Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
My website was hacked and my homepage was changed again and again. Is there any tools or any ASP sources can protect it from editing?
I set the attributes hidden, read and system to the index.asp files, well, it was changed by the hacker again.
Notes:
My site was hosted in a shared server
My website was hacked by a china chopper before
I have cleaned server hidden asp files..
To put it bluntly, secure your server it will stop the hackers editing your pages :)
It sounds like your server has been compromised at a higher level, if this is a hosted solution (by a 3rd party company) they need to fix their servers. Unfortunately I've seen smaller hosting companies never fix the problem and just replace the files back and blame "poor coding" when the problem is actually "stupid system admins that don't know what they are doing". If this is the case, move to a different host. If this is your machine and you are hosting it, rebuild the entire machine it sounds like it has been compromised.
For your site 1st you need to check some security measure like there may chance that your web site vulnerabilities . With following attack like SQLinjection, Blind SQl , XSS, Oracle Padding Attack, DOT-NET-Nuke etc .
2nd thing as #silver said may be your host is responsible for all this thing like many time on IIS there is major security issue if your other site which is hosted in the server is having some vulnerabilities so attacker or hacker can access of the server throw PHP-Shells and Some ASP or ASPX shells. So for this issue you need to choice the good host :)
Related
Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 12 days ago.
Improve this question
How can I check if website can be viewed without getting blocked by firewalls like the ones in the schools or in the public places?
I want my website to possibly be viewed from everywhere.
I have Cloudflare DNS and an SSL Certificate from Let's Encrypt
Thank you!
I don't know what to try.
I hope you have only the best intentions with this 😬
I first want to point out, that there are many different scenarios of your site to get blacklisted/blocked. Which would reach from a school blacklisting you to a government DNS blocking your website.
In contrast there would be whitelisting e.g. the school deciding that the people in their network only can view this list of websites. In this case you could do very little to be reached from this network.
To circumvent the blockage of a website it normally requires the user to get around it e.g. by using a VPN.
That said, it seems to me that for a new site it would be most effective to not get blacklisted in the first place.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
My old parents have been hacked/virus-ed for the nth time.
I have an old HP server.
I thought of rebuilding it with VMWare (free version) or Oracle virtualbox and having them use windows in a controlled environment. I would back it up and patch it, etc. Maybe they RDC to my server.
I assume I would need a Windows server license to allow multiple connections. (I could also use it for myself to host Plex media server.)
At a 10,000 foot level, is this possible or just a technology quagmire?
Super User SE might be a better place for this.
Anyway: Are they using it for anything windows-specific? My parents used to use my Linux-based computer for web browsing, now they use an Android tablet for the same. Running a virtualised Windows on top of the former could've been an alternative. Also, backing up and rolling back is easier if you use virtualisation, just use something else for permanent data storage. Maybe a remote storage with backup and rollback (for ransomware) either your own infrastucture or in the cloud. (like syncthing, owncloud, etc.)
I'm assuming here they don't have trade secrets or plans of a home-built nuclear plant or anything that kind.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 7 years ago.
Improve this question
Currently for a company dedicated hosting server, there are a large amount of 403 errors being generated by the company IP for a specific website, while no one from the company is accessing that site. There are a large number of client sites, as well as a staging site hosted on this server, to which the hosting company locked out the company with the reason "a brute force attack was launched from IP address ... (the company IP)". Is there any way the IP could be used by an outside source, or would there be some software, malware, or general error that could be causing this? I'm far from a security expert, and at a loss while the hosting company is not able to give clear answers other than to offer to disable their "mod_security firewall".
Thanks!
You should be able to track on your companies firewall (outbound) what local machines are spamming this external server with requests.
The 403 is just a bi-product of a different problem - the spamming appears to be the root problem. 403 is showing because the request is likely to be malformed and not accepted by the hosted web server.
It is not possible to "steal" an IP when talking about TCP/IP so if the hosting provider detected that it is true.
If you have no firewall where to monitor that and the head of IT thinks does not think that getting one is a good idea..... Go to http://careers.stackoverflow.com/ and start looking for another.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I have outsourced the programming of an iPhone app.
The programmer has requested access to a server to uploaded data from the app which is a necessary part of our app.
However I have never met the programmer.
I don't have any programming skills, and wouldn't know what he has uploaded to the server.
So therefore,
Do you know of any solutions to my issue of ensuring that the server is only used for the purpose of our app, and not for running any other code.
I intend on using amazon servers, but could use another option depending on the answers
There is no easy "magic bullet" - You will need to trust someone whatever you do.
Either you will need to trust your developer to use the server correctly. Or you will need to trust an experienced sysadmin to set up the server properly and give defined access rights to other users.
In my experience, it is unlikely that a developer you hire will use your server for malicious purposes. However it is quite likely that either:
They will use the server for some other, non-malicious uses on the grounds that "no-one will notice" (e.g. transferring a few files). Probably not a big issue as long as they are sensible.
They will make a mistake with config / security that will allow others to gain unauthorised access. This could be a big problem - you could find your server hijacked and your customer data compromised.
Basically it all comes down to trust, your tolerance for risk, and how much you are willing to pay an expert to run this stuff for you.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
Let's take a wordpress site as an example, as you guys know, wordpress' admin panel can be accessed only through site/wp-admin. My question is if I used .htaccess file to deny all access from other IPs except mine, will my site be safed from hackers?
Note: To keep things simple, let's assume that the site contains only static contents, with the contents retrieved from the database, IMHO if there's no input for the hackers than there's no way that the site can be hacked with XSS, sql injection, etc. Please correct me if I'm wrong even a wise man like me can be wrong. :)
.htaccess is useful for security, but it does not guarantee invulnerability from hackers, even with all of your assumptions. http://www.cmswire.com/cms/web-cms/how-they-hack-your-website-overview-of-common-techniques-002339.php
Using .htaccess alone to restrict access to a URL by IP address is a "good enough" solution in that most of the time it will work just fine. There are certain pitfalls however, like if your IP address changes, you have to go into the console and update your .htaccess file, which isn't a huge deal but also inconvenient.
IMO you'd be better off focusing on using SSL (SSL certificates are cheaper than ever!) to encrypt all traffic to your site (or at least your admin panel), and choosing a strong admin password, than you would trying to restrict access to your admin panel from unknown locations.