Questions tagged [hacking]

Hacking is the violation of server or network security via exploitation of weaknesses in that security.

Some of the most common ways security may be compromised include:

Social engineering, in which a person is persuaded to give up sensitive information such as passwords
Exploiting unpatched or not generally known (0-day) security holes in software
Brute force, that is, trying common usernames and passwords repeatedly until something works

Less commonly, hacking refers to the uncommonly creative solution of a software or hardware problem. Some see this original definition as the correct one and wish to preserve it, though they seem to be fighting a losing battle.

Detailed security questions and answers which do not fit at Server Fault may be welcome at IT Security Stack Exchange.

479 questions

630

votes

13 answers

How do I deal with a compromised server?

This is a Canonical Question about Server Security - Responding to Breach Events (Hacking) See Also: Tips for Securing a LAMP Server Reinstall after a Root Compromise? Canonical Version I suspect that one or more of my servers is compromised…

hacking security

asked Jan 02 '11 at 21:31

gunwin

6,400
3
19
22

votes

3 answers

Block range of IP Addresses

I am getting bombarded with attempted hacks from China all with similar IPs. How would I block the IP range with something like 116.10.191.* etc. I am running Ubuntu Server 13.10. The current line I am using is: sudo /sbin/iptables -A INPUT -s…

ubuntu iptables ip ip-address hacking

asked Apr 29 '14 at 16:15

Stephen Cioffi

votes

15 answers

Should I respond to an "ethical hacker" who's requesting a bounty?

I run a small internet based business from home and make a living at it to feed my family, but I'm still a one man show and internet security is far from my area of expertise. Yesterday I received two emails from a guy who calls himself an "ethical…

hacking

asked Sep 08 '20 at 17:05

Vincent

votes

6 answers

Reinstall after a Root Compromise?

After reading this question on a server compromise, I started to wonder why people continue to seem to believe that they can recover a compromised system using detection/cleanup tools, or by just fixing the hole that was used to compromise the…

hacking security

asked May 08 '09 at 09:32

Zoredache

130,897
41
276
420

votes

11 answers

Got Hacked. Want to understand how

Someone has, for the second time, appended a chunk of javascript to a site I help run. This javascript hijacks Google adsense, inserting their own account number, and sticking ads all over. The code is always appended, always in one specific…

security php hacking

asked May 06 '10 at 03:14

Lothar_Grimpsenbacher

1,677
3
19
29

votes

7 answers

How can I block hacking attempts targeting phpMyAdmin?

My website gets thousands of hits daily from different IPs trying to access: /php-myadmin/ /myadmin/ /mysql/ ...and thousands of other variations. None of these directories exist, I don't even have phpmyadmin on my server. I don't think any of…

web-server hacking

asked Jan 08 '14 at 01:04

amba88

votes

10 answers

How do I know if my Linux server has been hacked?

What are the tell-tale signs that a Linux server has been hacked? Are there any tools that can generate and email an audit report on a scheduled basis?

linux hacking audit security

asked May 01 '09 at 20:59

cowgod

3,500
6
28
20

votes

4 answers

Weird SSH, Server security, I might have been hacked

I am not sure if I've been hacked or not. I tried to log in through SSH and it wouldn't accept my password. Root login is disabled so I went to rescue and turned root login on and was able to log in as root. As root, I tried to change the password…

linux ssh security hacking

asked Jan 27 '17 at 01:39

PhysiOS

votes

1 answer

How to do a post-mortem of a server hack

I have a Windows Server 2003 SP2 machine with IIS6, SQL Server 2005, MySQL 5 and PHP 4.3 installed on it. This is not a production machine, but it is exposed to the world via a domain name. Remote desktop is enabled on the machine and two…

windows-server-2003 security hacking

asked Jan 28 '10 at 20:14

Chris

votes

15 answers

HELP! Production DB was SQL INJECTED!

Possible Duplicate: My server's been hacked EMERGENCY Geeze, I'm desperate! A few hours ago our production DB was sql-injected. I know we have some big holes in the system... because we inherited the website from a guy that did it on classic ASP,…

asp.net security sql hacking

asked Jul 09 '09 at 18:16

empz

votes

3 answers

What can be learned about a user from a failed SSH attempt?

What can be learned about a 'user' from a failed malicious SSH attempt? User name entered (/var/log/secure) Password entered (if configured, i.e. by using a PAM module) Source IP address (/var/log/secure) Are there any methods of extracting…

linux ssh logging pam hacking

asked Mar 05 '17 at 12:16

Exbi

votes

16 answers

192.168.1.x more exploitable?

Our IT services firm is proposing a network reconfiguration to use the IP range 10.10.150.1 – 10.10.150.254 internally as they state the current IP scheme using manufacturer defaults of 192.168.1.x is "making it to easy to exploit". Is this true?…

networking tcpip hacking

asked Jun 30 '09 at 17:33

Michael Glenn

votes

4 answers

Someone is trying to brute force SSH access to my server

By coincidence I looked at my servers ssh log (/var/log/auth.log) and I noticed that someone is constantly trying to gain access: Sep 7 13:03:45 virt01 sshd[14674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser=…

ssh hacking

asked Sep 07 '16 at 11:14

Vingtoft

1,547
3
15
17

votes

6 answers

Is this server hacked or just login attempts ? See log

Can someone tell what does this mean? I tried a command like lastb to see last user logins and I see some strange logins from China (server is EU, I am in EU). I was wondering if these could be login attempts or successfull logins? These seem to be…

ssh log-files login hacking

asked Jun 17 '12 at 09:50

adrianTNT

1,077
6
22
43

votes

4 answers

Nginx 400 errors due to random encoded string starting with "\x" from random IP addresses

I assume these are some sort of bots, but would like to know what are they trying to do to my server. The logs in questions are below and the IP address has been changed from the original. 12.34.56.78 - - [18/Oct/2012:16:48:20 +0100]…

nginx logging hacking

asked Oct 19 '12 at 10:36

adnans

2 3

…

31 32 Next