Questions tagged [hacking]
Hacking is the violation of server or network security via exploitation of weaknesses in that security.
481 questions
634
votes
13
answers
175k
views
How do I deal with a compromised server?
This is a Canonical Question about Server Security - Responding to Breach Events (Hacking)
See Also:
Tips for Securing a LAMP Server
Reinstall after a Root Compromise?
Canonical Version
...
- 6,440
75
votes
15
answers
65k
views
Should I respond to an "ethical hacker" who's requesting a bounty?
I run a small internet based business from home and make a living at it to feed my family, but I'm still a one man show and internet security is far from my area of expertise.
Yesterday I received two ...
- 838
0
votes
1
answer
934
views
Wazuh agent not connecting to server
I have 1 Wazuh server and 2 Windows 10 agent machines.
Wazuh Manager: 10.1.0.3
Agent1: 10.0.2.2
Agent2: 10.1.0.4
All firewall rules are turned off and set to ALLOW ALL
Wazuh itself is functioning as ...
0
votes
1
answer
381
views
Unprompted Microsoft Authenticator Prompts
This is the second time I have gotten an authenticator prompt in the past 3 months unprompted.
After the first time, I reset my password on a mobile phone (the mobile phone is patched as far as I know)...
- 101
1
vote
1
answer
117
views
btmp is showing me a login duration over an hour. How can a failed login last that long?
I was watching a server console for results of my own activity and was bombarded by someone trying to do GET on a long alphabetical list of files/directories. I checked lastb and found some entries ...
- 111
77
votes
3
answers
164k
views
Block range of IP Addresses
I am getting bombarded with attempted hacks from China all with similar IPs.
How would I block the IP range with something like 116.10.191.* etc.
I am running Ubuntu Server 13.10.
The current line ...
- 887
2
votes
2
answers
6k
views
Is it possible to hack a server with a SSTP_DUPLEX_POST request?
How is it possible to use the method : SSTP_DUPLEX_POST and the url : /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ to hack a server ?
I have this request in my logs from a well known malicious IP ...
- 21
58
votes
6
answers
7k
views
Reinstall after a Root Compromise?
After reading this question on a server compromise, I started to wonder why people continue to seem to believe that they can recover a compromised system using detection/cleanup tools, or by just ...
- 134k
5
votes
3
answers
21k
views
SSHD: Difference between "connection closed..." and "disconnected from..." in log file
The sshd service on my Ubuntu server is under constant attack for various IP and user id.
According to /var/log/auth.log file, there are three different types of fails from unknown id and IP address:
...
- 153
1
vote
0
answers
69
views
weird /ws/info requests on our server: is our client compromised?
We have a big website on a virtual server that runs fine. We have a few hundred clients. Since a few weeks, we saw that with exactly ONE of these clients there were 404 references to hrefs like www....
- 111
-3
votes
2
answers
2k
views
Network is gone when I start arp spoofing [closed]
So for context I have two virtual machines one is running on kali linux which is the "Hacker's" machine and the other one is running on windows 10 pro which is supposed to be the victim's ...
23
votes
4
answers
22k
views
Someone is trying to brute force SSH access to my server [duplicate]
By coincidence I looked at my servers ssh log (/var/log/auth.log) and I noticed that someone is constantly trying to gain access:
Sep 7 13:03:45 virt01 sshd[14674]: pam_unix(sshd:auth): ...
- 1,677
31
votes
4
answers
8k
views
Weird SSH, Server security, I might have been hacked
I am not sure if I've been hacked or not.
I tried to log in through SSH and it wouldn't accept my password. Root login is disabled so I went to rescue and turned root login on and was able to log in ...
- 442
39
votes
7
answers
19k
views
How can I block hacking attempts targeting phpMyAdmin?
My website gets thousands of hits daily from different IPs trying to access:
/php-myadmin/
/myadmin/
/mysql/
...and thousands of other variations. None of these directories exist, I don't even have ...
- 513
-1
votes
1
answer
76
views
Can already opened event log screens of powershell on windows event viewer can be hacked offline by hackers? [closed]
Can Windows powershell give me fake or altered outputs if I use common commands primarily used in powershell checking hash codes is option but they can be altered too theorically so its not that ...
