westling
    I'm seeing a significant number of non-HTTP requests hitting a site I just launched. They show up in the server (nginx) logs as non-ASCII and get rejected (correctly) with a 400 status. Here are some lines from the log: 95.132.198.189 - - [09/Jan/2011:13:53:30 -0500] "œ$A\x10õœ²É9J" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:57:42 -0500] "#§i²¸oYi á¹„\x13VJ—x·—œ\x04N \x1DÔvbÛè½\x10§¬\x1E0œ_^¼+\x09ÜÅ\x08DÌÃiJeT€¿æ]œr\x1EëîyIÐ/ßýúê5Ǹ" 400 173 "-" "-" 79.100.145.126 - - [09/Jan/2011:13:58:33 -0500] "¯Ú%ø=Œ›D@\x12¼\x1C†ÄÀe\x015mˆàd˜Û%pÛÿ" 400 173 "-" "-" What should I make of this? Is this some sort of scripted attack? Or could these be correct requests that have somehow been garbled? They're not affecting the performance of the site and I'm not seeing any other signs of attacks (e.g., no strange POSTs) so at this point I'm more curious than afraid.

    Read the article

  • How would I know if my OS is compromised?

    - by itsols
    I had opened a php folder from a friend's web host. I run it on mine to fix some bugs. Then I tried attaching the code to be emailed and GMAIL stated that the attachment was infected by a virus. Now I'm afraid if my Apache or OS (12.04) is infected. I checked the php files and found a base64 encoded set of code being 'eval'd at the top of each and every php file. Just reversing it (echo with htmlspecialchars) showed some clue that there were sockets in use and something to do with permissions. And also there were two websites referred having .ru extensions. Now I'm afraid if my Ubuntu system is affected or compromised. Any advice please! Here's my second run of rkhunter with the options: sudo rkhunter --check --rwo Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text Warning: Hidden directory found: /dev/.udev Warning: Hidden file found: /dev/.initramfs: symbolic link to `/run/initramfs'

    Read the article

  • What Application Indicators are available?

    - by user8592
    I installed Ubuntu 11.04 on one of my systems and I am using the Unity interface. Unity is working quite well so far but I really miss panel applets for net speed, cpu temp, and system monitor. These applets are useful for viewing quick info. Unlike 10.10, there is no other way to get this info onto the panel or unity launcher. There are solutions like screenlets and conky but they don't feel appropriate for a clean desktop look. If you know one then please list out any third party indicators with links so that they can be found.

    Read the article

  • apt-get not recognizing downloaded archives

    - by meteors
    I installed Ubuntu Gnome 13.10. I previously had Ubuntu Gnome 13.04 and had all the archives in the /var/cache/apt/archives/ stored to a removable disk. After installing 13.10 I copied all my archives to the above mentioned path. When I run apt-get install it tries to fetch the archives although I have the archives. Also if instead of apt-get install if I try to install individual .deb files using dpkg -i everything runs fine. These are the permissions of files: How do I fix this. Previously copying archives like this worked fine and downloading duplicates the files.

    Read the article

  • What are some internet trends that you've noticed over the past ~10 years? [closed]

    - by Michael
    I'll give an example of one that I've noticed: the number of web sites that ask for your email address (GOOG ID, YAHOO! ID, etc.) has skyrocketed. I can come up with no legitimate reason for this other than (1) password reset [other ways to do this], or (2) to remind you that you have an account there, based upon the time of your last visit. Why does a web site need to know your email address (Google ID, etc.) if all you want to do is... download a file (no legit reason whatsoever) play a game (no legit reason whatsoever) take an IQ test or search a database (no legit reason whatsoever) watch a video or view a picture (no legit reason whatsoever) read a forum (no legit reason whatsoever) post on a forum (mildly legit reason: password reset) newsletter (only difference between a newsletter and a blog is that you're more likely to forget about the web site than you are to forget about your email address -- the majority of web sites do not send out newsletters, however, so this can't be the justification) post twitter messages or other instant messaging (mildly legit reason: password reset) buy something (mildly legit reasons: password reset + giving you a copy of a receipt that they can't delete, as receipts stored on their server can be deleted) On the other hand, I can think of plenty of very shady reasons for asking for this information: so the NSA, CIA, FBI, etc. can very easily track what you do by reading your email or asking GOOG, etc. what sites you used your GOOG ID at to use the password that you provide for your account in order to get into your email account (most people use the same password for all of their accounts), find all of your other accounts in your inbox, and then get into all of those accounts sell your email address to spammers These reasons, I believe, are why you are constantly asked to provide your email address. I can come up with no other explanations whatsoever. Question 1: Can anyone think of any legitimate or illegitimate reasons for asking for someone's email address? Question 2: What are some other interesting internet trends of the past ~10 years?

    Read the article

  • Password protected website

    - by danie7L T
    I need to add a user authentication page before the actual homepage of the website. In Joomla! I just set the website offline and the offline page loads in place of the homepage but then it's automatically throwing a "503 Service Temporarily Unavailable" error which I would like to avoid. That's why I would like to know the other ways to load an authentication page before the homepage. NB: I'm using Apache servers if that's relevant Thank you

    Read the article

  • Should one use a separate database for application data and user data?

    - by trycatch
    I’ve been working on a project for a little while and I’m unsure which is the better architecture. I’m interested in the consensus. The answer to me seems fairly obvious but something about it is digging at me and I can't pick out what. The TL;DR is: how do you handle a program with application data and user data in the same DB which needs to be able to receive updates to the application data periodically? One database for user data and one for application, or both in one? The detailed version is.. if an application has a database which needs to maintain application data AND user data, and the user data all references application data, it feels more natural to me to store them in the same database. But if there exists a need to be able to update the application data within this database periodically, should this be stripped into two databases so that one can simply download the updated application data database file as an update and replace the old one? Or should they remain as one database, and the application data be updated via a script which inserts the new data into the existing database? The second sounds clearly preferable to me... but for some reason just doesn’t feel right, and I can't pick out quite why.

    Read the article

  • client website compromised, found a strange .php file. any ideas?

    - by Kevin Strong
    I do support work for a web development company and I found a suspicious file today on the website of one of our clients called "hope.php" which contained several eval(gzuncompress(base64_decode('....'))) commands (which on a site like this, usually indicates that they've been hacked). Searching for the compromised site on google, we got a bunch of results which link to hope.php with various query strings that seem to generate different groups of seo terms like so: (the second result from the top is legitimate, all the rest are not) Here is the source of "hope.php": http://pastebin.com/7Ss4NjfA And here is the decoded version I got by replacing the eval()s with echo(): http://pastebin.com/m31Ys7q5 Any ideas where this came from or what it is doing? I've of course already removed the file from the server, but I've never seen code like this so I'm rather curious as to its origin. Where could I go to find more info about something like this?

    Read the article

  • Do logins by the gdm (or lightdm) user in auth.log mean my system is breached?

    - by Pramanshu
    Please look at this auth.log (from Ubuntu 14.04) I have provided and tell me who this gdm user is and why there are all these unauthenticated logins? I am freaked out; please help! Here's the /var/log/auth.log file: http://paste.ubuntu.com/8120231/ Update: I know now that "gdm" is gnome desktop manager and it's there because of root. But please look at the log there is more and tell me if my system is breached.

    Read the article

  • Design practice for securing data inside Azure SQL

    - by Sid
    Update: I'm looking for a specific design practice as we try to build-our-own database encryption. Azure SQL doesn't support many of the encryption features found in SQL Server (Table and Column encryption). We need to store some sensitive information that needs to be encrypted and we've rolled our own using AesCryptoServiceProvider to encrypt/decrypt data to/from the database. This solves the immediate issue (no cleartext in db) but poses other problems like Key rotation (we have to roll our own code for this, walking through the db converting old cipher text into new cipher text) metadata mapping of which tables and which columns are encrypted. This is simple when it's just couple of columns (send an email to all devs/document) but that quickly gets out of hand ... So, what is the best practice for doing application level encryption into a database that doesn't support encryption? In particular, what is a good design to solve the above two bullet points? If you had specific schema additions would love it if you could give details ("Have a NVARCHAR(max) column to store the cipher metadata as JSON" or a SQL script/commands). If someone would like to recommend a library, I'd be happy to stay away from "DIY" too. Before going too deep - I assume there isn't any way I can add encryption support to Azure by creating a stored procedure, right?

    Read the article

  • Application to organize / manage installed networks

    - by vicmp3
    I was wondering if there is a Application where you can organize networks. I mean if you have installed some networks you have to note every pc's name, his ip-address and so on. Is there a Application where you can manage it? I saw the monitoring tools but that is not exactly what I'm looking for. Maybe I didnt explain me well, after all my englis his not so good :) For example if I install many different networks I write in a book how I configured them. I write pc-name ip-address ip-gateway ip-broadcast and so on for each network. It will be great if I can do it in a program to organize it well, and for example it gives me a node view of the network.

    Read the article

  • Should I force users to update an application?

    - by Brian Green
    I'm writing an application for a medium sized company that will be used by about 90% of our employees and our clients. In planning for the future we decided to add functionality that will verify that the version of the program that is running is a version that we still support. Currently the application will forcequit if the version is not among our supported versions. Here is my concern. Hypothetically, in version 2.0.0.1 method "A" crashes and burns in glorious fashion and method "B" works just fine. We release 2.0.0.2 to fix method A and deprecate version 0.1. Now if someone is running 0.1 to use method B they will be forced to update to fix something that isn't an issue for them right now. My question is, will the time saved not troubleshooting old, unsupported versions outweigh the cost in usability?

    Read the article

  • More than one way to skin an Audit

    - by BuckWoody
    I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more audit capabilities were added to the product, and in typical database platform fashion, as we added a feature we didn't often take the others away. So now, instead of not having an option to audit actions by users, you might face the opposite problem - too many ways to audit! You can read more about the options you have for tracking users here: http://msdn.microsoft.com/en-us/library/cc280526(v=SQL.100).aspx  In SQL Server 2008, we introduced SQL Server Audit, which uses Extended Events to really get a simple way to implement high-level or granular auditing. You can read more about that here: http://msdn.microsoft.com/en-us/library/dd392015.aspx  As with any feature, you should understand what your needs are first. Auditing isn't "free" in the performance sense, so you need to make sure you're only auditing what you need to. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • Is it reasonable to require passwords when users sign into my application through social media accounts?

    - by BrMcMullin
    I've built an application that requires users to authenticate with one or more social media accounts from either Facebook, Twitter, or LinkedIn. Edit Once the user has signed in, an 'identity' for them is maintained in the system, to which all content they create is associated. A user can associate one account from each of the supported providers with this identity. I'm concerned about how to protect potential users from connecting the wrong account to their identity in our application. /Edit There are two main scenarios that could happen: User has multiple accounts on one of the three providers, and is not logged into the one s/he desires. User comes to a public or shared computer, in which the previous user left themselves logged into one of the three providers. While I haven't encountered many examples of this myself, I'm considering requiring users to password authenticate with Facebook, Twitter, and LinkedIn whenever they are signing into our application. Is that a reasonable approach, or are there reasons why many other sites and applications don't challenge users to provide a user name and password when authorizing applications to access their social media accounts? Thanks in advance! Edit A clarification, I'm not intending to store anyone's user name and password. Rather, when a user clicks the button to sign in, with Facebook as an example, I'm considering showing an "Is this you?" type window. The idea is that a user would respond to the challenge by either signing into Facebook on the account fetched from the oauth hash, or would sign into the correct account and the oauth callback would run with the new oauth hash data.

    Read the article

  • How to refuse to give an access to passwords to a customer without being unprofessional or rude?

    - by MainMa
    Let's say you're creating a website for a customer. This website has its own registration (either combined with OpenID or not). The customer asks you to be able to see the passwords the users are choosing, given that the users will probably be using the same password on every website. In general, I say: either that it is impossible to retrieve the passwords, since they are not stored in plain text, but hashed, or that I have no right to do that or that administrators must not be able to see the passwords of users, without giving any additional details. The first one is false: even if the passwords are hashed, it is still possible to catch and store them on each logon (for example doing a strange sort of audit which will remember not only which user succeeded or failed to logon, but also with which password). The second one is rude. How to refuse this request, without being either unprofessional or rude?

    Read the article

  • Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

    - by Phil
    I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows: I would like to learn more about: User registration User Log-ins User Log-outs User auto-logins I have successfully handled items 1 and 3 due to their simple nature. However, I am confused with item 2 (log-ins) and item 4 (auto-logins). When a user enters username and password, and after hashing with salts and matching it in the DB; What information should I store in the cookies in order to keep the user logged in during the session? Do I keep username+password but encrypt them? Both or just password? Do I keep username and a generated key matching their password? If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies? I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is. I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process. Some information: I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

    Read the article

  • Assign programs permanently to different sound-outputs in Pulseaudio?

    - by Mood
    I want to assign Skype input and output to my USB-headset while the rest of my laptop uses the internal sound-card. This is an easy task with PulseAudio Volume control (pavucontrol). The only problem I have is every time a call is made I manually have to set the output and input for Skype to my USB-device . When I hang up, Skype disappears from Volume Control. It reappears again with the next call only this time the default sound-card is selected again. It shouldn’t be hard to let PulseAudio look or the USB-headset is connected when Skype audio comes is before selecting the default. The way to do it is obvious not through Volume Control.

    Read the article

  • Website address hacked, emails created but not showing in manage your account

    - by ProfMJMcG
    I have a website, thebleudoor.com. It is hosted by yahoo. It gets 2000-3000 hits a day and has been for at least 5 years. A few months ago, as admin of the website, I started getting bounced back emails from newly created emails like [email protected]. Yahoo only shows 2 emails for my account. They said they can't do anything about it. Now, my "spam hacked email accounts" are getting spam. They haven't altered or used my website or email or bank info, just the good name of my website. Is there anything I can do? Do I need to be concerned? Changing my provider won't really help will it? Thank you.

    Read the article

  • Being stupid to get better productivity?

    - by loki2302
    I've spent a lot of time reading different books about "good design", "design patterns", etc. I'm a big fan of the SOLID approach and every time I need to write a simple piece of code, I think about the future. So, if implementing a new feature or a bug fix requires just adding three lines of code like this: if(xxx) { doSomething(); } It doesn't mean I'll do it this way. If I feel like this piece of code is likely to become larger in the nearest future, I'll think of adding abstractions, moving this functionality somewhere else and so on. The goal I'm pursuing is keeping average complexity the same as it was before my changes. I believe, that from the code standpoint, it's quite a good idea - my code is never long enough, and it's quite easy to understand the meanings for different entities, like classes, methods, and relations between classes and objects. The problem is, it takes too much time, and I often feel like it would be better if I just implemented that feature "as is". It's just about "three lines of code" vs. "new interface + two classes to implement that interface". From a product standpoint (when we're talking about the result), the things I do are quite senseless. I know that if we're going to work on the next version, having good code is really great. But on the other side, the time you've spent to make your code "good" may have been spent for implementing a couple of useful features. I often feel very unsatisfied with my results - good code that only can do A is worse than bad code that can do A, B, C, and D. Are there any books, articles, blogs, or your ideas that may help with developing one's "being stupid" approach?

    Read the article

  • My self-generated CA is nearing it's end-of-life; what are the best practices for CA-rollover?

    - by Alphager
    Some buddies and me banded together to rent a small server to use for email, web-hosting and jabber. Early on we decided to generate our own Certificate Authority(CA) and sign all our certificates with that CA. It worked great! However, the original CA-cert is nearing it's end-of-life (it expires in five months). Obviously, we will have to generate a new cert and install it on all our computers. Are there any best practices we should follow? We have to re-generate all certs and sign them with the new CA, right?

    Read the article

  • Tools to diagnose Ubuntu problems

    - by Luis Alvarado
    Over time a user will have several problems with Ubuntu as any other OS in the world. What tools and terminal commands exist in Ubuntu to help diagnose how the problem occurred and help solve it if it can be done. Problems like: Ubuntu Freezes after X time or when using Y app Ubuntu rebooted/hibernated/suspended all by itself Ubuntu not showing video or video has problems Ubuntu not making any sound or sound has problems Ubuntu not reading X drive (Pen drive, Internal Drive, External Drive...) Ubuntu slow Ubuntu not working with X hardware when connected Ubuntu network problem Normally there is a couple of GUI tools or Terminal commands that Ubuntu experts typically mention first to use to do a first diagnosis of this. What GUI tools (in case the problem is not related to video or limits the user from using the GUI) and Terminal commands (In case GUI is not working) can a user use to diagnose and help himself to how to find/fix the problem.

    Read the article

  • Site overthrown by Turkish hackers...

    - by Jackson Gariety
    Go ahead, laugh. I forgot to remove the default admin/admin account on my blog. SOmebody got in and has replaced my homepage with some internet graffiti. I've used .htaccess to replace the page with a 403 error, but no matter what I do, my wordpress homepage is this hacker thing. How can I setup my server so that ONLY MYSELF can view it while I'm fixing this via .htaccess? What steps should I take to eradicate them from my server? If I delete the ENTIRE website and change all the passwords, is he completely gone? Thanks.

    Read the article

  • Which DB should I use for my newbie program?

    - by knijo
    I'm really new to programming, and I need some advice. I'm currently working on a very simple program to maintain a list of users at a company, as well as their clock in and clock out info. I would like to make this application easy to distribute (on a cd probably), and I'm looking for advice on which database to use for storing my data. My application is implemented using java and swing. A friend recommended MySQL, but I don't want to go installing the db server on every computer the application is installed on. Another friend recommended Access. Any tips would be greatly appreciated

    Read the article

  • Registering in the iOS developer program as a minor

    - by maxluzuriaga
    Hi there. Recently I started learning to develop Apps for iOS, and while the simulator is fine for starting out, I've gotten to the point that I really should be testing the Apps I write on an actual device. As I'm sure you are well aware, to do this you must be a member of the $99/year iOS developer program, which also allows you to publish on the App Store. I'm more than happy to pay the fee, but my problem is that I'm still a minor, and to join the developer program you must be over 18 in the U.S. (I'm not sure how it works in other countries). I've talked to a few others that were in a similar position, but their responses have been varied. From what I've gathered, the best course of action is to register in the name of one of my parents. My problem with this is that if I were to ever publish an App on the store, it would be ideal to have my name as the seller instead of my Dad's. It wouldn't be the end of the world if this happened, but as I said, this wouldn't be ideal. Now I turn to you; is this a good plan? Have any of you been in this position or known somebody who has? Any other tips would be greatly appreciated. Thanks!

    Read the article

  • Package denyhosts in Ubuntu Trusty Tahr is deleted: temporary or forever?

    - by Kees van Dieren
    While doing a test-upgrade of our Ubuntu server to 14.04, I found that the package DenyHosts is no longer available. Installing it gives following error: apt-get install denyhosts Reading package lists... Done Building dependency tree Reading state information... Done E: Unable to locate package denyhosts Apparently it has been deleted, according to launchpad. Will Denyhosts be available in the final release of Ubuntu 14.04?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 185 186 187 188 189 190 191 192 193 194 195 196  | Next Page >