Search Results

Search found 1461 results on 59 pages for 'blocked'.

Page 33/59 | < Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >

Tracing what program is making a network connnection? (CentOS)

- by Airjoe

I was wondering if it is possible to find out which process is trying to make a specific network connection. On a server I support which hosts websites for about 200 users, the iptables firewall keeps blocking, as it should, a connection to 212.117.169.139 on port 80. Firefox reports this as an attack page (and at the least is obvious spam, if not malicious). It seems something on this server is trying to access this site for some reason, and although it's being blocked successfully, the requests seem to be going through every two to sixty seconds and I'd like to be able to find what process or script is doing this so I can handle it appropriately. Besides doing a grep to try and find if this IP is in some file (which probably won't even work because it may be working by hostname or it may be encoded), is there any way to find out some more information? Thanks!

Read the article
Problem with fitting graphics card

- by Gary Robinson

I have recently purchased a new radeon hd5670 graphics card. The problem I have is that it is what I might call a double height card. So the end where you fix the card to the case is twice the size of the card it is replacing. But this means that it is blocked by the rear of the network card. The only way I can see it to cut that part of the fixture part out then I won't have a problem. But has anyone any suggestions what I could use? To be clear it is not the actual card it is the fixture part which is 90 degress to the card that is causing the problem. Unless someone knows of another solution - some kind of pci-e extender that I could use as I could easily

Read the article
Log with iptalbes which user is delivering email to port 25

- by Maus

Because we got blacklisted on CBL I set up the following firewall rules with iptables: #!/bin/bash iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner Debian-exim -j ACCEPT iptables -A OUTPUT -p tcp -m limit --limit 15/minute -m tcp --dport 25 -j LOG --log-prefix "LOCAL_DROPPED_SPAM" iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable I'm not able to connect to port 25 from localhost with another user than root or a mail group member - So it seems to work. Still some questions remain: How effective do you rate this rule-set to prevent spam coming from bad PHP-Scripts hosted on the server? Is there a way to block port 25 and 587 within the same statement? Is the usage of /usr/sbin/sendmail also limited or blocked by this rule-set? Is there a way to log the username of all other attempts which try to deliver stuff to port 25?

Read the article
how to report a malicious site (http://newss.gr) to google, microsoft and mozilla so that they will prompt

- by Jayapal Chandran

Hi, I completed a project an year ago. Now a few modification were needed. While i try to test there was an index.html with a malicious script which had an iframe to this site's jar file. and kaspersky anti virus blocked it. So i browsed the ftp to find the file and i deleted it. and also disabled directory listing. May be the ftp details of the site owner would have been hacked. I want to report this site to google, msn and mozilla and other antivirus programs. How to do that. any idea? I hope kaspersky would have updated it in their database but still i want to explicitly inform it about this. here is the popup kaspersky showed.

Read the article
Moving Mail between Exchange Mail Queues

- by Eli

We have multiple Microsoft Exchange 2007 nodes and 2 Exchange hubs. One of our users unfortunately had their account compromised, which then sent out several thousand emails before we were able to stop them. During this time, however, several primary mail providers blocked one of our Exchange hubs as a spam source. We now have nearly 500 messages built up on the one hub server waiting to go out to a provider who is currently blocking that hub. I know it is possible to change the location of the mailqueue and I could copy the queue database over from one hub to another and than change the location the HUB is looking at to a different file - let the mail spool out and then change the location back, but I would like a cleaner solution. Therefore, the question: is there a way to quickly and easily move messages from one Exchange hub server to another Exchange hub server?

Read the article
How to open a server port outside of an OpenVPN tunnel with a pf firewall on OSX (BSD)

- by Timbo

I have a Mac mini that I use as a media server running XBMC and serves media from my NAS to my stereo and TV (which has been color calibrated with a Spyder3Express, happy). The Mac runs OSX 10.8.2 and the internet connection is tunneled for general privacy over OpenVPN through Tunnelblick. I believe my anonymous VPN provider pushes "redirect_gateway" to OpenVPN/Tunnelblick because when on it effectively tunnels all non-LAN traffic in- and outbound. As an unwanted side effect that also opens the boxes server ports unprotected to the outside world and bypasses my firewall-router (Netgear SRX5308). I have run nmap from outside the LAN on the VPN IP and the server ports on the mini are clearly visible and connectable. The mini has the following ports open: ssh/22, ARD/5900 and 8080+9090 for the XBMC iOS client Constellation. I also have Synology NAS which apart from LAN file serving over AFP and WebDAV only serves up an OpenVPN/1194 and a PPTP/1732 server. When outside of the LAN I connect to this from my laptop over OpenVPN and over PPTP from my iPhone. I only want to connect through AFP/548 from the mini to the NAS. The border firewall (SRX5308) just works excellently, stable and with a very high throughput when streaming from various VOD services. My connection is a 100/10 with a close to theoretical max throughput. The ruleset is as follows Inbound: PPTP/1723 Allow always to 10.0.0.40 (NAS/VPN server) from a restricted IP range >corresponding to possible cell provider range OpenVPN/1194 Allow always to 10.0.0.40 (NAS/VPN server) from any Outbound: Default outbound policy: Allow Always OpenVPN/1194 TCP Allow always from 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) OpenVPN/1194 UDP Allow always to 10.0.0.40 (NAS) to a.b.8.1-a.b.8.254 (VPN provider) Block always from NAS to any On the Mini I have disabled the OSX Application Level Firewall because it throws popups which don't remember my choices from one time to another and that's annoying on a media server. Instead I run Little Snitch which controls outgoing connections nicely on an application level. I have configured the excellent OSX builtin firewall pf (from BSD) as follows pf.conf (Apple App firewall tie-ins removed) (# replaced with % to avoid formatting errors) ### macro name for external interface. eth_if = "en0" vpn_if = "tap0" ### wifi_if = "en1" ### %usb_if = "en3" ext_if = $eth_if LAN="{10.0.0.0/24}" ### General housekeeping rules ### ### Drop all blocked packets silently set block-policy drop ### all incoming traffic on external interface is normalized and fragmented ### packets are reassembled. scrub in on $ext_if all fragment reassemble scrub in on $vpn_if all fragment reassemble scrub out all ### exercise antispoofing on the external interface, but add the local ### loopback interface as an exception, to prevent services utilizing the ### local loop from being blocked accidentally. ### set skip on lo0 antispoof for $ext_if inet antispoof for $vpn_if inet ### spoofing protection for all interfaces block in quick from urpf-failed ############################# block all ### Access to the mini server over ssh/22 and remote desktop/5900 from LAN/en0 only pass in on $eth_if proto tcp from $LAN to any port {22, 5900, 8080, 9090} ### Allow all udp and icmp also, necessary for Constellation. Could be tightened. pass on $eth_if proto {udp, icmp} from $LAN to any ### Allow AFP to 10.0.0.40 (NAS) pass out on $eth_if proto tcp from any to 10.0.0.40 port 548 ### Allow OpenVPN tunnel setup over unprotected link (en0) only to VPN provider IPs ### and port ranges pass on $eth_if proto tcp from any to a.b.8.0/24 port 1194:1201 ### OpenVPN Tunnel rules. All traffic allowed out, only in to ports 4100-4110 ### Outgoing pings ok pass in on $vpn_if proto {tcp, udp} from any to any port 4100:4110 pass out on $vpn_if proto {tcp, udp, icmp} from any to any So what are my goals and what does the above setup achieve? (until you tell me otherwise :) 1) Full LAN access to the above ports on the mini/media server (including through my own VPN server) 2) All internet traffic from the mini/media server is anonymized and tunneled over VPN 3) If OpenVPN/Tunnelblick on the mini drops the connection, nothing is leaked both because of pf and the router outgoing ruleset. It can't even do a DNS lookup through the router. So what do I have to hide with all this? Nothing much really, I just got carried away trying to stop port scans through the VPN tunnel :) In any case this setup works perfectly and it is very stable. The Problem at last! I want to run a minecraft server and I installed that on a separate user account on the mini server (user=mc) to keep things partitioned. I don't want this server accessible through the anonymized VPN tunnel because there are lots more port scans and hacking attempts through that than over my regular IP and I don't trust java in general. So I added the following pf rule on the mini: ### Allow Minecraft public through user mc pass in on $eth_if proto {tcp,udp} from any to any port 24983 user mc pass out on $eth_if proto {tcp, udp} from any to any user mc And these additions on the border firewall: Inbound: Allow always TCP/UDP from any to 10.0.0.40 (NAS) Outbound: Allow always TCP port 80 from 10.0.0.40 to any (needed for online account checkups) This works fine but only when the OpenVPN/Tunnelblick tunnel is down. When up no connection is possbile to the minecraft server from outside of LAN. inside LAN is always OK. Everything else functions as intended. I believe the redirect_gateway push is close to the root of the problem, but I want to keep that specific VPN provider because of the fantastic throughput, price and service. The Solution? How can I open up the minecraft server port outside of the tunnel so it's only available over en0 not the VPN tunnel? Should I a static route? But I don't know which IPs will be connecting...stumbles How secure would to estimate this setup to be and do you have other improvements to share? I've searched extensively in the last few days to no avail...If you've read this far I bet you know the answer :)

Read the article
Group policy doesn't let me execute Chrome

- by George Katsanos

Where I work, the admins just migrated us to Windows 7. They gave me admin rights but still, I had to "Run as Administrator" my Google Chrome installation. After I managed to install it, I realized I even have to go through the "Run as Administrator" shortcut every time I have to execute the application. I even edited the properties of the shortcut to check "Always run as Administrator" but nothing changed. The message I get when I'm trying to launch Chrome is "This program is blocked by group policy. For more information contact your system administrator"... Is it something I could work out alone or I have to convince them to change the "policy"?

Read the article
Cannot connect to FTP server from external host

- by h3.

I have a FTP server (vsftpd) setuped on a Linux box (Ubuntu server). When I try to connect with a computer on the same network everything works fine as expected. But as soon the IP is external it won't connect.. I first assumed the port was blocked, but then: localserver:$ sudo tail -f /var/log/vsftpd.log Wed Jan 13 14:21:17 2010 [pid 2407] CONNECT: Client "xxx.xxx.107.4" remotemachine:$ netcat svn-motion.no-ip.biz 21 220 FTP Server And it hangs there. Do any ports other than 21 need to be open?

Read the article
Can't set up Usermin correctly to allow users to login outside of local network, what am I missing?

- by thecraic

I'm fairly new at creating a server, but the biggest problem I am currently having at the moment is getting Usermin set up to be accessible from outside the LAN. I talked to other people that use it and was told that all I need to do is type the url:20000 to access the login screen, but that doesn't work. I have also tried the ip:20000 and that doesn't lead to anything. Instead I get the error message: Error - Bad Request This web server is running in SSL mode. Try the URL https://hostname:10000/ instead. (where hostname is my server's hostname) I know it must be a configuration issue, but I have checked all my settings and as far as I can tell I don't have the ports blocked anywhere. I have the correct ports forwarded on my router and my server firewall doesn't have the port block either. Is there anything I am missing? Any help would be appreciated and I will add more information upon request. Thank You.

Read the article
How can I get rid of the long Google results URLs?

- by Teifi

google.com is always shielded by our firewall. When I search something at google.com, a result list appears. Then I click the link, the URL changes to a processed url like: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CDcQFjAA&url=http%3A%2F%2Fwww.amazon.com%2F&ei=PE_AUMLmFKW9iAfrl4HoCQ&usg=AFQjCNGcA9BfTgNdpb6LfcoG0sjA7hNW6A&cad=rjt Then my browser is blocked because of google.com I guess. The only useful information in that long like processed URL is http%3A%2F%2Fwww.amazon.com(http://www.amazon.com). My quesitons: What's the meaning of that long like processed URL? Is there a way to remove the header google.com/url?sa.. each time I click the search results?

Read the article
Use .htaccess to block *All* access to specific folders.

- by Urda

I am not sure how to do this, but I want to block all access to a specific set of folders on my web server. Say secret01 and secret 02... homeDir |- data |- www | |- .htaccess (file) | |- images | |- js | |- secret01 | |- secret02 | |... |... What rule(s) do I need to add to my root .htaccess file to do this? I want all access from the web blocked from going into these folders, period. Only way one could get to them would be over SFTP or SSH. So what rule am I looking for? I am preferably looking for a one-liner so I can add more folders or move it to another site down the road. I really would prefer if the rule could be placed in the .htaccess root file so I don't have to jump all over the place to lock and unlock folders.

Read the article
aptana/eclipse blocks other apps

- by waquner

Hi, I've got a fresh win7 installation, the only apps installed so far are aptana (beta 3)/eclipse and firefox + chrome (except antivirus and drivers) Every time I start aptana, chrome and firefox are blocked, so firefox can't load a webpage (or sometimes takes veeeery long) and chrome doesn't even take care of events (so for example hovering over a link doesn't change the cursor and a click does...nothing or typing in an url, press enter - nothing happens) First I thought, aptana downloads something and blocks my internet connection... but IE works well and also there are no signs in the taskmanager (cpu%, network or memory) When I close Aptana, all works as before. I tried updating Java, which didn't help... On my office-computer I use the same apps and it works perfect. Got any ideas? TIA, waquner

Read the article
reverse-proxy web access on a server where only SSH is allowed

- by Kaii

Every once in a while i have to connect to a server where access is highly restricted. Only inbound SSH is allowed by the DMZ firewall - outbound HTTP connections are blocked. I'm looking for a good way to tunnel web access through my SSH session, so i can install updates and software via yum / apt-get. What do you do in such a situation? SSH has the -D <port> SOCKS proxy option. But unfortunately it is one-way only from client to server and there is no reverse option.

Read the article
Windows 8 Program Sharing?

- by Martin W. Seitz

How do I, as the administrator, share the Skype program with a user on the same PC? I tried to download Skype to the user from the windows store that said it was blocked and I must contact the administrator. The Skype icon appears on the user desktop but with an X in the corner with no way to allow it to work as the administrator. In the administrator desktop the Skype icon appears without the x and it does work. I have tried to research this issue and so far all I have been able to find and do is the enable $admin share at this link http://www.intelliadmin.com/index.php/2012/10/windows-8-enable-the-admin-share/ Now that I have done this how do I use it to share the Skype program? Thanks in advance. Marty Seitz

Read the article
one of my web hostings is down - only for me - why ?

- by Thomas Traub

My first post here, I am reading / learning a lot, thanks ;). I've got a mysterious issue (for me) and would really appreciate to get it solved. I've rent a reseller package with bibihost.com and it's now the second time that all my domaines the hoster's site are unavailable from my connection (my Mac and my iPhone), (in browser, per FTP, ping, ab, and traceroute) This has never before happened to me with other web addresses. traceroute get's always stuck at a specific server 40g.vss-1-6k.routers.chtix.eu (91.121.131.29) The sites are all up for everyone else, I've checked with downforeveryoneorjustme.com, a homegrown script loaded to another server and montastic.com My question(s) : Why am I blocked ? Is there anything I can do about it ? If I cannot solve this issue I have to change the hoster, but I really would like to know what's going on. my domaines on this server : tienstiens.fr tomlegrand.com

Read the article
Possible to load entries into hosts.deny from text file?

- by Tar

I have around 96 million IP addresses that I have collected and routinely validate to be VPN providers, proxies, etc. I want these blocked. Currently, I am including the list formatted like deny ip; in nginx and that works perfectly. I want to use this list on another server, but nginx isn't an option, and I don't trust apache to handle this without slowing down. Is there a way to load this list into hosts deny via some command like aclexec or something? Are there other alternatives like setting up a DNSBL or using hosts.deny in conjunction with one?

Read the article
SSH Tunnel doesn't work in China

- by Martin

Last year I was working in China for a few months. I never bothered setting up a real VPN, but just created a SSH tunnel, and changed my browsers proxy settings to connect through it. Everything worked great (except flash of course) but that was fine. However, now I'm back in China but I'm having problems with this approach. I do the same thing as last time, and according to https://ipcheckit.com/ my IP address is indeed the IP of my (private) server in the US, and I'm logging in to my server using a fingerprint I created long before going to China so no MITM should be possible. Furthermore the certificate from ipcheckit.com is from GeoTrust - so everything should be OK However, I still can't access sites which are blocked in China. Any idea how this could be possible?

Read the article
transparently set up Windows 7 as remote workstation

- by Áxel

Maybe is a very basic question, but I can't find the exact terms to Google for it and find the concrete answer to my doubt. Suppose we have several PCs in which individual employees work. One of them has an extremely powerful CPU, and it's very useful to use that computer to perform heavy computations, but go there and set up your task means its user has to stop working for a while. Is it possible to allow a secondary user account to remotly log in, for example via Remote Desktop, and work with a full user environment, while the main user keeps working under his user session? I've used remote desktop many times in the past, but it always blocked current user session, or even terminated it. Lots of thanks in advance guys.

Read the article
Number of malicious attacks defended/done on the average user daily [closed]

- by DalexL

As a web hoster, it is very easy to notice the large amounts of exploit/abuse attempts done on my servers. Out of curiosity, how often are these attempts done on the average user? I'm assuming almost all of them are prevented just by simple security protocols in place by their browsers, local network, etc. How many attempts, on average, are committed against a single user daily through any method? (email, internet, downloads, etc.)? If known, what percentage of these things are blocked by the average users security? I tried googling but I was having a hard time getting the right search terms together.

Read the article
How can I force certain applications to use specific network connections?

- by snicker

Let's say I have two active network connections that let me out to the internet. I want certain applications to only use Network Connection 1, while some others should use Network Connection 2. Is this possible in Windows XP? If so, how can it be done? The main reason I wish to do this is I want to use a tethered phone's network for certain applications and an ethernet connection for others. Certain ports and networks are blocked by the ethernet connection, whereas they are not on my tethered phones connection.

Read the article
Can't resolve Mac's machine name on VPN

- by Raghuveer

My mac'c machine name is something like this: hostname.company.com but whenever I connect to VPN, it becomes something like vpn-xxxx.company.com where xxxx are some random numbers. Because of this, some of my scripts which are dependent on host name gets blocked. We use the standard mac's vpn setup which comes with OS X Lion (under network preferences). How can I resolve to the correct mac's name even if I am on vpn ? That is even if I am connected to VPN, my machine name should resolve to hostname.company.com and NOT to vpn-xxxx.company.com. Any suggestions would be really appreciated.

Read the article
SFTP not working, but SSH is

- by Dan

I've had a server running CentOS for a few months now. A few days ago, I stopped being able to connect to it over SFTP. I've tried from multiple computers, OSes, clients, and internet connections. I can SSH in just fine, though. For example, Nautilus gives me this: Error: DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Please select another viewer and try again. I was under the impression that SFTP was just pure SSH, and if one worked, the other would, and vice-versa. Clearly that's not the case, though. What could I have done wrong?

Read the article
OS X Server: SMTP Server problem

- by plucked

Hi, I have problem to setup my mail server. My system is a OS X 10.6.2. Server. I configured the mail server so far, but I cannot connect to the smtp server correctly. Correctly means that I can connect via telnet (and do the "HELO") from another server within the same serverrack, but not from outside. But when I try to telnet my http server, it works fine from outside. I already checked my firewall rules with "sudo ipfw list" and the port 25 is not blocked in any case. What could be the problem with connecting to port 25 via telnet from outside of the serverrack? Cheers

Read the article
Spambot Infection Detection

- by crankshaft

My server has been blocked by CBL for participating in curtwail spambot. Initially we suspected that it was coming from a PC and not from the server, but the router is blocking all packets on 25 except those coming from the server. I have just executed the tcpdump command and every 5 minutes I see a flurry of activity on port 25 that is very suspicious and I am sure that there is some process running on the server: 13:02:30.027436 IP exprod5og110.obsmtp.com.53803 > ubuntu.local.smtp: Flags [S], seq 171708781, win 5744, options [mss 1436,sackOK,TS val 3046699707 ecr 0,nop,wscale 2], length 0 I have stopped postfix, and yet there is still traffic on port 25 above. But how can I find what process is actually communicating on port 25 as it only rund for a few seconds and so for example lsof -i :25 will never catch it. I have been working on this now for 2 days, it is a live server and I cannot simply shut it down, any suggestion on how I can detect the source of this email bot process ?

Read the article
ZendServer uninstall and xampp install ports conflict

- by BlackFire27

I uninstalled zend, cleaned it from the registry (it doesnt exist there).. when I go to localhost , I can see its favicon. Also my xampp port is blocked by the previous installation of zend that uses the port 80.. so I swapped xampps port to 8080.. it works..but I would rather to use port of 80.. is there a way to achieve so? perhaps changing zends port to something else? or how can I find who is listening to the same port.. By what I can see is that zend is still using the localhost..how i sthat possible

Read the article

< Previous Page | 29 30 31 32 33 34 35 36 37 38 39 40 | Next Page >