aelius

Mai omule, pe site este HTTP sau HTTPS, nu e FTP. Ce legatura vezi tu intre ele ? Tu ai acolo cel mai probabil un utilizator si o parola de la backend (sectiune administrare site), caz in care va trebui sa cauti PATH-ul de administrare (URI)

20-22k vizite / zilnic. - Tara: 99% romania - Website: games / flash games Intrebare: Ce dimensiune iti trebuie la iframe si cat oferi pentru traficul specificat ? Nota: nu este site-ul meu, te pun in legatura cu omul, daca este de acord cu pretul.

Din respect pentru unii, nu o sa ma intind sa fac un post cat doua A4 (desi, cred ca ar fi multe de spus). Titlul la acest thread este putin cam deplasat: Daca un moderator sau un admin a facut o gresala, nu inseamna ca tot RST-ul este asa. A spune "Pupaturi in cur marca RST" e ca si cum ai zice ca aici e o comunitate de pupincuristi. Mie imi suna a generalizare si chiar nu este ok. Sfat: Mergeti la sala si varsati-va nervii pe gantere / haltere! Eu cum de nu ma cert cu nimeni ? Faceti glume cu cine accepta glumele si invatati cand este momentul lor si cand trebuie sa va opriti.

Pai daca va pun eu intrebari, va deturnez chat-ul cu totul. Am mai incercat si s-a facut liniste. Sa spuna Usr6

@ANYK: Daca mai postezi rahat la "Anunturi importante si regulile forumului" iti dau ban. Thread closed si mutat la cos.

@askwrite: se referea la altceva, din cate vad in acel context. Si chiar daca ai fi idiot, nu te-a facut el. El doar ti-a spus Hai, pe bune, nu va mai vaitati precum muierile.

Ne bagam pula-n biserica. Da, sunt crestin dar in Romania, bisericile sunt institutii de muls banii cetatenilor. Basca, nu platesc impozite catre stat si au gramada de business-uri ce functioneaza sub tutela mitropoliilor. O gramada de cacanari ce se roaga la lemne si picturi. Scrie si in sfanta scriptura, sa nu iti faci chip cioplit si sa te rogi la el. Deci muie la popa. Credinta trebuie sa fie gratuita, nu sa dai bani la un escroc sa-ti cante.

Closed.

Trebuie sa oferi ceva sa fie de interes pentru utilizatori, altfel nu vad de ce ar da subscribe undeva sa primeasca SPAM cu link-uri afiliate. Nu prea suna a afacere. // edit: Orice consideri ca este util pentru un grup de oameni. Nu poti sa multumesti pe toata lumea si deasta ma refer strict la un grup de oameni. Poate sa-ti faci un blog si pe el sa pui produsele cu aff, iar pe blog sa ai articole de calitate. (e doar o idee)

Terrestrial television - Wikipedia, the free encyclopedia Satellite television - Wikipedia, the free encyclopedia - Yaghi, Dublu-Romb, Cerc, Synaps ?! - Pasiva / Activa ?! Cred ca nu ai idee ce vrei defapt.

Satelit sau terestru ?

You forgot the fucking #include for standard input/output library La multi ani!

Pai si ala ce e frate, nu e REQUEST HTTP ? Nu vreau sa te jignesc, dar aplicatia da nu are nicio legatura cu un atac ddos. In primul rand, designul lasa de dorit. (design-> nu ma refer la aspectul lui, ci la alt nivel) Argumente: - Intr-un atac, trimiti pachete sau request-uri fara sa te intereseze de raspuns. Caz in care nu vad de ce ai folosi un browser web. - Ai afirmat ca se trimit "LA RAND" cate 8 request-uri per proxy. Lucrul asta nu face nimic, aplicatia va genera un singur thread, lucru ce nu poate pica nici un web server instalat pe telefon. Nu te intereseaza sa faci 8-10-20 request-uri per proxy la rand, te intereseaza sa deschida cat mai multe conexiuni persistente catre web server. Cele mai comune servere web de la httpd sunt (dupa model): - Apache MPM Prefork - Apache MPM Worker Primul, adica Prefork va deschide cate un proces pentru fiecare utilizator online. Daca deschizi 1000 de conexiuni in el, sistemul va crapa pentru ca nu exista memorie suficienta sau limita maxima (default 256) a fost atinsa. Prefork consuma in jur de 16-40 MB memorie per process (in cazul in care php este incarcat ca dinamic shared object (adica rezident in process) - DSO/mod_php). Al II-lea model, Worker este un model threaded-safe (multi thread). Un singur process apache poate sustine si 5000 de conexiuni. Deci, inca odata, aplicatia ta la ce este utila si ce anume face ? (epuizeaza numarul maxim de conexiuni acceptat de web server, are ca tinta epuizarea resurselor, sau ?!) Nota: am adus in discutie apache web server pentru ca este cel mai utilizat. Daca punem problema nginx-ului sau altor web servere lightweight sau event based, pur si simplu nu ai ce le face prin http flood. (cel putin nu la nivelul asta) De preferat cand faci un tool de genul este sa cunosti cum functioneaza un webserver (in afara de faptul ca are port 80 open) PS: replica vine in urma: Daca vreti discutii de genul, putem deschide un thread dedicat despre asta.

Banuiesc ca face http requests. Este bine de precizat ce anume foloseste un tool facut de tine. Si acum vin cu o intrebare pertinenta: - Daca utilizeaza requesturi http. Ce fel de user agent are ? O idee: - Daca nu are random user agents, poti aduce imbunatatirea asta. De preferat doar versiuni diverse de browsere. O alta idee: - De ce nu l-ai gandit multithreading ? (sa deschida un numar definiti de socketi, pentru ca asa saturezi un web server) ps: nu sunt interesat de atacuri ddos, ma intereseaza mai mult solutiile de mitigare.

Just a little note to announce that we released NAXSI, an Open Source, Positive Model Web Applicative Firewall for NGINX. Naxsi is now also an official OWASP project (yeepee !) Why ? Because, out there, first of all, there is not much open source WAFs, secondly, even if mod_security is awesome, we wanted something different, that is more reverse proxy oriented. And last but not least, as a security enthusiast, I’m not found of negative model when it comes to applicative firewalling, as js/html/*sql languages are so rich that it’s very hard to have a 100% coverage of possible injection vectors. You may find some examples here : ModSecurity SQL Injection Challenge: Lessons Learned - SpiderLabs Anterior (results of the mod_security bypass context). To make it short, a negative model requires a LOT of efforts to maintain a core rule set (and we’re far from being able to do what the mod security project has done). So, we are left with proprietary appliances, and as a hoster (more than 1.000 websites currently hosted), proprietary appliances are not even an option. This is why we decided to create NAXSI. How ? Well, positive model can be fairly complicated/long to configure when you have a huge web-site, or a web-site that allows a lot of rich/complex user inputs. So, we designed NAXSI to be as flexible and easy to configure as possible. So, here is a global overview of how it works : 1. NAXSI does not have ‘rules’, strictly talking. It will just “score” strange characters in user contents. When the request reaches a critical score, the request will be denied. 2. The learning mode heavily relies on NGINX’s power. When in a learning mode, all to-be-denied requests will be allowed, AND, posted back to a specific location (in NGINX’s term) pointing to a script that will analyze the request and generate the appropriate white-lists, write them to naxsi’s configuration file and reload NGINX. (Thanks to NGINX design, current connection’s won’t be closed, so it’s 100% invisible for the end-user) 3. Once you are in a “production” state (no more learning mode, NAXSI is indeed blocking the requests), all denied requests will be redirected to a specific location, where you can : 4. Depending on the user’s IP, turn it into learning mode (for some Ips, naxsi will always be in learning mode, and generate white-lists on the fly) 5. If the user’s thinks it’s a false positive, he can fill a captcha. If he decided to do so, a mail will be sent, with the associated generated white-lists and detailed request (full HTTP request, so that it can be reproduced) 6. Very simple rules syntax, allowing (for extreme cases) easy hand tuned white-list or negative rules writing. As you can see, we tried to make this as easy as possible to configure and use. During configuration, the user should never have to edit NAXSI’s white-list configuration by hand, as it’s 100% automatically generated via learning mode. You can even partially perform this part with a crawler (if yours is good enough). You can find more details on the googlecode’s page of the project : naxsi.googlecode.com. What ? Naxsi, thanks to NGINX power, can do pretty much whatever you want : turn on learning mode for some users only, redirect forbidden requests to another domain, a vhost, a single page. For those of you who have some knowledge about NGINX, you know how right I am, for the other’s, have a look at NGINX, it’s pure awesomeness ! When ? Naxsi is currently released on an “alpha” status, but we are already deploying in on various production sites. For those whishing to try naxsi, I ‘really’ recommand that you use the SVN to fetch last sources, as packaging is not done on a regular basis right now. Test ? We have setup a test box (referenced on naxsi’s wiki, here : OnlyTrustWhatYouCanTest - naxsi - Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx - Google Project Hosting where you can try naxsi by yourself, as we setup the box as a reverse proxy to on-purpose vulnerable websites ! Wanna help ? You’re welcome ! We are currently looking for some web developers to setup a nicer forbidden page and even a reporting interface. We are as well looking for some people to test the software and give us some feedback. What’s next ? We are currently thinking very seriously about supporting mod security CRS level 1 in NAXSI, so that we can have the perfect firewall, fitting every kind of web sites ! So, stay tuned ! Source: Naxsi, open source WAF (Web Application Firewall) for NGINX Download: https://github.com/nbs-system/naxsi

dariusmare: foloseste explode, definesti ce separator vrei

De ce nu folosesti mai simplu $_SERVER['REMOTE_ADDR'] ? Iti pui adresa ta ip acolo si aia e. De asemenea, ai putea folosi htaccess pe director (sau reguli cu allow from ... deny from all in htaccess) Sau combina-le: Password + verificare adresa ip remote (sa se indeplineasca ambele conditii)

A BBC FTP server ftp.bbc.co.uk was compromised by a Russian hacker and access to it touted online, say computer security researchers. The miscreant behind the attack on the internet-facing file store tried to sell access to the infiltrated system to other crims on Christmas Day, we're told. Hold Security – which this year has helped break news of data heists at Adobe and a top-flight limo company – spotted someone trying to sell access to ftp.bbc.co.uk, according to Reuters. FTP is a 1970s vintage protocol for transferring information in bulk over the internet; its use is discouraged because usernames and passwords to log into accounts are sent over the network unencrypted, although there are ways to establish secure connections. The hacked service was used by reporters to file material from the field, and by advertisers to upload video to BBC Worldwide channels. The invaded computer was cleaned up over the weekend. Right now the system appears to be running ProFTPD 1.3.3g on Solaris, but there's nothing to indicate that was the vulnerable software. However, versions of ProFTPD prior to 1.3.3g suffer from a use-after-free bug (CVE-2011-4130) that allows an attacker to execute code remotely on the machine hosting the server; a flaw that's been known about since 2011. "The only other information that I can offer is that the hacker was offering a screenshot proving that he had administrative access to the BBC server," Alex Holden, chief information security officer at Hold Security, told BBC News. It is not clear how deep the hacker managed to penetrate Auntie: specifically, whether the miscreant obtained just an FTP admin account login, gained control of the user account running the FTP daemon, or gained full control of the machine running the file-transfer server. Don't forget, a compromised computer could have acted as a stepping stone to other systems within the Beeb's network. Source: Yes, the BBC still uses FTP. And yes, a Russian crook hacked the server • The Register CVE-2011-4130 Overview: Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. Note personale: - Este doar un an decand a fost un alt '0day' in proftpd. (Pe platforma x86). - "Right now the system appears to be running ProFTPD 1.3.3g on Solaris" - Oare unde au vazut ei ca ruleaza pe Solaris?! Poate au un glob fermecat.

Ba, Nytro pune de o ora tutoriale si voi va scarpinati dubios la maciuca cu threadurile de rahat. Thread closed. Chiar nu vedeti nimic interesant aici decat rahaturile astea ?

Il inchidem pana nu va luati banuri in ordine alfabetica.

closed & ban.

Ja right.

Thread mutat in categoria 'Cosul de gunoi'. Daca mai vad biohazarduri deastea de tutoriale, si furate, iti dau ban. Pai ce faci frate, iti bati joc de noi?

// offtopic: Byte-ul: Matt are o reputatie destul de ok aici. // ontopic: Thread closed. Flood pentru jocuri ... Mare ti-e gradina.

Mirc nu are CONT. Este doar o aplicatie de rahat facuta pentru a te conecta la servere IRC ce ruleaza pe windows. Si nu, aici chiar nu oferim suport pentru asta.