Search Results

Search found 1461 results on 59 pages for 'blocked'.

Page 31/59 | < Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >

• Security measures for CentOS

  - by cappuccinodrinker

  I have been tightening up my web server security and wanted to know what else I can do. I am running CentOS 5 with these measures: - All passwords to FTP, MySQL etc are generated from grc.com/passwords.htm and microsoft.com/protect/fraud/passwords/create.aspx (for the ones which cannot be too long). - Running iptables with all ports shut off except for http mail and smtp, the important ports like FTP SSH are blocked to all except my static office IP. There is also no response to pings. - Rootkit Hunter running daily - The server is PCI compliant according to Comodo - Not running any crappy made php apps, we use Zend Framework for our stuff and do have kayako installed and keep them up to date. Can't really think of anything else I can do... I could implement a brute force measure, but I think I already have by simply changing my SSH port to a number above 10000 and blocking it off with iptables.

  Read the article

• qmail questions - whitelisting and relays

  - by Richard

  My new server runs qmail, which I've never used before. There is no inbound mail on the server (all the clients have mail hosted elsewhere, but some systems on the server send mail. I'm about to move a client there who has several parked domains, and looking at the smtp log, the server is already blocking many attempts to relay spam using one of the parked domain names (probably because a related domain is already hosted there). How do I ensure those mails stay blocked, while allowing legitimate addresses to send out? Server OS is CentOS and hosting software is Kloxo.

  Read the article

• Finding proof of server being compromised by Black Hole Toolkit exploit

  - by cosmicsafari

  I recently took over maintenance of a company server. (Just Host, C Panel, Linux server), theres a tonne of websites on it which i know nothing about. It had came to my attention that a client had attempted to access one of the websites hosted on this server and was met with a warning from windows defender. It had blocked access because it said the website had been compromised by the Black Hole Toolkit or something to that effect. Anyway I went in and updated various plugins and deleted some old suspect websites. I have since ran the website in question through a few online malware scanners and its comes up clean everytime. However im not convinced. Do any of you guys know extensive ways i can check that the server isn't still compromised. I have no way to install any malware scanners or anti virus programs on the server as it is horribly locked down by Just Host.

  Read the article

• What ports tend to be unfiltered by boneheaded firewalls?

  - by Reid

  Hi all, I like to be able to ssh into my server (shocking, I know). The problem comes when I'm traveling, where I face a variety of firewalls in hotels and other institutions, having a variety of configurations, sometimes quite boneheaded. I'd like to set up an sshd listening on a port that has a high probability of getting through this mess. Any suggestions? The sshd currently listens on a nonstandard (but < 1024) port to avoid script kiddies knocking on the door. This port is frequently blocked, as is the other nonstandard port where my IMAP server lives. I have services running on ports 25 and 80 but anything else is fair game. I was thinking 443 perhaps. Much appreciated! Reid

  Read the article

• Cannot connect to telnet server

  - by BloodPhilia

  So, I can't use telnet to connect to any server but it works fine from a different computer. It just says it can't connect. I tried the following things: Disable firewall and AV protection. (Basically, there was no security feature left online) Telnet is set to "Trusted" in my AV protection. (Kaspersky Internet Security 2011) Using Putty to telnet, but apparently Putty's connection is also inhibited. (Says it can't connect to host) Disabling the telnet client in Control Panel and then re-enabling it. (Windows 7 Ultimate) hosts file is clean. Checked for nasties using MBAM and KIS 2011 as well as going though my HijackThis logs, nothing found. I can connect to the same machines/servers through the web browser, ping, tracert, etc. Only telnet seems to be blocked. Any other thoughts?

  Read the article

• How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

  - by Timbo

  I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

  Read the article

• Iptables Allow MYSQL server incoming requests

  - by thompatry

  I am trying to get my new MediaWiki server to allow connections to our MySql Server and right now I cannot get my iptables firewall set up right for this. The rule I am applying is the following iptables -A INPUT -p tcp -d 129.130.155.39 --dport 3306 -j ACCEPT # MySQL But my iptables log is still show that the connections can not be established and is being blocked/denied. Nov 21 09:48:39 hds-it kernel: Firewall Deny: [OUTPUT] IN= OUT=eth1 SRC=129.130.155.210 DST=129.130.155.39 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=29232 DF PROTO=TCP SPT=58862 DPT=3306 SEQ=914529531 ACK=0 WINDOW=14600 RES=0x00 SYN URGP=0 OPT (020405B40402080A03BCF2BC0000000001030307) When I turn off iptables, everything works as it should including editing the wiki database. What am I doing wrong with my rule.

  Read the article

• Block by file type, but just file extension using MDaemon

  - by Arjun Rajagopalan

  I've had users sending copyrighted files (songs, videos) to each other over email. I blocked the file extensions .mp3 etc. What some users have done is to rename files to .doc etc. I cant block .doc etc filetypes because they are needed for day-to-day work. I'm using MDaemon 12 mailserver, Does anyone know how to make it block these attachments? I've been working on some content scanning for filetype code, but was wondering if there is a already made solution?

  Read the article

• How to browse to a webserver which is reachable through the SSH port only

  - by GetFree

  I have a server at work which is behind a firewall (the company's firewall) so it is reachable only thrugh port 22 (SSH). I'm able to connect to the server with putty without problems. Also, that server has Apache running and listening on port 80 as usual. But I cant connect to the website using my browser since port 80 (and everyone else) is blocked by the company's firewall. Is there a way I can make my browser to connect to Apache in that server so I can browse the site I'm working on? Thanks.

  Read the article

• Cannot connect to telnet server

  - by BloodPhilia

  So, I can't use telnet to connect to any server but it works fine from a different computer. It just says it can't connect. I tried the following things: Disable firewall and AV protection. (Basically, there was no security feature left online) Telnet is set to "Trusted" in my AV protection. (Kaspersky Internet Security 2011) Using Putty to telnet, but apparently Putty's connection is also inhibited. (Says it can't connect to host) Disabling the telnet client in Control Panel and then re-enabling it. (Windows 7 Ultimate) hosts file is clean. Checked for nasties using MBAM and KIS 2011 as well as going though my HijackThis logs, nothing found. I can connect to the same machines/servers through the web browser, ping, tracert, etc. Only telnet seems to be blocked. Any other thoughts?

  Read the article

• Using unsigned drivers in Windows 8

  - by T. Fabre

  I just migrated from Windows 7 x64 to 8, but I can't get my VPN software to run anymore : the SafeNet IKE service (installed by SafeNet SoftRemoteLT GA, used by my VPN provider) cannot start anymore. I found that by default unsigned drivers are disabled on Win8, and that is what is blocking the driver. The System event log tells me that the driver (apparently, C:\WINDOWS\SysWow64\Drivers\IPSECDRV.sys ) was blocked when I try to manually start the service (SafeNet IKE Service). I get the same messages for another driver, crypto.sys found in the same folder. I tried using bcdedit to enable unsigned drivers : bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS bcdedit /set testsigning ON After reboot, same error. I tried by booting into Win 8's test mode, same issue. Applying the code signing policy (Enabled, Ignore) does not help either. Running gpresult does show that the policy is applied. Any help welcome.

  Read the article

• pf not execute udp port specific block rule

  - by seaquest

  The traffic I want to block can be sniffed as below with tcpdump: 19:16:22.391164 IP 95.95.95.95.2036 > 10.10.10.10.443: UDP, length 8192 So I wanted to write a rule block any udp destination port 443 traffic. block drop quick on igb3 inet proto udp to any port 443 Traffic does not match and does not blocked. However, It matches and blocks if I write rule as below: block drop quick on igb3 inet proto udp to 10.10.10.10 Do you have any remarks? I am using pf in Freebsd.

  Read the article

• ssmtp for windows

  - by reox

  I have the following problem with a software that should do mail notification for a biometric entry system: the software does currently only support SMTP over port 25 without TLS/SSL. Which is bad because port 25 is blocked in our network due spam reason and our mailserver only support TLS / SSL logins. so i need a solution to connect to a localhost smtp server which just relays to my ssl host on port 587. i know there is ssmtp for linux, but i need it for windows, because the server app for this biometric stuff only runs on windows... edit: i know there is the IIS SMTP Server, but maybe something different?

  Read the article

• How to SSH an outside server from a computer which is behind a proxy firewall ?

  - by Karan

  I access the Internet through an HTTP proxy firewall at college. And I need to login to a computer, via SSH, which is outside our network. I tried it as Linux command and on Windows using PuTTY. I also configured PuTTY to use our server's address. But still, "Proxy error: 403 forbidden" pops up. They must've blocked SSH access to outside systems. (college systems as accessible). I can SSH a web server (not the proxy server) at the college, which I use to browse proxy-free by tunneling. Now this server allows to browse restricted sites, but still no SSH. Any workaround, please?

  Read the article

• Do I need to have a proxy server to have HTTP over SSH?

  - by Johnes thomas

  I want to use HTTP over SSH since in my university most of the sites are blocked. I have my own server to which I can using SSH. What I'm doing right now is have a squid proxy run on the server on a particular port. Then connect using putty to my server via ssh and create a tunnel from a certain local port (which I will enter as proxy server in Firefox) to the squid server. So in putty the configuration is like this for the tunnel: source port:8080 destination:localhost:3128 I want to know is there any other way other than running the squid proxy on my server to tunnel the packets? Thanks.

  Read the article

• Single NFS folder shared across multiple clients

  - by parthi_for_tech

  I'm trying to mount a single NFS folder from server say "/share/folder" to multiple clients up to 32 clients, and the clients tries to access the folder and create files. The problem I'm facing is that when I execute the write command I see only one client is able to access the folder the remaining clients are blocked and not able to proceed to write. So, is whatever I'm trying to do above is correct? Can we write/read files from the same folder on multiple clients? if yes how can I do it prallel? Kindly advice! Thanks

  Read the article

• Why do some web servers not respond to icmp requests?

  - by John Himmelman

  What is the purpose of blocking/dropping inbound ICMP traffic on a public web server? Is it common for it be blocked? I had to test if a server was accessible from various locations (tested on various servers located in different states/countries). I'd rely on ping as a quick & reliable method of determining if a server was online/network-accessible. After not receiving a response on a couple boxes, I tried using lynx to load the site, and it worked.

  Read the article

• Group policy doesn't let me execute Chrome (Win 7)

  - by George Katsanos

  where I work the admins just migrated us to Windows 7. They gave me admin rights but still I had to "run as administrator" my Google Chrome installation. After I managed to install it, I realized I even have to go through the 'run as administrator' shortcut every time I have to execute the application. I even edited the properties of the shortcut to check 'always run as administrator' but nothing changed. The message I get when I'm trying to launch Chrome is "This program is blocked by group policy. For more information contact your system administrator"... Is it something I could work out alone or I have to convince them to change the " policy " ?

  Read the article

• How to apply Outlook Junk Mail rules using Hotmail Connector?

  - by Bobb

  I use Outlook 2010 with Hotmail connector. MS says that you can sync your Outlook rules with your Hotmail but I cant see how. My actual problem is - I add a guy to my Junk blocked senders list (and I check it visually - it is in the list). But I keep receiving emails from this guy. It doesnt go to the Junk folder in Outlook. I need my Outlook to honor the rules locally at least. Is it possible?

  Read the article

• Problem whit usb wireless mouse

  - by aiacet

  Recently i have thi problem whit my wireless mouse (Trust model on: www.trust.com/15313). Sometimes when i start the Pc or during a game the pointer/arrow stop to move it. In the Pc start the pointer is blocked on the center of the screen. If I'm lucky i have to chance the USB wirless adapter from port 1 to port 2 but sometimes this trick doesn't work i to use the mouse i have to restart. Like you can see in the productor webpage this mouse don't have the direver but only a tool to solve some problem. Thank you in advance to all the "super-users" that reading this question would be help me Ajax

  Read the article

• Sendmail: external alias not receiving relayed mail under certain circumstances.

  - by ben

  I have set up an alias in /etc/mail/aliases like this: user: [email protected] This relay DOES work when I telnet to example.com 25 and send mail to [email protected] (where example.com is my domain); it indeed turns up in [email protected] inbox. Also mail sent from my server at example.com is generally deliverable to this same email address, [email protected]. HOWEVER, the relay DOES NOT work when I send mail from [email protected] to [email protected], expecting it to be relayed back to [email protected]. The mail.log shows it being received and sent just fine, so I guess it is being blocked by gmail for some reason. Why though? As I said, gmail generally does except mail from this server.

  Read the article

• "This file came from another computer..." - how can I unblock all the files in a folder without having to unblock them individually?

  - by Schnapple

  Windows XP SP2 and Windows Vista have this deal where zone information is preserved in downloaded files to NTFS partitions, such that it blocks certain files in certain applications until you "unblock" the files. So for example if you download a zip file of source code to try something out, every file will display this in the security settings of the file properties "This file came from another computer and might be blocked to help protect this computer" Along with an "Unblock" button. Some programs don't care, but Visual Studio will refuse to load projects in solutions until they've been unblocked. While it's not terribly difficult to go to every project file and unblock it individually, it's a pain. And it does not appear you can unblock multiple selected files simultaneously. Is there any way to unblock all files in a directory without having to go to them all individually? I know you can turn this off globally for all new files but let's say I don't want to do that

  Read the article

• Updating Mcafee Group Shield on Exchange Server

  - by AllanPedersen

  So I don't actually have a problem yet, but I might. You see my fathers company have 10 computers and an exchange server with Mcafee Group Shield. lately they've had issues with mails from customers being blocked. I found both the problem and the solution: Mcafee update so basicly update their Mcafee group shield to the newest service pack and we are all back in buisness.. while I have some limited exchange experience and AD too. I don't have any Mcafee experience. I don't wanna crash their server for a week and have them need to get someone to recover it. So my question in here.. is it supposedly as easy as to click an 'update' button and to reboot your server.. or are there several issues I need to be aware about..? Maybe there is some common issue that goes with updating antivirus on an exchange server that I don't know about..

  Read the article

• Windows 7 is blocking ports

  - by Caleb1994

  I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

  Read the article

• Windows 7 is blocking ports

  - by Caleb1994

  I am trying to open port 80 and 3690 for HTTP and svnserve respectively. I have Windows Firewall off, and have tried temporarily disabling Mcafee VirusScan Enterprise, to no avail. According to http://www.yougetsignal.com/tools/open-ports/, both ports 80 and 3690 are still blocked. I can't think of what would be blocking them if Windows Firewall and my antivirus are disabled. Here is the output of netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Standard Operational mode = Disable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 3690 TCP Any (null) 22 TCP Any (null) 80 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) Any help? I'm not sure what each item on the list of enabled/disabled items is, but "Operational Mode" is disabled, so I assume that one refers to me disabling Windows Firewall. I know that since Windows Firewall is off, this output might not be useful, but I figured I'd include it just in case, haha.

  Read the article

< Previous Page | 27 28 29 30 31 32 33 34 35 36 37 38  | Next Page >