webserver – Page 15 – WindowsTechs.com

How to know if the response is from the CDN and not the origin?

Posted on December 23, 2020 by Bahamas

I am doing some bug hunting. I inserted a malicious payload into a request. But I am not sure if the response is from CloudFlare or the origin. Are there special headers which help me to distinguish the origin from the CDN? I always see th… Continue reading How to know if the response is from the CDN and not the origin?→

Is it possible to know the keep-alive time supported by a web server?

Posted on December 21, 2020 by sleep

I’m testing a web server that may be vulnerable to denial of service because of the time server keeps alive conections of the clients, I found that in a qualys report I launched against the webapp. I was searching for a kind of benchmark o… Continue reading Is it possible to know the keep-alive time supported by a web server?→

has my server been hacked?

Posted on November 22, 2020 by Lucio Crusca

I manage a Debian GNU/Linux web server (Debian 10 Buster with its bundled 4.19 kernel). I put in place simple iptables logging rules a long time ago, among other things. Here they are:
# iptables -A OUTPUT -d [mySmtpSmarthost]/32 -p tcp -m… Continue reading has my server been hacked?→

Does a log entry with "SPT=81" despite nothing listening on that port indicate my server is hacked?

Posted on November 22, 2020 by Lucio Crusca

Hijacking of my site

Posted on November 20, 2020 by cmceachern

I have my site xyz.mysite.com this is sitting on Cloudflare. I was reviewing my Apache logs and I saw a website as a referrer I did not recognise. I went to the site and it redirected to my site xyz.mysite.com totally bypassing Cloudflare… Continue reading Hijacking of my site→

What (aside from the law) prevents cloud-hosting owners from eavesdropping on servers/code?

Posted on November 18, 2020 by Asker

Given a server hosted on a cloud platform, what would stop the cloud platform owner from stealing the server’s data and/or code?
As far as I can tell, a motivated cloud owner could retrieve the data in its servers while keeping plausible d… Continue reading What (aside from the law) prevents cloud-hosting owners from eavesdropping on servers/code?→

Access device securely and with minimal effort via the internet

Posted on November 16, 2020 by Julian Suck

I develop devices that measure certain data. The data is visualized by a web application running in the browser (a dashboard with all sorts of diagrams). The static files of the web application are provided by a web server running on the d… Continue reading Access device securely and with minimal effort via the internet→

Bruteforce attack on server [closed]

Posted on October 29, 2020 by Igor Lerinc

how to create bruteforce attack (not dictionary attack) using tools in kali linux.
can in that way someone bruteforce in my server and how long it would take if my password have 8 characters (just letters)

Continue reading Bruteforce attack on server [closed]→

Getting an abnormal amount of firewall warnings on web server

Posted on October 22, 2020 by pigeonburger

I just had a look at the firewall status and saw it had blocked over 300 requests from TOR, Python Urllib, and some script called aabbccdd.xss.ht/pigeonburger.xyz (pigeonburger.xyz being my website).
All of them are trying to access a non-… Continue reading Getting an abnormal amount of firewall warnings on web server→

How are hidden private URLs being "leaked" to third parties?

Posted on October 19, 2020 by St Flipper

We’re hosting a web site where the server processes a stream of images, generating a unique ID (uuid) for each new picture and storing various data against the ID in a MySQL database. The site is monitored through a protected dynamic (AJAX… Continue reading How are hidden private URLs being "leaked" to third parties?→