Raspberry Pi Forums

raspi-owner

Hi, i want some info about this:

1) Does a vpn work with a webserver ? and if so,can it work with no-ip ?

2) Does the vpn change my public ip or my LAN ip ?

3) Does a vpn add security to the webserver ?

thank's

raspi-owner

Hi, i have a folder with the name: host_2 and in my logs i found that someone could get the name of my folder and got access to my wordpress website from there with the "GET" methode..so how did he do that ?? and can he access my data base and everything (becuase i didn't make wordpress secure)

raspi-owner

can anyone help ??

raspi-owner

here is what i get in the logs: Message: Warning. Matched phrase "WPScan" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "59"] [id "913100"] [rev "2"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: WPS...

raspi-owner

SurferTim wrote: ↑
Wed Oct 11, 2017 2:16 pm
A 200 is a success. No apparent security problem there. The client was sending a POST request instead of a GET for your home page.

thank's, i thought that i was hacked after all security and tests that i have made..have a nice day

raspi-owner

The first set you posted were requesting your home page (GET / HTTP1.1). 51.15.58.234 - - [10/Oct/2017:14:17:35 +0200] "GET / HTTP/1.1" 200 376 The next set were requesting your php or cgi setup pages if you were ignorant enough to have them installed. The requests for them failed. 209.66.128.2 - -...

raspi-owner

SurferTim wrote: ↑
Wed Oct 11, 2017 1:49 pm
I'm not saying they didn't hack you, but those all that would be important or vulnerable look like fails (error 404).

thanks, but i dont understand why they get the "200" aka "ok" message in some of them ??

raspi-owner

51.15.58.234 - - [10/Oct/2017:14:16:47 +0200] "GET / HTTP/1.1" 200 432 "-" "Wget/1.16 (linux-gnu)" 51.15.58.234 - - [10/Oct/2017:14:17:35 +0200] "HEAD / HTTP/1.1" 200 374 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.6 (KHTML, like Gecko) Chrome/20.0.1092.0 Safari/536.6" 51.15.58.234 - -...

raspi-owner

after some research i found that it's not a big deal and that hacker is runnig some kind of proxy server that search for other servers to put in that kind of file,so i guess i must make mine more secure to prevent similar hacks.

raspi-owner

maybe you must do a "sudo apt-get update" and "sudo apt-get upgrade" than restart installing apache2.

edit: yeah as you said.

raspi-owner

is it because fail2ban start ssh and apache no script jails only ??

raspi-owner

ShiftPlusOne wrote: ↑
Thu Sep 28, 2017 3:22 pm
Was it a strong password? I think it's important to figure out what happened here.

yep it was and i have wordpress (in another folder) with some plugins

raspi-owner

did you leave the rpi open to the internet with user pi / default password? no,not at all.. i created a new username with a new password and deleted the pi user plus i have found that this guy have had the same problem as me : https://www.digitalocean.com/community/questions/apache-error-wp-login-p...

raspi-owner

do you recommand me to restart everything from zero because i checked for apache no script and it seem working ??

raspi-owner

Martin Frezman wrote: ↑
Thu Sep 28, 2017 2:15 pm

in the log of fail2ban it show the ip of the hacker
I don't see that in any of the OP's posts (i.e., you are the first to post it).

Have you been in PM with OP (so you know things about the case that are not in the thread) ?

didn't understand what you mean (sorry) can you explain ??

raspi-owner

Have you somehow disabled [apache-noscript] port = http,https logpath = %(apache_error_log)s in fail2ban, because that jail should catch tests for non-existent php scripts and block the remote user? Are you running fail2ban 0.9.6-2 or an earlier version? testproxy.php has been a hack attempt for ab...

raspi-owner

Isn't it more likely that there is no problem here at all? Modern software tends to create all kinds of temporary files, with sometimes somewhat suspicious names, all the time. We've come to accept it. They can't possibly document all the various files and temporary files that they create. You just...

raspi-owner

1) remove port forwarding on your router 2) shut down the RPI 3) download a new version of raspbian and put it on a new SDcard 4) add a new user and disable the user pi 5) create a new version on your RPi server machine 6) recover any files off your old sdcard not exectuables . did you leave the rp...

raspi-owner

hi, i have recently got a random php file: "testproxy.php" on my server..how can someone hack into my folder and put it there,please help !!

raspi-owner

will do my best to learn more about all this stuff..thank's for the answers.

raspi-owner

No they won't if you apply some sensible security controls. https://www.raspberrypi.org/documentation/configuration/security.md i did almost everything in that tutorial expect ssh key login and customizing the ufw..plus my fail2ban jail.local doesn't match with the one in the website (i have sshd i...

raspi-owner

Port forward and firewall is ALWAYS the better choice. If you put any machine in a DMZ that opens ALL ports, your firewall rules need to be much more robust as you're relying on them to keep the baddies out. but what if i got hacked with port forwarding...the hacker will be able to see the other de...

raspi-owner

Hi, i want to make sure that i choose the correct one before starting my web server on the pi, so: 1)The port forwarding is more secure as said on many forums "BUT" if a hacker could do his job than all my local connection is in danger 2) The DMZ is less secure "BUT" i'm only going to open port 80 a...

raspi-owner

D'après ce que j'ai lit stretch support uniquement php7

raspi-owner

nevermind,now i start the script manually in background and stop it before shutting down..it still not what i wanted to do but it's doing the job until i find a good solution,thank's everyone for giving a lot of advices and explanations

Search found 60 matches

web server with vpn ??

can a hacker guess folder name ??

Re: is mod_security working correctly ??

is mod_security working correctly ??

Re: what is this in my access.log ??

Re: what is this in my access.log ??

Re: what is this in my access.log ??

what is this in my access.log ??

Re: someone puted a file on my server !!

Re: trying to install apache with "sudo apt-get install apache2 -y" failed

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

Re: someone puted a file on my server !!

someone puted a file on my server !!

Re: port forwarding or dmz ??

Re: port forwarding or dmz ??

Re: port forwarding or dmz ??

port forwarding or dmz ??

Re: Probleme installation serveur web

Re: python script dont want to work