Re: Looking for exploits on my server.
https://www.howtoforge.com/tutorial/...-and-rootkits/
-
Re: Looking for exploits on my server.
If the BBC can be floored by a DDoS, then your VPS has no chance.
http://www.csoonline.com/article/302...n-history.html
To avoid SQL injection ensure you code your site properly. The main one being constrain the inputs.Leave a comment:
-
Re: Looking for exploits on my server.
Maybe I should have created two threads. One for the DDoS / DoS (from now on, I'll just refer to both as DoS) type attacks and a separate thread for the security issues, like preventing against SQL Inject, packet inspection, etc.Leave a comment:
-
Re: Looking for exploits on my server.
Yes, I know this. I care about both though. Trying to protect the best I can against DDoS/DoS and checking my server for exploitable services / weaknesses.
Wow. I did not realize this. I just thought because I had my own IP address, it wouldn't affect anyone else on the server. Could you explain this in more detail please?
I am under the impression that there are three types of DOS / DDoS type attacks. If I cannot test my server, maybe you guys could suggestion some techniques I could use to "harden" my system to help prevent against most (or some?) of them? The three types are:
Volume Based Attacks
Protocol Attacks
Application Layer Attacks
For the protocol attacks, I feel fairly confident that I'm protected against syn floods. Fragmented packet attacks, Ping of Death, Smurf DDoS, not so sure about there.
Would Volume Based Attacks be the hardest to protect against? I would think maybe iptables wouldn't help much here, if the IP address is spoofed or something. I could block each user, but if the address keeps changing, is there really any software out there that can help?
The application layer attacks, from what I understand, are attacks targeted at my webserver or the OS. I run Apache and have mod_security and mod_ruid2 installed. The mod_security seems to catch a lot of bad stuff. I wonder if that catches the DoS type attacks? I also have ConfigServer Firewall and lfd installed.
I am so glad I didn't find a reputable free service to try attacking my site. If that would have affected other users on the virtual machine, I would of felt sooooo horrible. I am so glad I came here and asked for help instead of just picking one service and trying it. Thank you so much for telling me this!!!Leave a comment:
-
Re: Looking for exploits on my server.
DDoS/DoS and SECURITY are not the same thing.
if you end up "attacking" your VPS to overwhelm it, your provider will probably nullroute your IP for 24 hours. keep in mind that a denial of service affects the providers network and other customers on the same VPS node, not just your server Now, if you want penetration testing, that is a different thing, because it just affects your server.Leave a comment:
-
Re: Looking for exploits on my server.
The grc.com website doesn't seem to load. I get an ERR_CONNECTION_TIMED_OUT message.Leave a comment:
-
Re: Looking for exploits on my server.
Thanks Stj. Nessus I cannot use because I only have the free version and last I checked, I can only use the free version on my local area network. I'll definitely be running nmap though. I was thinking of that earlier. Can you suggest some command line options that I might be interested in using with nmap? I'm not familiar with Satan. I'll have to give that a shot.
Now for the news. The good news is the security scan from scanmyserver finished. The bad news it found 6 problems. Here's the results:
I'd like to remove the ftp server and replace it with sftp. cPanel / WHM is installed and I'm running CentOS 6 in a virtual environment. Yum seems to show a lot of cpanel packages. I see the FTP server, Pure-FTP, in cPanel. I want to make sure removing it doesn't break cPanel. Same with mailman. Pretty sure mailman is for me setting up mailing lists. I don't use them yet and might not ever. So I'd like to remove that as well. The IMAP and HTTP Packet Inspection ones though...not sure how to fix those.Code:Security Testing Type Tests Failed Passed Infrastructure Tests 12907 6 12901 Blind SQL Injection 0 0 0 SQL Injection 0 0 0 Cross Site Scripting 0 0 0 Source Disclosure 0 0 0 PHP Code Injection 0 0 0 Windows Command Execution 0 0 0 UNIX Command Execution 0 0 0 UNIX File Disclosure 0 0 0 Windows File Disclosure 0 0 0 Directory Disclosure 0 0 0 Remote File Inclusion 0 0 0 HTTP Header Injection 0 0 0 Low risk vulnerabilities results for: jetbbs.com 1. FTP Service AUTH TLS Command Support (Low)back Port: ftp (21/tcp) Summary: The remote FTP service supports the use of the 'AUTH TLS' command to switch from a plaintext to an encrypted communications channel. More information: http://en.wikipedia.org/wiki/STARTTLS and http://tools.ietf.org/html/rfc4217 Test ID: 11982 2. IMAP Service STARTTLS Command Support (Low)back Port: imap (143/tcp) Summary: The remote IMAP service supports the use of the 'STARTTLS' command to switch from a plaintext to an encrypted communications channel. More information: http://en.wikipedia.org/wiki/STARTTLS and http://tools.ietf.org/html/rfc2595 Test ID: 11965 3. FTP Clear Text Authentication (Low)back Port: ftp (21/tcp) Summary: The remote FTP does not encrypt its data and control connections. The user name and password are transmitted in clear text and may be intercepted by a network sniffer, or a man-in-the-middle attack. Recommended Solution: Switch to FTPS (FTP over SSL/TLS) or SFTP (part of the SSH suite). Test ID: 11278 4. HTTP Packet Inspection (Low)back Port: http (80/tcp) Summary: This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc. Protocol version: HTTP/1.1 SSL: no Pipelining: no Keep-Alive: no Options allowed: (Not implemented) Headers: Date: Wed, 17 Feb 2016 02:41:22 GMT Server: Apache Location: https://jetbbs.com/ Content-Length: 203 Connection: close Content-Type: text/html, charset=iso-8859-1 Test ID: 10209 5. Mailman Detection (Low)back Port: http (80/tcp) Summary: Mailman is a Python-based mailing list management package from the GNU Project. This test detects whether the remote host is running Mailman and extracts version numbers and locations of any instances found. The following instance of Mailman was detected on the remote host: Installed version: 2.1.20 URL: http://jetbbs.com/mailman/listinfo/ Test ID: 7098 6. Directory Scanner (Low)back Port: http (80/tcp) Summary: We found some common directories on the web server: The following directories were discovered: /mailman Recommended Solution: Check if those directories contain any sensitive information, if they do, prevent unauthorized access to them. Impact: This is usually not a security vulnerability, only an information gathering. Nevertheless, you should manually inspect these directories to ensure that they are in compliance with accepted security standards. Test ID: 1822
Leave a comment:
-
Re: Looking for exploits on my server.
https://www.grc.com/default.htm
NMAP
NESSUS
SATAN
http://www.yolinux.com/TUTORIALS/Lin...rityTools.htmlLeave a comment:
-
Re: Looking for exploits on my server.
Also, I'm okay with download software for the non-DDoS security scan stuff. My IP is whitelisted so I can't get blocked and I think that is good. Normally, if a bad guy tries getting in and fails three times, they're blocked. But if there's an exploitable service or something running, if they can exploit it within the first three tries, they'll get in. So, with security scanning software and being whitelisted, I won't get blocked for failed attempts and can try and figure out if I'm vulnerable to anything.
The DDoS type attack though I would think would have to be from the internet. If I'm whitelisted and can't be blocked, I can't really test to see if I'm protected against it. If I remove my IP from the whitelist and get blocked trying a DoS, I won't be allowed into my site to whitelist me.
Also, I found the IP addresses that I needed to whitelist for https://scanmyserver.com and they're conducting a security scan. That's good news. They said the test can safely be used on "live" servers and shouldn't cause any down time so I don't think they test to see if I'm protected against DDoS type attacks. I still need to find some way to test for that and see how vulnerable my server is for those types of attacks.
Thanks.Leave a comment:
-
Re: Looking for exploits on my server.
Thank you. I know DDos isn't an exploit or anything like that and I do appreciate the insight about not being able to protect against a high DDoS storm no matter what service I have.
There's still things I can do to help protect against certain DDoS type attacks though, like syn-flooding for example.
What do you mean by pipe? Even if I had another server in a geographically different location, if someone wanted to, they could just start one attack on one server and then start another attack on another, right? Or would the geographically redundant, fatter pipe and possibly faster computer prevent that from happening some how?Leave a comment:
-
Re: Looking for exploits on my server.
The server is not running from my home. I'm renting a virtual private server. I'm worried about more than just DDoS type attacks. I'd like to fully secure my site to the best of my abilities and try to identify any weaknesses it might have before I start writing a lot of code for it. I know a lot of websites can fall victim to DDoS type attacks and I do have software installed that should help mitigate (don't know if that's the right word, my vocabulary is small
) against such type attacks. I want to see how well it works, if at all, but also scan for other types of attacks.
I see people from different countries are trying to get into my server on a regular basis. Since I installed ConfigServer Firewall, they've died down a lot! I have it setup to permanently block people and I also have it download a list of IPs associated with bad people and block them as well.
I just want to see how secure my site is and if there's any weaknesses, try to secure them before someone gets in rather than deal it with after they get in (or in the DDoS case, from bringing down my server).Leave a comment:
-
Re: Looking for exploits on my server.
DDoS is not security, it's just that, preventing legitimate use from going through. There really is no way to prevent DDoS other than getting geographically redundant, fatter pipe, and possibly faster computers. Keep in mind the plurality. If you only have one machine and one pipe, you will go down in a high DDoS storm no matter what service you have.Leave a comment:
-
Re: Looking for exploits on my server.
Is the server running at home or in a datacentre ?
Why are you worries about DDoS ? If it's important pay for DDoS protection.Leave a comment:
-
Looking for exploits on my server.
Hello,
Not sure if I should post here or in the General Computer section. I figured because this question is about my server, the Network Design & Troubleshooting would fit my questions a bit more than General Computer questions.
I have a domain and I have software running that tries to help keep it secure. I'd like to test it though. I tried Beyond Security, but I could never get past the verification phase (proving that I own the domain). Whenever I tried verifying, I saw one of my security programs detecting a security scanner and blocking it. I've contacted the company asking if they could give me a list of IPs that I could white list so they could properly scan but haven't gotten a response.
Does anyone know of any other reputable free security scanners that I could use? I'd also like to see if I'm protected against DDoS / DoS type attacks. I've googled this but some of the sites seem a bit phishy. For example, I see there's a site called orcahub.com that allows you to send DOS type attacks (something like 300x per second, if you need more, you pay) but in the comment section, I see someone saying:
And that user being thanked for the vouching. But that comment makes me think maybe I could use that site for domains that I don't own. And if they're allowing you to attack sites that you don't own, I'd rather not use them for fear that they might be doing some shady stuff.Code:Their service are actually 500% POWERFULL, No one can beat them, Instant take down website / ip / home connection with 1 click.
-
Hello all,
as a beginner electronics hobbyist, after a few years I would like to place another post on this Forum section, given that I did not succeed in finding any useful advice among the other posts.
Over the last years, I have been using a PowerEdge Dell Server with two redundant PSUs, namely the 750W F750E-S0 ones (aka 06W2PW). Unfortunately, last summer one of them failed (perhaps owing to an overheating), and the server had for working to take into account the other one only. Of course I opened and tried to troubleshoot the failed PSU, but each cap I tested seemed to... -
This specification for the HP ZBook 15v G5 Mobile server can be useful for upgrading or repairing a laptop that is not working. As a community we are working through our specifications to add valuable data like the 15v G5 boardview and 15v G5 schematic. Our users have donated over 1 million documents which are being added to the site. This page will be updated soon with additional information. Alternatively you can request additional help from our users directly on the relevant badcaps forum. Please note that we offer no warranties that any specification, datasheet, or download for HP ZBook 15v...09-06-2024, 11:39 AM
-
I thinking about some central LAN file server, on where I can put some files from other devices, or access to them, and maybe play some movie without download...
I never study this, but when I see that freenas need few gigabyte of ram to recommended working, some wiered partition, I wonder if I miss somewhat in the midletime...
Also exist "turnkey file server", and other turnkey products that I can not distinguished what is major difference and how it perform - no experiance at all.
What is general difference between this products, and what be most useful... -
Hello, please how to properly configure VPN in this environment?
I have two subnets in two different (geographical) workplaces, connected via IPsec (thru gateway routers)
Main subnet: 192.168.11.0/24, gateway (router IP) 192.168.11.1, Windows 2016 server (VPN, DHCP, DC etc.) 192.168.11.3
2nd subnet : 192.168.22.0/24, gateway (router IP) 192.168.22.1 - just client computers.
I need to allow external (home office) users connect via VPN server (192.168.11.3) to the 2nd subnet (192.168.22.0/24) to their computers (via RDP).
I have no problems with VPN connection... -
Good day
I am looking for a mainboard schematic for a Supermicro Server mainbaord x10dri-ln4+ as the track broke off on the BIOS chip and I want to repair to use the server again. If possible can someone assist to get this schematic?08-06-2025, 05:36 AM
Leave a comment: