"security attack was stopped" I get this message in my email almost everyday. What does this mean? Should I worry?
security attack was stopped
 |
You probably need to disable the following options: Admin > Settings > Advanced Settings > Security: Breach Impact Threshold For Report: -1 Breach Impact Threshold For Report And Block: -1 They need to be fine-tuned to work properly for particular site. Rules → http://www.boonex.com/terms |
You probably need to disable the following options: Admin > Settings > Advanced Settings > Security: Breach Impact Threshold For Report: -1 Breach Impact Threshold For Report And Block: -1 They need to be fine-tuned to work properly for particular site. So do I need to just set them both to zero? How do I disable them? Thanks. |
Disabled is -1 https://www.deanbassett.com |
both are already at -1 any more ideas why this would happen or is my site just really trying to get broken into? |
We will have to wait for AlexT to explain that one. When disabled, those messages are not suppose to occur. https://www.deanbassett.com |
polpular / known sites are attacked in someway hundreds of times (if not more) daily! My own site is attacked all day long, thousands of attempts, day after day ... make sure you have measures in place to try stop these attacks being successful.
There's loads of 'script kiddies' out there with nothing better to do!
both are already at -1 any more ideas why this would happen or is my site just really trying to get broken into?
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
polpular / known sites are attacked in someway hundreds of times (if not more) daily! My own site is attacked all day long, thousands of attempts, day after day ... make sure you have measures in place to try stop these attacks being successful.
I'm getting the attacks as well, taking my server down sometimes. I'm unable to stop them. Guess it goes with having a popular site. ManOfTeal.COM a Proud UNA site, six years running strong! |
No sh*t ....! Before I understood about all this I was DOS attacked and taken down for weeks a time including other attacks! These days I don't really suffer with any of that but there are constant hack / attack attempts whether in be via my actual site or server etc. Logs / records usually show thousands of hack / attack attempts daily ... Everyday I check records for the amount of failed login attempts on my biggest site and these reach into hundreds alone (people trying to hack into other users accounts). It is a none -stop battle and learning process preventing attacks / hacking.
polpular / known sites are attacked in someway hundreds of times (if not more) daily! My own site is attacked all day long, thousands of attempts, day after day ... make sure you have measures in place to try stop these attacks being successful.
I'm getting the attacks as well, taking my server down sometimes. I'm unable to stop them. Guess it goes with having a popular site.
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
Well, there are loads of things and tools you can take advantage of to prevent hacking and attempts!
I'm getting the attacks as well, taking my server down sometimes. I'm unable to stop them.
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
The truth is though if someone truly wants to hack / attack your servers or sites and they have the 'know how' there is NO protection! Facebook is a great example of that! They claim to have thousands of staff working daily against attacks and hacking and FB no doubt have the best prevention tools around >> and they are still successfully hacked and attacked non-stop which they openly admit and is well documented across the web. DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
The truth is though if someone truly wants to hack / attack your servers or sites and they have the 'know how' there is NO protection!
Well not so true, my home server is under constant attack as well as my commercial server. The one module that stops those and bans them in the future. That, I have installed on every single server setup I do.. http://www.fail2ban.org/wiki/index.php/Main_Page Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs -- too many password failures, seeking for exploits, etc. Generally Fail2Ban then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email, or ejecting CD-ROM tray) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, curier, ssh, etc). ManOfTeal.COM a Proud UNA site, six years running strong! |
I don't understand ... ? Well not so true,
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
I don't understand ... ? Well not so true,
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs ManOfTeal.COM a Proud UNA site, six years running strong! |
Yeah I get this part, but the thing is an attacker could have access to thousands of IP's and is open to try all kinds of attacks one after another until they realize they have no chance OR they are successful ... if one IP gets blocked and one type of attack fails >>> they can get new IP and try something else! it could go on forever ... I'm sure 'professional' hackers, attackers, organizations and similar could hack servers, websites etc and gain whatever data they wish without detection whatsoever if they wish ... There are people that create protection but there are even more people who enjoy spending time learning it, mastering it and finding a way around such things ... Government sites, Banks, Military databases and weapon systems all get hacked and attacked successfully non-stop and these people know this game and do have the best behind them! I have a Indian friend who is paid by blue chip companies to hack their company servers / sites / databases / whatever and get around their systems on purpose so they can learn from it and try to make their security better. It's a non stop game. They improve their security and he finds away around it.
I don't understand ... ? Well not so true,
Fail2ban scans log files (e.g. /var/log/apache/error_log) and bans IPs that show the malicious signs
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
Just suggesting a good start to server protection, without this it's worse. Yes they have thousands of IP, but it stops them all on the third try, then moves on. I'd prefer that to constant attack from only one IP, at least I'm making them work harder. I also know the site that is being attacked, but won't name it. Haters are too funny. ManOfTeal.COM a Proud UNA site, six years running strong! |
Have a look at snort or sagan if you're looking for opensource NIPS and NIDS. For the frontend you could use something like snorby to simplify things a bit. Dedicated servers for as little as $32 (28 euro) - See http://denre.com for more information |
fail2ban is a GREAT utility! I used it when I had my own server at my house. Use it! AND look at your logs daily. They'll either scare your or make you laugh. fail2ban was one of the reasons I changed ALL My passwords to 16 characters, randomized capitol and lower case. When I switch over to a dedicated server, I'll be using 32 character, upper/lower and special characters thrown in just for fun. http://www.mytikibar.com |
I disabled the mail server on my dedicated server. If I enable them back the site will send more than 60,000 mails daily. I had My passwords to 16 characters, randomized capitol and lower case. But still get hack.
|
So. How did this get so far off topic? https://www.deanbassett.com |
They'll either scare your or make you laugh.
fail2ban was one of the reasons I changed ALL My passwords to 16 characters, randomized capitol and lower case. Exactly, and Deano, we are a bit off but still... the name of it and we are making suggestions. Denre, are those cartoon characters or for real.. lol ManOfTeal.COM a Proud UNA site, six years running strong! |
Just got the same report with thresholds set to -1. It's a great day! |
And again today!! Says the REMOTE_ADDR: is my address. Total impact: 10 Affected tags: dt, id, lfi, xss, csrf
Variable: COOKIE.memberSession | Value: /t,FUzrk2vg8TEr3EW/./+X2uTVNM?=! Impact: 10 | Tags: dt, id, lfi, xss, csrf Description: Detects basic directory traversal | Tags: dt, id, lfi | ID: 10 Description: Detects obfuscated JavaScript script injections | Tags: xss, csrf | ID: 25
REMOTE_ADDR: HTTP_X_FORWARDED_FOR: HTTP_CLIENT_IP: SCRIPT_FILENAME: /home/outedear/public_html/modules/index.php QUERY_STRING: r=simple_messenger/get_operation/new_messages&_r=0.17360632377676666®istered_chat_boxes=2%3A34%2C1%3A45%2C REQUEST_URI: /modules/?r=simple_messenger/get_operation/new_messages&_r=0.17360632377676666®istered_chat_boxes=2%3A34%2C1%3A45%2C QUERY_STRING: r=simple_messenger/get_operation/new_messages&_r=0.17360632377676666®istered_chat_boxes=2%3A34%2C1%3A45%2C SCRIPT_NAME: /modules/index.php
PHP_SELF: /modules/index.php It's a great day! |
To disable - make sure that both settings are set to "-1", just for sure you can also delete cache, or event better manually clear /cache/ folder by removing all files leaving only one .htaccess file there. We will have to wait for AlexT to explain that one. When disabled, those messages are not suppose to occur.
Rules → http://www.boonex.com/terms |
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.
The new Dolphin solution is powered by UNA Community Management System.