Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
On our Linux machine we have found this content of /etc/hosts file:
127.0.0.1 localhost
# *********��������Ϊ360��ȫ��ʿΪ��������ľ����������******************
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
...
...
There are more than 20 similar lines in the file.
What is this? Is this an attack?
Thanks for any idea.
Zlaja
Looks suspicious because typically there won't be more than 2-3 entries pointing to 127.0.0.1. However, an attacker may not gain much by redirecting the domain name lookups to 127.0.0.1 - unless the attacker runs a local server to capture the requests targeted to those domains. Do you see any suspicious process with a listener socket open? If true then it is likely to be an attack. Also search the web for those domain names. If it is an attack you will find more information about it. If all these turn out to be negative then it may not be an attack.
Is it possible that there is a security program (similar to denyhosts) running on your server which automatically registers suspicious hostnames as 127.0.0.1 in order to ban accessing those hosts by name?
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
in our company we have a Ubuntu 16.04.5 server, where we keep our intranet website and some other simple sites. All works good, but we can access the server using two names like - http://server/website/ and http://server1/website/ . I checked all apache2 files and all host files and I did not find anything related to the name server1, only hostname server. Maybe someone can help me figure out where something like this is configured on how to turn it off.
For me this is normal situation. You have configured one site on this machine. But your DNS server have two records for the IP of the machine. And when you reach apache via first hostname you get the site as it is defined. When you reach the machine via second hostname apache check the hosts defined and see there is no special definition for this hostname and serve the request with first configured host.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
Given:
a domain w/ gofather: gloriousdomain.com
w/ nameservers pointing to server w/ hostcrocodile
a subdomain: sub.gloriousdomain.com
a server w/ digitalpond and ip: 123.456.78.9
an A-Recordin hostcrocodile pointing sub.gloriousdomain.com -> 123.456.789
How do I make it so that when I enter sub.gloriousdomain.com in my browser it doesn't just reroute me and change my url to 123.456.78.9
cases where it's worked before
wordpress :
when you first set it up, it does the whole route to ip thing
then you finish the setup w/ it asking the subdomain and magically it's fixed
redmine
routes to ip until you type in the subdomain
Interesting facts
When I ping 123.456.78.9 it pings back 123.456.78.9
I thought passenger on top of nginx was doing some work helping the resoloution for redmine and that's why it worked, but to test it I stopped the service and pinged my redmine box
It turns out it was my ISP.
I reset my router thinking perhaps it was caching the page, turns out it was the ISP, they were serving me a cached version.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
The issue is that i cannot determine what domain name system external servers use.
I want to be able to spot which kind of domain name system client is a server using without having actually access to it.
I have tried several commands on n map with domain name system searching script, but the result is not clear.
For ports open i can use n map.
Is there a solution for domain name system spotting too ?
There is nothing within the DNS protocol which will do what you are asking for. Which port does not matter as port 53 is the standard DNS port and all DNS server regardless of what software they are running will respond on port 53 and will return data in the same way. Without access to the remote server you would not be able to identify what DNS server software they are running.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I use an Linux Server for nat device.
Currently it looks like [PC1,2,3]--[Linux]--[Internet]
There is no issue at all , but I'm curious about , when I open a service (ex: FTP WWW ) on my PC1 , did my [Linux] also opened a port service on it ?
I did trace code for the
CONFIG_NF_CONNTRACK_FTP
CONFIG_NF_NAT_FTP
but I cant find related code about port open.
Thanks for your read.
There are various techniques used the make a router/firewall automatically forward ports to its clients. For example there are some protocols like: IGD, NAT-PMP et similia.
But those protocol need to be implemented both on router and on client. So automatic port-mapping won't work out of the box in many cases.
The lines in kernel config you are referring to CONFIG_NF_CONNTRACK_FTP CONFIG_NF_NAT_FTP are used for another reason: due to the fact that FTP protocol use two different tcp streams for comunication (one of which does not have to be "listened" by the server) your firewall needs extra "effort" to track the connection and act accordingly.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
My domain's A records are:
Host: Points to:
# 66.6.44.4
experiments 188.121.46.1
The # points to my Tumblr blog, and the experiments subdomain points to my hosting.
The problem I'm having is, experiments.example.com is somehow redirecting (curl shows that it's a 301) to example.com/experiments/. I've checked http://whatsmydns.net and it too confirms that those hosts point to those IPs.
How is this happening? I've emptied my DNS cache a few times so I don't think it's that. Where is that redirect coming from?
Thanks.
Actually this is not a DNS problem, but a webserver issue.
Your webserver running at http://experiments.example.com redirects to http://example.com/experiments/. So check your Webserver configuration to find any redirect directives.
DNS only resolves names to IP addresses. It does not redirect HTTP requests.
HTTP is a protocol. With http://experiments.example.com you connect to a server experiments.example.com (IP 192.0.2.46) on port 80 where your webserver listens, accepts the request and redirects it to http://example.com/experiments/ and your broswer follows this redirect querying host example.com (IP 203.0.113.42) on port 80 to GET /experiments/ there.