Newest security Questions

Q&A for system and network administrators

Tomcat running on Windows - vulnerability

I'm trying to secure Tomcat running on Windows. When I try the test for this vulnerability cve2015-1635, curl -v -X GET -k --insecure -H "range: bytes=bytes=0-18446744073709551615" https://localhost/...

Sage2.0 Ransomware and Tomcat 7

We have a tomcat server running on window 2012 server which seems to be constantly being attached by Sage 2.0 ransomeware. Some details of the sever, 1) Tomcat is running on port 80 and 8080. 2) ...

tp-link advanced security settings [on hold]

Im a newbie with the routing world. I have an TP-LINK WR841N v9 I would like to know that should I set in the Advanced Security the; DoS Protection Enable ICMP-FLOOD Attack Filtering Enable UDP-FLOOD ...

MySQL hacked on AWS AMI: 'Pay to get data back' - how could this be possible and how to avoid it next time?

Today morning I noticed that some of the websites I host on a EC2 instance aren't working. When I verified the MySql database, it was wiped out! :( The only thing I have found was only a record ...

What to do about automated scans? [closed]

What is the reaction I should have for automated scans? I have thought of: Manually reporting the IPs to their ISPs/hosting Banning the IP for two weeks or a similar time Waste bot's time/throwing ...

Handling keyboard-interactive inputs with Ansible

I have setup a few GNU/Linux (Ubuntu and Amazon Linux) servers to prompt for Time-Based OTP using google-authenticator module for PAM and the keyboard-interactive:pam SSHD authentication method. I'm ...

Apache access control database

I work on Apache 2.4.7 server that filters out requests based on blacklist of IP addresses. At the moment they are stored in a database. Is there a way to deny access for specific domain - IP ...

Set tomcat to production mode

I am running a Tomcat on AWS. The problem is that when a request crashes with an exception, tomcat not only sends the 503, but also sends the exceptio stack trace in html, exposing my source code to a ...

Hacked by ruined@india.com [duplicate]

I was happily working on my Azure VM playpen last night via a remote desktop session. When I logged on this morning I was presented with the attached message: The VM contained nothing of value and ...

What exactly is Identity server and what is the purpose of using it

Currently I am working on a single sign on middleware application and I am confused with identity server and LDAP. I got to know LDAP is used for identity provisioning means it contains user records ...

Linux equivalent of Unix who -m command, to show original user ID before su?

I'm trying to find a Linux equivalent of running who -m in Unix. In Unix, who -m gives the first user ID you used to log in, before starting any new shell sessions through su, etc. The -m switch to ...

Can Asterisk's phoneprov module be used securely?

I'm using Asterisk 13.1.0 as packaged by Ubuntu Server 16.04 to run a pure-VoIP phone system. Asterisk has a module – phoneprov – that allows it to template out configuration files for ...

Design enterprise architecture for an information system [duplicate]

I am trying to design an architecture for an information system that will have 2 million active users in the first 3 years, and it plans to scale with 30% in the next 3 years. My questions are as ...

AD Administrator account logon mystery - last logon timestamp

We've found the domain Administrator account - which we do not use except in the event of a disaster recovery scenario - has a recent date in the LastLogonTimeStamp attribute. As far as I am aware, no-...

CentOS SeLINUX user mapping

I am trying to get the user mapping for seLinux in latest release of Centos. For some reason, when i do semanage login -l it returns nothing. What can be the cause? [root@localhost ~]# ...

restrict forwarding existing email in office 365

Multiple users were given permission to read a mailbox folder in exchange online. However they should not be able to forward / print / copy / paste those emails, basically the function of Azure Rights ...

Confusion about SSL certificates on Windows (PFX)

I'm trying to create a company-internal CA to get rid of all the SSL exceptions needed for our servers, but while creating the certs, I got some doubt about the security implications of doing so. The ...

Is Azure Point-To-Site VPN secure enough to use for 3rd party access?

I need to give some customers access to my server(Azure VM) via either FTP or SQL (they want to retrieve files via FTP and want to connect to a special database), no remote desktop. Currently I'm ...

Can apache mod_cache cache responses for an https-only resource if apache terminates the ssl connection?

If an apache server is acting as a reverse-proxy that terminates the ssl connection, is it able to cache responses? I know that the encrypted responses with ssl cannot themselves be cached, but if ...

debugging aws permission denied errors

I've run into this issue many times over the past few years, and i've had enough ! I've lost countless hours to this, so just wondering if i'm missing something obvious. When using AWS, is there a ...

Disable SCTP in SLES 11.4

I have to ensure SCTP is disabled in a SLES 11.4 system. The security manual I am following states: Disable SCTP Ensure sctp is not loadable $ modprobe -n -v sctp install /bin/true ...

Bastion Server + EC2 Instances

I would to protect my VPC using a bastion. So I add to the bastion only the public keys. But I have some EC2 instances inside my VPC. Do I need to add the public both to bastion and EC2 instances?

How to avoid RFC1918 A record, leaking on the external network? [closed]

How to avoid RFC1918 A record, leaking on the external network ? I can use the view to achieve my request ,but when the dns record more and more in the management will become very troublesome. I ...

MySQL SSL: SSL_CTX_set_default_verify_paths failed

I have been trying for a few days in get SSL working with MySQL. This is the setup I currently have: MySQL 5.7.17-0ubuntu0.16.04.1 This is the error I am receiving when I start MySQL Server ...

How to track what is overusing my server? [duplicate]

I am using CentOS7 on my dedicated server with i7 3770 processor and 32GB ram. When I check uptime [root@server public_html]# uptime 21:12:21 up 1 day, 4:57, 3 users, load average: 6.67, 6.29, ...

Is it possible to completely hide website's IP from everybody including the website's users?

There is a good article on how to protect your origin IP in https://blog.cloudflare.com/ddos-prevention-protecting-the-origin. All is good and clear on that page except when it comes to mail server, ...

PHP and JAVA ec2 configuration guideline [duplicate]

We are group of people who deploy the application on PHP and JAVA. Before this, we have faced many issues related to security. For example, we keep uploading files through WinSCP which need 755 ...

Php functions are disabled, but somehow they can be executed

I had one problem on my server today and I discovered malicious code which is used to gain access to my system for attacker. I have downloaded that php script, but what was weird is that I saw ...

Configure OpenVPN to block clients by OS?

Is there a way to configure an OpenVPN server so that it restricts the clients that connect to it by operating system? We currently use an OpenVPN server to connect our laptops to our servers on AWS (...

Constant Audit Failures in Event Viewer from Users not logged on

Let me start off with some details on my environment: Windows Active Directory Domain Environment Domain Controller: Windows Server 2003 R2 Problem Workstation: Windows 7 Professional 64-bit Lately ...

how to disable run via search on Windows 10?

We are trying to prevent our users from running various commands that we don't specifically approve. We have implemented Applocker, but that doesn't prevent the user from running commands beginning ...

Please help identify any weird processes [duplicate]

I'm in need of a hand. We recently had a server compromise and manage to do a nice clean but I'm trying to get rid of the bug without moving server. Can anybody review the running processes below ...

Remove domain from HPKP preload list

So, this is a fun story regarding HTTP Public Key Pinning (HPKP) and HTTP Strict Transport Security (HSTS). I was playing with the HTST Always and HPKP preload options, not being fully aware of the ...

Implementing 2 -Factor Authentication

My company access a Third-party website, that uses a simple username + password authentication method. This vendor could restrict the application access (website) to a defined ip range. We are trying ...

Nonexistent domain folder reappears with malware [closed]

If I'm sure the domain is not registered any more (since almost a year) I've deleted the FTP account to the folder of that "Addon Domain", deleted the folder, changed root cPanel's user password and ...

Can GlassFish or Payara be configured to specify server preferred order of cipher suites?

I would like to prioritize cipher suites so I can implement perfect forward secrecy. I am not sure if this is feasible in GlassFish or Payara. We are currently running Payara Server 4.1.1.154.

Ubuntu: apply security updates only if package age is at least x days

We apply security fixes automatically (via puppet) on our servers. If a bug/regression is added to the security update, we get it until it is fixed. Such updates often are fixed in the next 3 days. I ...

UFW (firewall) not blocking UDP right away

I have a PBX (phone system called Astersik) that works with udp and tcp. Sometimes I get invalid request from some IP addresses that I will like to block. I cannot block those requests until I reboot ...

Azure Active Directory account auto-expiration

I need to set some user accounts in AAD to expire in some time. For example, students in the university should not be allowed to access class sharepoint site after graduation (4 years). Is their some ...

Audit Logon Events not turned on but still generates 4624 events

Why would a Windows Server still generates 4624 events (An account was successfully logged on) in the Security log even though the Audit Policy's Audit logon events value is set to No auditing.

How do I list all new accounts created on CentOS Linux 7.2.1511

I employed a freelancer to check my security on my server and as well as overcharging me he has behaved very unprofessionally; not outlining the work he did and indulging in sarcasm and arrogant ...

Monitoring stats published on our site, should we?

So this could also fit @InformationSecurity as some concerns are related to security. We are building the website for our gameserver hosting project and we would like to be as transparent as possible ...

MongoDB User Management Best Practice

I'd like to know whats the best practice for MongoDB user management. Should we add non-admin users in admin database and give them permission to access the database they are designated to have write ...

Securing SSH with key-based authentication - how to “secure” the key itself? [on hold]

At first I would like to ask I am not server administrator nor network administrator on daily basis, so the question may sound silly to some of you. I have few servers (OVH, if that makes any ...

How to limit access for a user within Windows

I want to allow people to build their Electron apps on a Windows environment. For me to do this, I accept jobs in via SQS and have a listener that runs the build process within a "workspace" folder. ...

CentOS 6 local update repository and security updates

I know that official CentOS 6 (even 7) update repositories does not provide security information. The consequence is thatyum-plugin-security plugin and yum check-update --security command does not ...

Securing CentOS traffic [closed]

@Moderators: First of all, please don't move this thread to already answered section. I want to encrypt traffic on my Linux system. All incoming and outgoing network traffic should be encrypted using ...

Should a deployment user have his shell set to /bin/false?

I deploy web applications by "sandboxing" each application under its own UNIX user account, behind a common nginx reverse proxy that also serves static files. Each account runs the application server, ...

Securely installing mongo using puppet, while checking in the installation to online repositories

We are trying to install mongo authenticated using puppet. But we don't want to check in the password to github. Is checking in password_hash a safer option? Or can password_hash be used to login to ...

How to find this malicious script from server? http://1760468715 [duplicate]

One of our server has been battling with hackers quite some time. They somehow have turned off the firewall and, where the web app has 301 redirects setup, it replaces them with http://1760468715 URL. ...
Translating... 0%