Formmail Under Attack

Similar Messages

• WLC sending a message of AP under attack

  Hi to all,
  I've been getting this message from my WLC and I'm not able to find what doest it really mean and if there is something that could be done in order to solve it.
  "Warning : Our AP with Base Radio MAC 00:14:a8:53:0b:20 is under attack (contained) by another AP on radio type 802.11b/g"
  "Warning Cleared: Our AP with Base Radio MAC 00:14:a8:53:0b:20 is no longer under attack (contained) by another AP on radio type 802.11b/g"
  Can this cause me problems in the performance of my wireless network???
  Thanks in advance for your help.

  Hi,
  The firmware is 4.2.112.0
  Thanks in advance for your help.

• Help, I am under attack.

  Today I have discovered some data in a database that makes me
  think that some is trying an sql injection attack on one of my
  websites.
  I use SP’s and Cfqueryparam to protect myself against
  this type of attack and as a general rule before doing anything I
  strip out all banned charters from in coming data. So I don’t
  have the original statement, but I do have code (without banned
  chars) in my database.
  I have captured the users IP address and looked it up as
  coming from Indonesia.
  I am now wonder what my next step should be.
  I am considering creating a banned IP table so that when a
  new user comes to my site I check the table, if their IP is in the
  table I will send them somewhere else. If the IP is a fixed address
  it will be permanently listed in my table, if not I will ban the IP
  for a short time to stop an immediate attack. It may also be worth
  pointing out that we don’t trade in Indonesia.
  I guess my questions are:
  Does this sound like a good idea or is there a better way?
  How can I tell if an IP is fixed or not?
  Has any one else come across this problem, if so how did you
  deal with it?

  nick010 wrote:
  > Today I have discovered some data in a database that
  makes me think that some
  > is trying an sql injection attack on one of my websites.
  >
  > I use SP?s and Cfqueryparam to protect myself against
  this type of attack and
  > as a general rule before doing anything I strip out all
  banned charters from in
  if you're using cfqueryparam religiously (are you?) &
  your website is still
  standing then i would imagine your current security is
  "effective". what makes
  you think you're under attack? have you seen malicious sql
  code?
  > I have captured the users IP address and looked it up as
  coming from
  > Indonesia.
  you might try geoLocator:
  http://www.sustainablegis.com/projects/geoLocator/
  to
  determine the country from their incoming IP & some other
  data we can squeeze
  out of their browser (correct >90%++ of the time). if he's
  the only user from
  indo, you can ban the whole country (as long as his IPs
  originate from there).
  be sure to update the inetAddressLocator.jar from:
  http://javainetlocator.sourceforge.net/
  don't recall if the zip file on my site has the latest jar.

• Cisco 7600 under attack?

  Is possible to router 7600 Sup720-10GE-3CXL , CPU goes up to 99%  when under attack ?
  I think we have some attack from outside and that destination ip is uplink ip of 7600 router .
  Can syn packets rise cpu on 7600? Can they go to RP processor ?
  somethink like this attached .

  Hi,
  This can be a kind of SYN flood attck. You can send this traffic to a loopback or contact your ISP and ask them to block this traffic.
  HTH
  Luis Silva
  "If you need PDI (Planning, Design, Implement) assistance feel free to reach"
  http://www.cisco.com/web/partners/tools/pdihd.html

• WLC Warning Message: Our AP is under attack

  Hi there,
  I receive this Warning message in WLC version 5.0:
  Warning: Our AP with Base Radio MAC 00:1f:6d:b9:48:d0 is under attack (contained) by another AP on radio type 802.11b/g
  So, what does it means? Can someone explain..Great Thanks.

  I am getting the same message, but I've not been able to diagnose the issue yet.
  It seems that the AP is being contained by another wireless system. However, there is no information that I can find to indicate what is "attacking" or "containing" the AP.

• Suspect network under attack by icmp

  All
  I am now supect that the pix is under high volume of ping, as if i disable the ping from outside world on wan router, the performace of the network is improved.
  Does PIX can do with some control on if under icmp attack can temp limit or drop the packet from inside and outside world.
  so that the inside affected client and attack from outside world can be prevent.
  tks all

  HI .. you could try enabling the ips built-in signtures supported by the PIX. These are used to protect against common attacks.
  " Cisco PIX Firewall includes an IP-only intrusion detection feature. It provides visibility at
  network perimeters or for locations where additional security between network segments is
  required.
  The PIX IDS identifies more than 53 common attacks using signatures to detect patterns of
  misuse in network traffic. Traffic passing through the PIX Firewall can be identified to be
  audited, logged, and/or dropped.
  After it is configured, the IDS feature watches packets and sessions as they flow through the
  firewall, scanning each for a match with any of the IDS signatures. When suspicious activity
  is detected, the PIX Firewall responds immediately and can be configured to do the following:
  1. Send an alarm to a syslog server.
  2. Drop the packet.
  3. Reset the TCP connection. "
  I suggest you check the command reference for the use of ip audit command !!!
  I hope it helps .. please rate it if it does !!!

• BBC News Report - Routers under Attack.

  Hi
  On the BBC News website today it was reported that some broadband hub routers in the UK are susceptible to attack as seen here in this report.
  Is this something us BT customers need concern ourselves with?  What is BT doing to combat these attacks?
  Thank you.

  as the routers are not provided by BT you should have nothing to worry about
  If you want to say thanks for a helpful answer,please click on the Ratings star on the left-hand side If the reply answers your question then please mark as ’Mark as Accepted Solution’

• Mac OS X Server under attack...

  We have an Xserve that has been hacked, and that someone has managed to install a rogue ftp server on. We shut it down, but someone is trying to get it back up again, and I don't know how to stop them.
  Any help would be appreciated. Below is as much of the story that I know...
  A couple of weeks ago, the server slowed down extremely. It was losing ~70% of packets during a ping, and was responding very slowly on ssh and http. After a while it cleared up, and all seemed fine again.
  A few days later, NOC contacted me to find out why I was runnig ftp on a non-standard port (19000). Some investigation revealed that a new folder (.etc) had been installed in the Administrator's home directory, And OpenFTP based server was running from there under the name crashreporterd. It was also doing something on port 16500. A crontab was set up to relaunch the process every 5 minutes.
  I cleared all this out, rebooted the system, upgraded to 10.4.7 (from 10.4.6), changed every password on the machine, and started services up again.
  This morning at 7am, port 19000 was still closed. At 8:30, I got a note from the NOC saying that the port was open again, and they would block the port at their end.
  now, a couple of hours later, the machine is still on, but pings are not returned (100% packet loss) and ssh and http connections time out.
  Can anyone offer me any pointers on where to go next or what is happening?

  It's hard to say how it happened - maybe looking through system/console logs might help, but that could be a bit of a chore. (There are programs like LogMaster that make this slightly easier). There are any number of ways to get in - SQL injections, buffer overflow 'sploits, or simply guessing the admin password. I'd suggest making a note of which versions you have of all your software and services, and checking them for known vulnerabilities on CERT or SecurityFocus.com.
  As for catching the program, there's a shareware program called Little Snitch that will monitor all your software and alert you when a program tries to make a network connection. That way, it's easy to identify legit and dodgy services. CheckMate will also watch your system files and alert you when anything is changed, which can help you identify intrusions. I'd suggest making sure that all your software is fully up-to-date, and revise your firewall policy to allow as little as possible into your system. You can also be a bit selective about which outgoing connections you allow, although these are harder to reliably control.

• Is the web under attack today?

  I'm finding various sites having difficulties:
  Yahoo
  iPowerWeb
  The ITMS Link Maker
  Just curious,
  Moi

  It could simply be that somewhere in between you and the sites a router went down and the routing tables haven't been completely updated. That can sometimes take time...

• I guess machine under attack, how to secure firewall?

  May 22 15:05:22 www ipfw: 12300 Accept TCP 207.138.126.176:80 10.129.0.37:49922 in via en0
  May 22 15:05:22 www ipfw: 12300 Accept TCP 207.138.126.176:80 10.129.0.37:49921 in via en0
  May 22 15:07:05 www ipfw: 12300 Accept TCP 61.62.22.252:38016 10.129.0.37:22 in via en00
  Hello I am new with the firewall of the mac os x server, the log has repored a lot of connections ( from non registered servers in whois, or some machines in remote countries) .
  en0 is the ethernet address for the internet connection 10,129,0,x (address from an internet supplier), 192.168.x.x. is my internal lan.
  What is the best way to secure the firewall andthe server in the mac server admin console?
  In the service-Edit services for... is there any precedence ?
  In the service-edit services for, I have the listing: any, 10-net, 192-168-net,192.168.3-net,192.168,4-net, 10.129.0.37 (This is also the order of my ip address groups)
  I am using stealth mode, in advanced, but what are the advanced rules that I must apply?
  thanks a lot
  Dual 2 GHz PowerPC G5   Mac OS X (10.4.9)   4GB DDR SDRAM, MAC OS X Server

  10.x.x.x is a private/lan rfc-1918 address.
  http://www.faqs.org/rfcs/rfc1918.html
  What is doing the routing between 10.129.x.x and 192.168.x.x ?
  Don't forward any incoming traffic at your Router that you don't want to be dealing with.
  Whatever you do, secure ssh properly. In fact, don't forward ssh traffic from your router if you don't need to. Change the port at the router if you need external ssh access. And then only allow ssh via shared key(s)
  http://www.afp548.com/article.php?story=20040816224717742
  http://www.google.com/search?client=safari&rls=en&q=securing+ssh

• Help SpiceRex opened an email attachment and is now under attack

  Kinky Rex... All he needs is a whip

  Dam Cryptolocker.
  Anyone know a good way to decrypt him?
  This topic first appeared in the Spiceworks Community

• "Can JEE Scale with the Long Tail?" (JEE under attack)

  This article says JEE cannot handle a couple of million concurrent users:
  http://www.socialglass.com/archives/24
  Is what he says valid? Any comments?

  Hi,
  I dont think this is a really a valid or well-supported statement. I think the author was more just asking the question and trying to get some answers and learn from the discussion. There are many very large web applications in Java. Scaling is not a language specific problem, it requires a good architecture and application design in any language.
  Also, I think that there a a lot of large web applications in many laguages besides Java. People pick the language and tools that work for them. Scripting languages work well too.
  hth,
  Sean

• Is Verizon actively under attack?

  Minutes ago i called 1-800-837-4966 a third party seemed to be entering numbers ! It is very strange. The robo voice saying this is a wrong response several times. The line would go quiet and my key entrees were ignored.... the the verizon robo voice said one dollar is this correct? When I had not entered anything!    Verizon can you please help me? {edited for privacy}

  FYI, 011 is the international dialing prefix.  Maybe the fingers bounced on 0 and 1.
  Happy Snow!
  If a forum member gives an answer you like, give them the Kudos they deserve. If a member gives you the answer to your question, mark the answer as Accepted Solution so others can see the solution to the problem.

• We're under attack!!

  how or where do we report this? we have 5 pages of this post in the Illustrator forum
  http://forums.adobe.com/community/illustrator/illustrator_general?view=discussions#/

  Carlos, there are two ways, that are complementary:
  1. When you open one of those messages, go to the Actions sidebar, click on the Report Abuse button
  and follow the easy instructions. As soon as a mod sees your report, that specific message will be deleted (as well as any similar ones the mod may notice at the time).
  2. Open the profile of the author of the message, and copy his URL from the bar at the top of your browser:
  Then go to the Spam report thread,
  http://forums.adobe.com/thread/1056334?tstart=0
  and post there the offender's URL. This will allow furum-admin to ban the offender even if the message(s) have already been deleted by a mod.

• Am I under attack

  My firewall is detecting attempted access from some unusual ip's here is an excerpt from my hub security log 22:11:59 8 Jul FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 188.72.250.252 Dst ip: 217.42.164.160 Type: Destination Unreachable Code: Port Unreacheable 00:43:05 8 Jul FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 202.97.60.181 Dst ip: 217.42.164.160 Type: Time Exceeded Code: Time to Live exceeded in Transit 22:46:16 7 Jul FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 202.97.60.181 Dst ip: 217.42.164.160 Type: Time Exceeded Code: Time to Live exceeded in Transit 20:49:27 7 Jul FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 202.97.60.181 Dst ip: 217.42.164.160 Type: Time Exceeded Code: Time to Live exceeded in Transit here is an example ip trying to connect to my pc 188.72.250.252 who is gives: INFO REMOVED BY REQUEST

  drumour wrote:
  Sorry new to forum did not understand post layout therefore too much info in first post.
  Nub of my query is my Hub security log is showing:
  FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 188.72.250.252 Dst ip: 217.42.164.160 Type: Destination Unreachable Code: Port Unreacheable
  I know this icmp check is regular but why is the Src ip not a BT one?
  If I may be frank here, your firewall is doing its job. The IP address is not a "person" in the sense you have posted, the detail you have given are for the German ISP with that IP address in a specific range used for hosting around 15 websites.
  There are a multitude of computers all over the world infected with various trojans/viruses and spyware - lots of them attempting to connect to millions of IP addresses all over the world hoping to find targets to infect/use. There are of course people doing it deliberately, as well as websites ....
  http://www.andyweb.co.uk/shortcuts
  http://www.andyweb.co.uk/pictures