sehh

  • Total activity 126
  • Last activity
  • Member since
  • Following 0 users
  • Followed by 0 users
  • Votes 0
  • Subscriptions 32

Posts

Recent activity by sehh Recent activity Votes
  • Attack via php session id

    In the past month or so, I noticed a new attack on our servers. Many accounts of ours generate this error multiple times: PHP Warning: session_start(): The session id is too long or contains ill...

  • strange browser string (Mozilla/4.0 ... compatible)

    I've noticed in my logs some strange behaviour from a few rare clients. Things appear normal at first, I see a Chrome browser sending requests like: "GET /favicon.ico HTTP/1.1" 200 1406 "mydomai...

  • all-in-one IP protection

    As far as I know, once a system has been compromised (virus, rootkit, etc), it acts as a zombie host for a number of things. Thus, the same compromised system may act as a proxy to send spam, parti...

  • SSL authentication and gmail (SSL error)

    I've disabled the "Allow Plaintext Authentication" under "Mailserver Configuration". Everything is working great, except gmail. We have several gmail accounts that connect and download emails from...

  • strange and too many authentication failures from legitimate clients

    I'm having the following problem. The /var/log/maillog and /var/log/exim_reject are reporting a large number of failed authentication logins from my own client PCs. For example, one PC uses Thunde...

  • Quota is "stuck" and won't change

    I have two accounts in a cPanel server, which show a quota of 4000MB. Both accounts are close to that limit (around 3900MB), so cPanel started sending out warning emails about the quota limit. Whe...

  • Anyone seen this type of GET requests? GET /?epl=

    I'm receiving GET requests of the type: [quote] GET /?epl=xjFv5-RFSnCLevmcq2p0e65rd7UgoXCK5C7-x8zgo7mQvaOpuJAsnO0BFaGKINARDFzaWVg_9gsXMRRdvWgkWzoEAiHFbPYVFz418trzthe7SPUxwkFASqlybzUhVwbTfFGS-345rS...

  • modsec rule for POST /cgi-bin/php

    Has anyone made a modsecurity rule to block requests of this type? POST /cgi-bin/php POST /cgi-bin/php5 POST /cgi-bin/php-cgi POST /cgi-bin/php.cgi POST /cgi-bin/php4 I'm looking for one already ...

  • new remote exploit? (suhosin)

    Today I found a new kind of attack on our servers, but it doesn't seem to be successful, still I'd like to see what you guys think. The attacks come from the IP address (DE): 176.9.28.244 They at...

  • Server Name Indication (SNI) - usable?

    How usable is the new Server Name Indication (SNI) feature? I understand that it is not supported by a wire range of clients, some of them are: - Internet Explorer on WinXP - Safari on WinXP - Bl...