IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [apache]

Questions about the security of Apache open source software, especially Apache HTTP Server

The Apache Software Foundation maintain a number of open source software, notably including the Apache HTTP Webserver -

Apache has been the most popular web server on the Internet since April of 1996.

http://www.apache.org/

519 questions
0
votes
2 answers

Strange access in apache's access.log

Does anyone know what that means? I found those today on apache's access logs. Thanks! XX.82.64.68 - - [18/Jan/2016:14:30:45 -0800] "GET /wp-content/themes/Akhbar24/images/alemarah.jpg HTTP/1.0" 404 500 "-" "-" XX.162.245.205 - -…
EndenDragon
  • 3
  • 4
0
votes
0 answers

How Do I Secure Apache Web Server

Possible Duplicate: Apache Server Hardening I'm going to make a web server on Apache 2. What are the security issue I will be looking at? And how do I secure it? I have been reading news about DDOS attacks, web server hacks. (I'm very new to…
One Zero
  • 101
  • 3
0
votes
1 answer

How to implement token based api for rest api in java?

I am working on a project, and I came here in this moment, where I now need authorization. I am using Apache Shiro for my web interface, but as long as mobile web-apps are concerned, I hardly think basic username:password auth will hold. And, the…
Rockink
  • 49
  • 4
0
votes
1 answer

PHP mallware attack

I'm desprate because my site has been attacked by some malware that adds code below on every php files. I tried to edit and chmod the infected file but its coming back. Scanning with ClamAV found nothing. Any idea how to clean…
Mohammad Irfan
  • 9
  • 2
0
votes
1 answer

Injecting meterpreter/reverse_tcp into apache2 with msfvenom results in seg fault of apache2

I've been trying to use msfvenom with the linux/x86/meterpreter/reverse_tcp payload and an apache2 binary. My intent is to create a tainted version of apache2 to establish a persistent backdoor on the target machine. Below is the general command…
Nick Roth
  • 101
  • 3
-1
votes
1 answer

How do configure Apache to resolve 'Missing Cross-Frame Scripting Defence' by app scan

There is an apache server hosting some website written in PHP and is accessible thru internet. How do configure the apache to resolve 'Missing Cross-Frame Scripting Defence' and can 'Missing Cross-Frame Scripting Defence' warning be ignored?
user275517
  • 107
  • 3
-1
votes
1 answer

Is this new hack attempt something to worry about?

- - [22/Sep/2014:13:54:24 -0600] "GET…
MyKs3D
  • 1
  • 1
-1
votes
1 answer

Incorrect file permissions for LAMP

I have installed Apache 2.4.6 on my server and have the following virtual host config: ServerAdmin webmaster@localhost ServerName foobar1.com DocumentRoot /home/john/foobar1/foobar1.com
John Crawford
  • 101
  • 1
  • 3
-1
votes
2 answers

My VPS has been shut down now again for the second time for TOS violations, and I really need some help.

My VPS has been shut down now again for the second time for TOS violations (email spam), and I really need some help. I have been battling with my server being attacked for over a year now. Most of my sites are running Joomla ranging from 1.5…
TEN Design
  • 111
  • 1
-1
votes
1 answer

Prevent URL manipulations including /proc and /etc with fail2ban

I get many attacks on my debian apache server that include URL-manipulations like http://url_on_my_eserver/?username=/etc/passwd How can I block these attacks?
rubo77
  • 2,350
  • 10
  • 26
  • 48
-1
votes
1 answer

How to exploit a local file inclusion vulnerability in a Solaris server

I am trying to exploit a local file inclusion vulnerability on a Solaris server for my security course. The server is running Apache2 through CoolStack. What is the file that I need to open? The examples I saw so far all used Linux.
flooringleveret
  • 1
  • 1
-1
votes
1 answer

In my webserver I found may PHP with random strings

In one of my webserver, I found some new folders got created and many files are there, In access log I found many files access from that folder. Sample file: After this strings: But it I copy paste this string to a notepad nothing is visible.
TheDataGuy
  • 99
  • 1
-1
votes
1 answer

Can a reverse proxy protect from web-server exploit?

I'm looking for a security solution for my web-server Apache in windows enviroment for an authenticated services published to internet, I cannot setup a DMZ because it is heavily connect to all other servers of that network. My question is: can a…
Tobia
  • 107
  • 3
-1
votes
1 answer

What is the most secure communication between firewall, and DMZ

I have 2 virtual machines. (Vmware esxi 6) They are both opensuse 42.3 (tumbleweed) Firewall (iptables,ipset,dhcpd,dns only) mail/web server. (apache,dovecot,postfix) The web server can not communicate with the firewall, except that the traffic…
cybernard
  • 518
  • 2
  • 10
-1
votes
2 answers

Block requests containing URL of other websites

GET / HTTP/1.1" 200 166113 "-" "Mozilla/5.0 (compatible; dsada/2.0; +http://www.asd.com/search/asddd.html) I found this request repeated continuously in my logs. How can I prevent this (requests containing URLs of other websites)?
ramkumar moorthy
  • 1
1 2 3
34
35