Questions tagged [hacking]
Hacking is the violation of server or network security via exploitation of weaknesses in that security.
484 questions
0
votes
1
answer
62
views
Unprompted Microsoft Authenticator Prompts
This is the second time I have gotten an authenticator prompt in the past 3 months unprompted.
After the first time, I reset my password on a mobile phone (the mobile phone is patched as far as I know)...
- 101
0
votes
0
answers
133
views
Created New MSSQL Instance, Can't Execute Commands
I created a new MSSQL instance following the steps from this video. My purpose is to teach my students how to attack an MSSQL instance from a Linux machine, however I cannot execute a single command ...
0
votes
0
answers
19
views
How to fixed hacked wordpress site [duplicate]
So I have a wordpress site (sevenavedesign.com) and currently I'm having an issue where when visiting the site sometimes it redirects to a spamvertising site. This does not always happens and it ...
1
vote
0
answers
49
views
weird /ws/info requests on our server: is our client compromised?
We have a big website on a virtual server that runs fine. We have a few hundred clients. Since a few weeks, we saw that with exactly ONE of these clients there were 404 references to hrefs like www....
- 111
1
vote
1
answer
83
views
btmp is showing me a login duration over an hour. How can a failed login last that long?
I was watching a server console for results of my own activity and was bombarded by someone trying to do GET on a long alphabetical list of files/directories. I checked lastb and found some entries ...
- 111
0
votes
0
answers
24
views
Running Linux commands execute hidden command to regenerate Backdoor [duplicate]
My CentOS server compromised, the backdoor uploaded in /var/www/html/, I have deleted the backdoor and browsed the backdoor - to be sure it's deleted - it's surly deleted, but when I run any command ...
-1
votes
1
answer
61
views
Can already opened event log screens of powershell on windows event viewer can be hacked offline by hackers? [closed]
Can Windows powershell give me fake or altered outputs if I use common commands primarily used in powershell checking hash codes is option but they can be altered too theorically so its not that ...
1
vote
0
answers
98
views
Server hacked? Binary /usr/lib/os-release!
Server: Ubuntu 20.04.5 LTS
I was going to generate an SSL certificate as usual with certbot but suddenly it started to give a weird error:
An unexpected error occurred:
UnicodeDecodeError: 'utf-8' ...
- 145
0
votes
0
answers
29
views
Someone installed a cryptominer on my Ubuntu server [duplicate]
It seems someone gained access to my ubuntu server and installed a cryptominer. This user added a crontab for the user "git" on my server. I disconnected the server from the internet and I ...
0
votes
1
answer
109
views
How to block all requests starting with "?mode" on Apache?
Recently my website was hacked and now I have around 20000 indexed links in Google that were redirected to other sites via my website. Now I have stopped all redirects but I have too many request on ...
0
votes
0
answers
199
views
How to prevent compromising the email server if user credentials leaked?
I've been using AWS SES as an SMTP relay (Postfix + Dovecot) for years and now am facing the pausing of sending emails for the second time. We use this combination as an email server for business ...
- 203
-6
votes
1
answer
118
views
Is there any way to access Hyper-V host from a network adapter not shared with host? [closed]
I am considering to move my firewall inside Hyper-V. There will be only one Guest OS that is connected to the virtual Switch, and the guest OS is the Firewall OS. While the second adapter at the ...
- 600
-3
votes
2
answers
2k
views
Network is gone when I start arp spoofing [closed]
So for context I have two virtual machines one is running on kali linux which is the "Hacker's" machine and the other one is running on windows 10 pro which is supposed to be the victim's ...
0
votes
1
answer
394
views
VirtualBox network settings for multiple isolated virtual machines where only one can access internet
So I want to make a virtual hacking lab using VirtualBox. There will be two type of machines.
Attack Machine : Kali Linux
Target Machine : This can be any type of OS; Ubuntu, CentOS etc.
I want my ...
3
votes
1
answer
850
views
Since S3 charges by request, couldn't a malicious hacker cause a huge AWS bill just by spamming requests?
What would stop them from doing so, against, say, a static website hosted using S3? Is there a good way to deny some requests such that one avoids getting billed for them?
(Context: I want to host a ...
- 131
0
votes
1
answer
1k
views
What are all these requests?
I was checking my server's web server log where I'm installing a wordpress website, and found all these requests, the site is new!
Should I be worried? Is my site hacked or something? I don't ...
0
votes
0
answers
20
views
Hacked website and cannot delete hacked file [duplicate]
First of all, I might be on the total wrong place to post this, but my researches lead to here and I've found "similar" questions being asked here. But still since I lack knowledge in this ...
- 1
1
vote
1
answer
303
views
Are security updates applied with `dnf update` or is it separate procedure in Linux?
I found this vulnerability with polkit. It was found in Jan 22. How does keeping Linux updated security wise works in general?
If I run dnf update on CentOS9 - will it fix it? Or shall I look into ...
- 782
0
votes
2
answers
83
views
How to track specific logs in Ubuntu? (CPU)
We have this EC2 instance: T2.medium, running apache, with 4 virtual hosts (4 sites).
Sometimes, out of nowhere, the CPU reaches very high levels, maybe an attack.
I've seen some of our wordpress ...
- 1
3
votes
3
answers
17k
views
SSHD: Difference between "connection closed..." and "disconnected from..." in log file
The sshd service on my Ubuntu server is under constant attack for various IP and user id.
According to /var/log/auth.log file, there are three different types of fails from unknown id and IP address:
...
- 133
0
votes
0
answers
282
views
Introduction problems with some server log file
I have that problem, that my server is flooded with some kind of requests as you see it here:
26/Jan/2022 66.240.205.34 "Gh0st\xad" "-"
26/Jan/2022 139.162.145.250 "GET 400
26/...
- 1
0
votes
1
answer
904
views
Hacked file regenerates whenever it is deleted - ubuntu/apache2 [duplicate]
Have just had a hacked website flagged by Sucuri
There were a number of backdoor PHP files flagged, which I HAVE been able to delete
However, the index.php file has a spam link injected in to the ...
- 109
0
votes
0
answers
50
views
What is this hacker trying to achieve? [duplicate]
I have hundreds of lines like this in my syslog from many different ip addresses:
Oct 16 17:03:06 example named[857]: client @0x7fa2dc083e40 104.190.220.183#3075 (sl): query (cache) 'sl/ANY/IN' denied
...
- 1
3
votes
1
answer
488
views
Malicious requests from private network (Kubernetes)
Recently I'm having many malicious requests to my nginx-ingress pod but I don't understand how's possible they're from a private network. Some examples:
10.114.0.3 - - [11/Oct/2021:09:07:09 +0000] &...
- 145
0
votes
0
answers
30
views
Who has done what during the course of visiting wordpress site?
I run a small wordpress site.
I use Korean.
Today my statistics shows like the below.
My blog has no more than 100 posts so I am suspicious about the 100+ hits from the same ip.
Can this be an ...
- 113
0
votes
1
answer
5k
views
Postfix blank sender from= <>
Recently I received spam report form my vps provider and Trend Micro, I think my vps got suspended because a or some unknow "blank sender" using my mail server as a "jump point", I ...
2
votes
1
answer
1k
views
My Node.JS program running on an internet-facing server is printing impossible text to the stdout log. Have I been compromised?
(EDIT: Turns out the "strange behavior" is explained by a simple oversight. Keeping this question here in case anyone else overlooks it)
I hope I am asking this question right.
I have a ...
user456136
2
votes
0
answers
5k
views
Is it possible to hack a server with a SSTP_DUPLEX_POST request?
How is it possible to use the method : SSTP_DUPLEX_POST and the url : /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ to hack a server ?
I have this request in my logs from a well known malicious IP ...
- 21
0
votes
2
answers
183
views
How to restrict access between folders on the same virtual host
We plan to host WordPress Blog and an Ecommerce store on the same domain, so the URL's will look like this:
example.com <--- Magento Store
example.com/blog/ <--- WordPress Blog
Our main concern ...
- 173
0
votes
0
answers
45
views
.htaccess file hacked [duplicate]
How can we protect our htaccess file?
This code has appeared there several times now: (inserted by hackers)
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} (google|yahoo|msn|aol|bing) [OR]
RewriteCond %{...
- 1
0
votes
0
answers
34
views
Trojan:PHP/Obfuse.AR!MSR Detection by Windows Defender [duplicate]
I have an AWS server running Windows 2016 Datacenter. From the past few days, Windows Defender has been reporting Trojan:PHP/Obfuse.AR!MSR pointing to random phpXXXX.tmp files inside C:\Windows\Temp ...
- 193
0
votes
2
answers
799
views
Block all outgoing ssh traffic
My EC2 instance reported got suspicious activity and I got this email:
has been implicated in activity which resembles scanning remote hosts
on the internet for security vulnerabilities. Activity of ...
0
votes
2
answers
761
views
TCP modification in-the-middle and acknowledge number
For some private purposes I need to enrich HTTP header with additional information (which will be handled by app on the HTTP server side). The basic idea was to modify received packet, send it to ...
5
votes
2
answers
3k
views
Email smtp credentials keep getting compromised every now and then (laravel 7)
Just as the title says, we have a website that uses third party smtp credentials to send emails, but, we keep getting our smtp credentials hacked and used to send spams emails, which results in our ...
- 149
0
votes
0
answers
230
views
Are requests with no headers a sign of hacking?
I run a NodeJS web application with packages up to date and secured with a strong password and RSA for ssh.
The application runs on two domains. I check the request headers to get the domain and found ...
- 289
-1
votes
1
answer
664
views
Hack attempt Windows Server 2019 [duplicate]
I have a Windows Server 2019 VPS for hosting websites. It has all the latest updates. But somehow there is a (partial) hacking attempt. I first noticed it by the SMS I got for high CPU usage of the ...
- 101
0
votes
1
answer
354
views
Google redirect failing on symfony website
I am helping a friend with her website mainteinance and there is some strange behaviour that I do not fully understand.
When you search for her site on google.com, and click on her main website, the ...
- 101
73
votes
15
answers
60k
views
Should I respond to an "ethical hacker" who's requesting a bounty?
I run a small internet based business from home and make a living at it to feed my family, but I'm still a one man show and internet security is far from my area of expertise.
Yesterday I received two ...
- 818
0
votes
1
answer
322
views
How and where do you report "bad" servers?
I recently setup an nginx that was open to the world in order to serve an API to global users.
It's getting a lot of "prodding" (ie: weakness testing/hacking attempts) from an IP address ...
- 113
1
vote
1
answer
373
views
Guess current date/time on remote server [closed]
I want to know the current date/time of a remote server.
I do not have any access on this server.
This server expose OpenSSH (port 22) and apache2 (port 80)
Is there a fingerprint technique that can ...
- 461
0
votes
1
answer
315
views
How to prevent Apache2 malware execute
Is there any way to prevent to execute some unwanted malware in Apache2.
One of our clients Wordpress website is hacked and there was a files like /wp-content/uploads/2020/05/U27I0x
Those files ...
- 101
0
votes
3
answers
2k
views
Unknown IP trying to sign in to my phpmyadmin
I am very worried.
I have a little web server hosting a PhpMyAdmin page (in which they are some important databases). Yesterday, I posted a full new webpage on my server (but a very simple HTML and ...
0
votes
1
answer
363
views
I see an additional SSHD connection established from an IP that I don't recognise. Should I be worried? (output included)
Here's the output (I've changed my IP to 23.23.23.23)
[root@web01 centos]# lsof -i tcp:22
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 3705 root 3u IPv4 ...
- 101
0
votes
0
answers
32
views
Server hacked and lots of randomly named .php files in the webspace directories [duplicate]
So apparently my Server kinda got hacked. I don't think that someone got access to the root user or any other user but in every main directory of the www-data user there were a lot of weird files.
...
- 113
2
votes
1
answer
116
views
How do I know if an abuse report about unsolicited is actually about my server?
I received an Abuse-Message from the operators of dnsbl.de. To me it sounds like it has nothing to do with me, but since it is too serious I don't want to do "guess work" and check whether it really ...
- 177
0
votes
0
answers
28
views
Is someone trying to hack into my server? [duplicate]
I don't do server stuffs on regular basis, I was just wondering how to check SSH login logs and found that it can be checked using sudo cat /var/log/auth.log and checked on my server and there were ...
- 1
0
votes
1
answer
780
views
How's hacker used cgi script on Apache2 server to hack and delete database
Today one of my server has been hacked and hacker deleted my app database. And to restore back they are asking to pay money in BTC.
Well, I started investigating to Apache2 logs and found many ...
- 101
0
votes
2
answers
98
views
Server compromised or hacked
I don't understand how this subdomain appeared today: http://hainanbank.com.cn.croppio.com/.
I have only added https://croppio.com/ without any sub-domains.
I double checked the server configuration ...
- 113
0
votes
0
answers
69
views
Finding unauthorized user changing files
I manage a client hosting account on [color]host platform. It is a VPS account, running CENTOS 6.10 kvm [server] v84.0.16 OS. There are PHP/MySQL sites, along with WordPress sites. All WordPress ...
- 131
0
votes
1
answer
87
views
Why do I keep getting fake sign ups on my website?
I have a website and it is starting to get more users. To use the services offered by the site, a person has to sign up. The sign-up requires an email, password, and a five-number string for recapcha. ...
- 113