Ban iFrames Due To Attacks!

Similar Messages

• Apex in IFRAME cookie problem (P3P IE6+)

  Hi All,
  I am having a problem with IE not displaying my content within an IFrame - due to IE not trusting the Apex cookies.
  This problem was resolved on the Apex forum in 2009 - https://forums.oracle.com/thread/887792
  The solution was to set the P3P policy in the web server header response :
  For example
  1. PHP
  header('P3P:CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"');
  2. ASP.NET
  HttpContext.Current.Response.AddHeader("p3p","CP=\"IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT\"");
  3. Apex solution
  I add this section to httpd.conf (Apache proxy)
  *<IfModule mod_headers.c>*
  Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""
  *</IfModule>*
  Now I have the same problem but I am hosted in the cloud.
  Here is a page with my content embedded - (Bradford Uni) : test widget - SACU
  This works fine on chrome/firefox...
  Is there any other way to set P3P header in the database cloud ?
  Big thanks
  Steve

  Hi Christian,
  Thanks for looking in to this...
  This did not fix it :-(
  However, I used    to inspect the response headers and found that unless the page I was attempting to access was LOGIN_DESKTOP then the response was : 302 Moved Temporarily
  Content (encoded: 0.24 KiB / decoded: 0.37 KiB)
  <html><head><title>302 Moved Temporarily</title></head> <body bgcolor="#FFFFFF"> <p>This document you requested has moved temporarily.</p> <p>It's now at <a href="https://production001-demandanalysis.db.em1.oraclecloudapps.com/apex/f?p=20300147:111:0:::::">https://production001-demandanalysis.db.em1.oraclecloudapps.com/apex/f?p=20300147:111:0:::::</a>.</p> </body></html>
  This may have been causing the error in the iFrame...
  So I changed the Home URL and Login URL to : f?p=&APP_ID.:111:0
  and it now appears to load fine :-)
  Thanks again
  Steve

• Problem inserting video into a page

  Hi, I have a page created using a custom page layout that I created.  
  I tried using the Video page field but when I configure the video, with youtube url it doesn't work.  here is the url I used, 
  https://www.youtube.com/watch?v=v6yvW66-ThI&feature=player_embedded and https://www.youtube.com/watch?v=v6yvW66-ThI both won't work  It gives message at the bottom saying loading of video failed.
                                  <!--CS: Start Page Field: Promo-Video Snippet-->
                                  <!--SPM:<%@Register Tagprefix="PageFieldMediaFieldControl" Namespace="Microsoft.SharePoint.Publishing.WebControls" Assembly="Microsoft.SharePoint.Publishing,
  Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>-->
  I then tried inserting into a Page Content section.  I clicked on the Insert tab, click "Video and Audio" then "Embed".  I then paste the following code into the dialog.  The video loads and I click the Insert button.  In
  Edit mode I can see and play the video.  I click to save the page and the video disappear.  I click to edit the page again and the video snippet code I pasted earlier is gone.  <iframe width="510" height="340" src="//www.youtube.com/embed/v6yvW66-ThI?feature=player_detailpage"
  frameborder="0" allowfullscreen></iframe>
                                  <!--CS: Start Page Field: Course-Finder Snippet-->
                                  <!--SPM:<%@Register Tagprefix="PageFieldRichHtmlField" Namespace="Microsoft.SharePoint.Publishing.WebControls" Assembly="Microsoft.SharePoint.Publishing,
  Version=15.0.0.0, Culture=neutral, PublicKeyToken=71e9bce111e9429c"%>-->
                                  <!--MS:<PageFieldRichHtmlField:RichHtmlField FieldName="7028b9a8-236b-42a4-a74d-50c8459ec679" runat="server">-->
                                      <!--PS: Start of READ-ONLY PREVIEW (do not modify)--><div id="ctl02_label" style="display:none">Course-Finder</div><div
  id="ctl02__ControlWrapper_RichHtmlField" class="ms-rtestate-field" style="display:inline" aria-labelledby="ctl02_label"><div align="left" class="ms-formfieldcontainer"><div class="ms-formfieldlabelcontainer"
  nowrap="nowrap"><span class="ms-formfieldlabel" nowrap="nowrap">Course-Finder</span></div><div class="ms-formfieldvaluecontainer"><div class="ms-rtestate-field">Course-Finder
  field value. Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute
  irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.</div></div></div></div><!--PE:
  End of READ-ONLY PREVIEW-->
                                  <!--ME:</PageFieldRichHtmlField:RichHtmlField>-->
                                  <!--CE: End Page Field: Course-Finder Snippet-->
  Thank you.

  Thank you for the link.  I read it over a couple of times but it says youtube doesn't work.  I checked the Site Setting ->HTML Field Security and youtube.com is in the allowed iframes list.  Below is from the link
  Using the "Embed Code" dialog
  When editing a HTML field, there is now a new button available on the ribbon called "Embed Code" in the "Insert" tab. As the <iframe> code is inserted, the dialog tells you that the content will be inserted in a web part. YouTube didn’t work because they
  prevent display in an iframe due to security reasons but Bing did.
  One thing is that we're Intranet site so it has to be https but in the snippet editor of embedded code the video is loaded and plays.  It just disappear after I save the page.  
  Anyway to get youbute iframe to work using either embedded code or in Edit Html source in a SP publishing site page?
  Thank you.

• WEIframe function-Report is displaying in a small box-webelements

  Hi ALL
  I have used WEViewer function to show the new report in crystal reports.
            WEIFrame ("quadrantA", defaultreportA,2000,2000, "NO")
  But the report is showing in a small message box with scroll bars after clicking on the submit button by selecting the parameters..
  How to resolve this?
  Thanks
  Edited by: MUFIZA on Oct 26, 2009 2:27 PM

  hi Mufiza,
  if you are using crystal reports 2008 the look and feel of the viewer is completely different from the previous versions.
  for the iframe, you will have a gray colour border around the iframe due to the configuration of the new viewer. this border cannot be removed.
  as for the scroll bars, you have to make sure that the report will fit inside the iframe or the scrollbars will appear. for example, if you have a report that is 1200 x 1200 and your iframe is 1000 x 1000, the scrollbars will appear. for this example you would want to make sure that your iframe is 1210 x 1210 where the size is bigger than the report.
  cheers,
  jamie

• ICloud Email and Contact Security?

  I have a client that is very strict on security with their devices.  With BlackBerry this was never an issue but now that "iCloud" has been introduced they are worried that company emails are being stored in the cloud.  As it stands right now if someone is let go I can wipe the device remotely but now since things are going to the cloud I would think someone with a wiped device could easily get all that data back upon device reactivation?
  The data they are concerned about are company contacts associated with their company email address.  I’m thinking that the only email that syncs to the cloud is the "me.com" email address but im not sure.  If that is the case is that same with the contacts that sync to the cloud, are they just me.com contacts?  If it's just me.com that syncs then we are in the clear but if its syncing proprietary company data then we may have to ban iPhones due to strict FINRA compliance policies.
  Anyone else run into anything similar?

  It's just the @me mail that is synced with iCloud. The contacts that are synced are those you choose to sync, you can put contacts you don't wish to sync in the Address Book On My Mac Account.
  You might also take a look at this User Tip, to ensure you understand the differences between the different accounts in Address Book

• Airport Express disappears in bridge mode

  I'm using my Airport Express as a Router. I'm living in a student dorm and want to have access to other computers in the dorm network, so I set up the router in bridge mode so it does not create its own network. Point is, now I can't access the airport anymore via the airport utility, as if it doesn't exist. I can't access it via IP and if I try via name, it loads the settings forever and eventually aborts. This is not a huge problem since everything works and I tend not to change a running system, but my WiFi-analysis-app recommends switching the channels and I would want to try if that improves the network - which I can't, since I can't access the airport.
  Any ideas? I do not want to reset the airport to factory settings since that would probably change the IPs within my network, which means I would need to submit every single machine in it to the student dorm internet people again (every single IP needs to be approved by them before it can access the internet).
  Oh, and I can't access the airport when connecting via LAN either.

  The reason it does not work is the Express is on an IP that is different to the main IP of the computer..
  Or indeed in bridge it is on exactly the same IP as the main system and is also therefore lost.
  When you applied for IP addresses did you apply for one for the Express??
  Are you allowed to use a router? Most dorm systems ban them due to the issues involved.
  Oh, and I can't access the airport when connecting via LAN either.
  When you changed the airport from dhcp and nat to bridge, the Express should have got an IP from the main router.. along with all the other clients..
  If all your computers/devices are on the dorm network.. when you changed to bridge I am a bit lost how that happened.. as you should have had to re-register all the computers/devices.
  Lets work from default.
  When lost the system will go to default.. the IP of the Express by default is 10.0.1.1 (but in bridge without a register on the system I have no idea what it will go to).
  Please set one computer to IP of 10.0.1.10 with standard subnet 255.255.255.0 (you do not need to fill in gateway or dns).
  Try and access the Express now.. no luck.. unplug the ethernet from the Express WAN port.. reboot the Express.. now try again.
  When there is no chance of getting an IP It should revert to default.
  No luck sorry there is next to no way around but hard reset.
  However tell me what IP you get on the computer now.. without changing anything and with the system working and internet running.
  A screenshot could help..

• How to Make iPhone Ringtone From DVD Music/Music/Video?

  People want to show their individuality anytime and anywhere with their inimitable hairstyle, clothing, and other things. Your phone's ringtone is also really important to show your difference from others. So how to make your own unique ringtone for your incoming calls, clock alarms, clock timer becomes a really important thing.
  Today I will show you how to make your own iPhone ringtones from your DVD/video/music. Someone will say that you can buy them on itunes. Yes, everybody can buy it. It is not unique and special. Let's make our own iPhone ringtone together.
  Things you need:
  1. DVD/video/audio files that contains the music you want
  2.http://www.aiseesoft.com/iphone-ringtone-maker.htmliPhone Ringtone Maker
  3. Computer(Windows/Mac)
  http://farm3.static.flickr.com/2786/4153313698_c1e11d1941.jpg
  Step 1: Load File/DVD
  Load your video/audio files or DVD to this iPhone Ringtone Maker
  Step 2: Choose music
  You need to choose which part you want to convert as your iPhone ringtone or you want to make the whole files as your iPhone ringtone. Just drag the bar to set the begin point and end point
  Step 3: Pre-listening
  You can pre-listening the ringtone, if you do not like it you can adjust the length of your ringtone.
  Step 4: Make Ringtone
  After you have done all the tings above, you can click “Generate” button to start the conversion.
  Soon you will get your own ringtone.
  Tips:
  1. if you want to put your ringtone directly to your iPhone, please check the box before “import to iPhone”.
  2. if you want to manage your ringtone, you can click “manage ringtone” button to do it easily.
  For Mac users, you can use
  http://www.aiseesoft.com/iphone-ringtone-maker-for-mac.htmliPhone Ringtone Maker for Mac to do this easily with the same operation as windows one.
  http://farm3.static.flickr.com/2531/4153313838_7da8c360f3.jpg
  To help you to make your iPhone and iPod more enjoyable here I also recommend you this
  http://www.aiseesoft.com/dvd-to-ipod-converter.htmlDVD to iPod Converter,
  http://www.aiseesoft.com/dvd-to-iphone-converter.htmlDVD to iPhone Converter and http://www.aiseesoft.com/ipod-transfer.htmliPod Transfer

  Removed post. Banned user due to spamming.

• How to Make iPhone Ringtone From DVD Music/Music/V...

  People want to show their individuality anytime and anywhere with their inimitable hairstyle, clothing, and other things. Your phone's ringtone is also really important to show your difference from others. So how to make your own unique ringtone for your incoming calls, clock alarms, clock timer becomes a really important thing.
  Today I will show you how to make your own iPhone ringtones from your DVD/video/music. Someone will say that you can buy them on itunes. Yes, everybody can buy it. It is not unique and special. Let's make our own iPhone ringtone together.
  Things you need:
  1. DVD/video/audio files that contains the music you want
  2.iPhone Ringtone Maker
  3. Computer(Windows/Mac)
  Step 1: Load File/DVD
  Load your video/audio files or DVD to this iPhone Ringtone Maker
  Step 2: Choose music
  You need to choose which part you want to convert as your iPhone ringtone or you want to make the whole files as your iPhone ringtone. Just drag the bar to set the begin point and end point
  Step 3: Pre-listening
  You can pre-listening the ringtone, if you do not like it you can adjust the length of your ringtone.
  Step 4: Make Ringtone
  After you have done all the tings above, you can click “Generate” button to start the conversion.
  Soon you will get your own ringtone.
  Tips:
  1. if you want to put your ringtone directly to your iPhone, please check the box before “import to iPhone”.
  2. if you want to manage your ringtone, you can click “manage ringtone” button to do it easily.
  For Mac users, you can use
  iPhone Ringtone Maker for Mac to do this easily with the same operation as windows one.
  To help you to make your iPhone and iPod more enjoyable here I also recommend you this
  DVD to iPod Converter,
  DVD to iPhone Converter and iPod Transfer

  Removed post. Banned user due to spamming.

• Hot to configure sanity-checks ?

  Hi All
  I went through the support files  and found such kind of log messages during peak hours as below,
  2010-07-11 11:55:47 | INFO  | CPU #000 | Started filtering packets of type 'TCP Non-SYN' received on interface # 0. Reason: Started filtering due to attack detection
  2010-07-11 12:00:35 | INFO  | CPU #000 | Started filtering packets of type 'TCP No-SYN + RST' received on interface # 0. Reason: Started filtering due to attack detection
  2010-07-11 13:07:25 | INFO  | CPU #000 | Stopped filtering packets of type 'TCP No-SYN + RST' received on interface # 0. Reason: Stopped filtering for an administrative pause
  Basically those logs mean that SCE detect attacks and then in order to protect itself, it put those attack traffic in filter, one hour later, SCE remove the flows from filter and check again, if attack persist, SCE put attack traffic in filter again.
  Could we decrease the time for filtering traffic ? like 10 minutes ?

  Hello,
  I believe this is what you're looking for:
  SCE8000#>configure
  SCE8000(config)#>interface LineCard 0
  SCE8000(config if)#>sanity-checks attack-filter times filtering-cycle max-attack-time
  SCE8000#>show interface LineCard 0 sanity-checks attack-filter times
  Filtering cycle: 3600 seconds.
  Max attack time: 86400 seconds.
  Hope that helps,
  Best regards.

• Due to virus attack i had to format my windows laptop...now when i installed new itunes software i had to sync my ipod touch again but it says that if do the same then the data on my ipod touch will be erased....how should i protect my ipod touch data?

  due to the virus attack i had to format my windows laptop...now when i installed new itunes software i had to sync my ipod touch again but it says that if i do it then the data present on my ipod touch will be erased as it is syncd to some older library... how should i protect my ipod touch data?

  With all you media (apps, music) in the iTunes library connect the iPod to the computer and make a backup. Do that by right clicking on the iPod under Devices in iTunes and select Back Up. Then restore the iPod from that backup.
  Note the the iPod backup that iTunes makes does not included synced media like apps and music.

• Iframe Injection Attack in Coldfusion

  Hi,
  Recently one of my sites have been hit with an iframe injection:
  <iframe scrolling="no" frameborder="0" src="the source changes but normally htttp://collegefun4u.com/" width="0" height="1"></iframe>
  It happens at random times and gets inserted in random include files.
  We have clean scanned all computers + server  for viruses, changed all ftp/remote desktop passwords but the problem still occurs.
  I don't think that it's an SQL injection attack because it is not hitting the database and only being injected into include files.
  Some advice would really be appreciated as I have tried extensivley to get rid of it  with no avail!
  I am currently using CF9 runnning on a Windows 2003 server.
  Thanks!

  I'm afraid you don't give us much to go on.
  Are all of the include files in the same directory?
  It could be any number of things from an FTP exploit (just changing passwords may not be enough) to a completely unrelated page being exploited to rewrite other files.
  There is really no way of telling, based on what you have provided, to determine what the problem is. If you're looking for a known exploit that would make this possible, there are none that I am aware of.
  If you can, I would say disable your FTP when it is not in use and see if the problem stops.  Is your FTP open to the internet?  If so, does it need to be?  Could you block that port and see if the problem stops?
  That could give you a TON of information right there. Also make sure the filewall is adequately protecting your server. No unneeded ports open.
  Jason

• Deny IP due to Land Attack from publicip to publicip

  I have a web app that plays mp3's from one account on the server (website) on another account on the server, when this is attempted, I get
  Deny IP due to Land Attack from {publicip} to {publicip}
  I know and understand the error, I found it on the support pages, I understand that its becuase the source and destination are the same, but can anyone tell me how to allow this particular thing? Is this just a access rule? how do you set that up?

  Any Suggestions?
  Here is what I'm trying to do.
  I have an mp3 player that looks in a specific directory for files, it then plays those files and the playlist, it autodiscovers what is in the folder.
  There are four websites on this server, one of them is the main, and the other three have the players, the person that uploads the mp3's doesn't want to upload them four times, so they upload them to one website, then the other three websites use a php file to read the folder from the other accounts.
  Right now the player works, and the playlist shows up, but the mp3's do not play.
  The firewall gives me the land attack in the syslog, but I'm not exactly sure how to allow this to happen. I do have openbas_dir open on these accounts in the server, so I'm not sure why it wouldn't work after the firewall was installed.
  Just looking for options, if you have any.

• "connection denied due to dictionary attack" when I try to send out mail

  Hi--
  I got this message "connection denied due to dictionary attack" when I tried to send out mail today. It was the first time I ever saw anything like this. I thought it was a problem with the mail server from my website, but no one else had the problem. After about 12 hours, it suddenly stopped...
  Was I being hacked? Was someone trying to send out email/spam through A)my home machine or B) my website? And if so, how can I protect myself from it?

  Well you second post was the correct question because I was going to say you got a second hand macbook pro, didn't change anything, and expected mail to work with your ISP.  The mail settings were thus those of the previous owner.  So you are correct to ask what your ISP's settings should be.
  Unfortunately I can't answer that.  You have to get that from your ISP.  They proably have a web page for it.
  You need to know:
  Incoming mail server (pop)
  Incoming mail server login name
  Incoming mail server password
  POP port
  Does is require SSL?
  Authentication for using POP server (probably password)
  Outgoing mail server (SMTP)
  Outgoing mail server login name (probably same as incoming)
  Outgoing mail server password (probably same sas incoming)
  SMTP port
  Does is require SSL?

• Boot Error: Intel (r) AT Supported system lock due to: platform attack detected: user password

  I have HP ENVY Model 4-1110ET.showing Intel (r) AT Supported system lock due to: platform attack detected. Time left...... Please select one of the following for platform recoery: 1 - User Password 2 - Server Token Password. I forgot my password please help me I am unable to boot my Laptop.

  Hi there 
  Welcome to the HP Support Forums! It is a great place to find the help you need, both from other users, HP experts and other support personnel. I understand that your system is locked due to the anti-theft protection. Please see the following to get the help you need. Telephone Support for the Intel® Anti-Theft Service Provided by McAfee

• I have recently had to have my PC software re-installed due to a virus attack. When I have re installed iTunes my computer keeps closing it with a message that DEP (Data Execution Programme) will not allow iTunes to function. How can I resolve this?

  I have recently had a full re-install of my computers software however once I have re installed iTunes it wont allow it to stay open and a message window reads iTunes has been closed due to DEP (Data Execution Programme). How can I resolve this issue?

  For general advice see Troubleshooting issues with iTunes for Windows updates.
  The steps in the second box are a guide to removing everything related to iTunes and then rebuilding it which is often a good starting point unless the symptoms indicate a more specific approach. Review the other boxes and the list of support documents further down page in case one of them applies.
  Your library should be unaffected by these steps but there is backup and recovery advice elsewhere in the user tip.
  If you've already tried a complete uninstall and reinstall try opening iTunes in safe mode (hold down CTRL+SHIFT as you start iTunes) then going to Edit > Preferences > Store and turning off Show iTunes in the Cloud purchases. You may find iTunes will now start normally.
  tt2