Security
Need some help securing something?
33
Topics
270
Posts
Trending
Trending
The Massgrave hacker group claims to have carried out an exploit by bypassing the licensing protections of Windows and Microsoft Office, allowing the permanent and illegal activation of these software. They explain that they have cracked “almost the entire Windows and Office license protection system”. This method directly threatens Microsoft’s economic model, based on licenses and subscriptions.
The implications are serious, but for users, this illegal approach carries big risks, including exposure to malware or legal penalties. Microsoft could intervene quickly to close this loophole.
Microsoft’s licensing system has already been circumvented by methods such as hardware identifier (HWID) activation and KMS. However, what makes this recent hack remarkable is its simplicity and universal accessibility. It allows you to bypass the protections put in place by Microsoft for several years.
– More information :
https://www.ghacks.net/2024/11/30/hackers-claim-to-have-cracked-microsofts-software-licensing-protection/
A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with.
Sophisticated state-sponsored campaigns from China are constantly targeting network appliances and devices. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant. Volt Typhoon made headlines earlier this year when the FBI removed their malware from hundreds of routers across the US.
Source - MalwareBytes
https://www.malwarebytes.com/blog/news/2024/12/americans-urged-to-use-encrypted-messaging-after-large-ongoing-cyberattack
Hello Mark,
Hope you’re doing well! Got a quick security question for you. I have a website that runs on Apache with Cloudways hosting, and we’re using APIs in PHP files. Recently, I noticed some random users accessing the APIs with URLs like domain.com/file.php?data=xxxx?, which seems like an attempt to misuse the server.
Could you suggest a way to protect my server so only authorized requests can access these APIs?
Thanks a lot!
Security experts have urged Android users to delete five apps from their phones immediately over fears they are infected with malware.
Samsung Galaxy phones are particularly at risk from the nasty bug called Anatsa, which is a banking trojan.
It is capable of performing actions on a victim’s phone without them knowing, including taking money from their bank account.
The apps, which had been available on the Google Play Store, are:
Phone Cleaner – File Explorer
PDF Viewer – File Explorer
PDF Reader – Viewer & Editor
Phone Cleaner: File Explorer
PDF Reader: File Manager
Article courtesy of Life Hacker
https://lifehacker.com/tech/delete-these-android-malware-apps-asap
Russian hackers who backed Ukraine war and targeted UK hospitals during COVID pandemic are hit with sanctions
The Trickbot gang is believed to have extorted at least $180m (£145m) from victims around the world.
https://news.sky.com/story/russian-hackers-who-backed-ukraine-war-and-targeted-uk-hospitals-during-covid-are-hit-with-sanctions-12956790
I’ve just read this article in (somewhat) disbelief. Sanction them? Sure, that’ll stop 'em…
NOT
Are the UK and US security agencies and governments seriously stupid enough to actually believe this will have any impact to them whatsoever?
This is nuts. Not only did a bunch of teenagers hack into some of the best defended networks in the world, but the UK authorities allowed one individual to do this three times - despite arresting him in the first instance then bailing him - for him to do the same again - TWICE.
The legal system in the UK is a joke. The computer misuse act alone should have been enough to detain him pending trial, and yet, they released him and allowed him to continue??
https://www.bbc.com/news/technology-66549159
Now, admittedly, there is an art form here that should be leveraged and understood in order for organizations to better arm themselves against future attacks. If juveniles are able to break their way into high profile organizations, then this would literally be kindergarten for an experienced nefarious actor.
It seems that high profile companies will continue to remain targets while they focus more effort on profits than user vulnerability. According to the article, the attackers bombarded employees with access requests and some approved this access as a way of making it stop!
There are several extremely valuable lessons that can be learned from these events - one of them being able to determine the level of risk posed by an individual - which it seems that the UK authorities completely failed to do.
More on the recently updated Computer Misuse Act can be found below
https://www.gov.uk/government/consultations/review-of-the-computer-misuse-act-1990/review-of-the-computer-misuse-act-1990-consultation-and-response-to-call-for-information-accessible
Hello,
I am looking for ways to make the weavers that we top the world a little more secure via web servers etc…
I saw this article which allows to best configure the kernel:
https://www.thegeekdiary.com/sysctl-setting-for-high-load-and-prevent-ddos/
Do you think this config is valid @phenomlab or would you have others to offer?
I know Iptables can be a good tool too. I saw this article about it (but ideally for centOS, maybe it’s good for ubuntu server ?):
https://javapipe.com/blog/iptables-ddos-protection/
Using Virtualmin, if you have tricks for firewallD (installed by default), I’m interested.
Besides, FirewallD is based on its own app or on Iptables or something else like ufw?
I would be curious to know because I use it to open certain ports.
In short, a topic to list all the tips for securing a server and in this case a server without of course disturbing users accessing the web server and in this case, for me it is nodebb
cya
It would appear that there are ever increasing instances where AI-empowered chatbots and neural networks such as OpenAI’s ChatGPT have been used to create phishing emails that evade standard security detections due to the lack of typical spelling, grammar, and syntax errors that are commonly found in such emails.
https://openai.com/blog/chatgpt/
These chatbots are also capable of supplying content for misinformation and disinformation campaigns given their advanced writing capabilities that allow the generation of entire documents and forum / social media posts with both persuasive language and speed. Previously, spotting a poorly constructed phishing email was a relatively simple exercise owing to obvious spelling and grammatical mistakes, but this is slowly becoming a thing of the past owing to the rise of AI powered chatbots.
You’ve likely encountered chatbots when asking for support on a retail site, or with your online bank – these seemingly “helpful” (sometimes ) attendants are based on machine learning, and can quickly adapt a conversation based on input from the requester. Whilst some of these chatbots are still very synthetic in nature, ChatGPT is an advanced system that can very easily make it appear you are talking to another human. See enclosed for an example – in this case, it’s even smart enough to question the ethics of a discussion before it continues after receiving validation that the user intends to secure their own property, and not break into someone else’s.
During its learning and training phase, ChatGPT is actually free to use and try out. This has the unfortunate side effect of making it an invaluable tool for cyber criminals who are currently leveraging it’s capabilities in order to evade detection from traditional rulesets designed to stop email based on grammar and other authoring techniques. Previous campaigns often used “keyword stuffing” which is a technique designed to confuse older protection models by inserting random words in other existing text making them nonsensical, but allowing them to bypass older and less reliable filters because the standard checking algorithms are unable to determine if they are fake or not.
ChatGPT has also been used in some nefarious campaigns to make it look like you are conversing with a human, when in fact, it is under the control of a malicious actor with criminal intent. This relatively new technology inevitably opens the floodgates for cyber criminals, and due to it’s convincing nature, it can easily make malicious emails appear harmless in nature, look legitimate, and therefore increasing the successful delivery rate of such content.
Hi all,
I’m curious to understand how you all connect to your servers - hopefully, it’s at the very least using SSH and at the better end of the spectrum, using a key and passphrase combination. For those who are curious to understand why we need a key and passphrase, it’s because without it, your SSH session is still subject to brute force. In addition, you should NEVER allow root to login directly - either at the console physically (if you have a physical server within your reach), or via SSH session.
In this case, you should be using a normal account to gain access via SSH, then elevating your session using
su - or su root
Permitting login as root directly is simply asking for trouble, and will effectively negate your security completely by allowing a complete stranger to bruteforce and then assume control of your server. You should also use a firewall to permit access to SSH via specified and approved IP addresses.
This is security101 and an industry standard.
Now it’s confession time on your part…
The other part of the bargain would be which SSH client you should use. There’s the go-to PUTTY for Windows, or even the command line (which has been greatly simplified in Windows 10/11). However, one I recently started using which is 100% free and extremely powerful is Bitvise
https://www.bitvise.com/
Seriously, if you haven’t already got this application in your toolkit, then it’s time to add it.
I keep seeing this spread all over other forums I’m a member of, and whilst I’ve never actually used it (or really had a need for it), I’m curious to know if anyone else here has
https://tails.boum.org/
I thought it would also make a great discussion topic for the privacy discerning members we have here
I am recently encountering google social login issue on my flarum, all other social logins are working. https://discuss.flarum.org/d/25182-friendsofflarum-oauth/343
https://i.imgur.com/rC5YD04.png
setting the firewall OFF is solving the login issue but this is not the right solution
what could be the problem of my issue? i am checking this with FoF i understand this is something related to flarum but at the same time i want to take your opinion on handling this
is white listing CF ips would solve the issue, is it a good idea? https://www.cloudflare.com/ips-v4
below mentioned is MOD security error log
https://docs.plesk.com/en-US/onyx/administrator-guide/server-administration/web-application-firewall-modsecurity.73383/
[Wed Jun 15 02:09:18.099771 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 02:09:43.382478 2022] [proxy_fcgi:error] [pid 6366:tid 140208569825024] [client 162.158.162.17:0] AH01071: Got error 'Primary script unknown'
[Wed Jun 15 02:09:45.804391 2022] [autoindex:error] [pid 6366:tid 140208595003136] [client 162.158.163.14:0] AH01276: Cannot serve directory /var/www/vhosts/domain.com/ask.domain.com/: No matching DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm,index.shtml) found, and server-generated directory index forbidden by Options directive
[Wed Jun 15 02:11:10.538868 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 02:11:13.352938 2022] [core:crit] [pid 7496:tid 140208544646912] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:11:13.886369 2022] [core:crit] [pid 7496:tid 140208536254208] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
[Wed Jun 15 02:11:15.698434 2022] [core:crit] [pid 7497:tid 140208603395840] (13)Permission denied: [client 162.158.162.89:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:11:19.502834 2022] [core:crit] [pid 7496:tid 140208527861504] (13)Permission denied: [client 162.158.162.235:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:12:49.204611 2022] [core:crit] [pid 7496:tid 140208519468800] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:12:49.779996 2022] [core:crit] [pid 7496:tid 140208511076096] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
[Wed Jun 15 02:12:50.099405 2022] [core:crit] [pid 7496:tid 140208502683392] (13)Permission denied: [client 162.158.163.222:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:12:50.446347 2022] [core:crit] [pid 7497:tid 140208586610432] (13)Permission denied: [client 162.158.163.222:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:12:50.949608 2022] [core:crit] [pid 7496:tid 140208494290688] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
[Wed Jun 15 02:12:51.099223 2022] [core:crit] [pid 7496:tid 140208477505280] (13)Permission denied: [client 162.158.163.214:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:12:51.457845 2022] [core:crit] [pid 7496:tid 140208469112576] (13)Permission denied: [client 162.158.162.99:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable, referer: https://ask.domain.com/
[Wed Jun 15 02:13:09.700752 2022] [core:crit] [pid 7496:tid 140208452327168] (13)Permission denied: [client 162.158.163.200:0] AH00529: /var/www/vhosts/domain.com/ask.domain.com/public/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/var/www/vhosts/domain.com/ask.domain.com/public/' is executable
[Wed Jun 15 02:14:44.147673 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 02:27:52.232283 2022] [proxy_fcgi:error] [pid 9780:tid 140208569825024] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.010149 2022] [proxy_fcgi:error] [pid 9768:tid 140208217462528] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.500941 2022] [proxy_fcgi:error] [pid 9768:tid 140208511076096] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.519289 2022] [proxy_fcgi:error] [pid 9768:tid 140208251066112] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.548120 2022] [proxy_fcgi:error] [pid 9768:tid 140208569825024] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.592215 2022] [proxy_fcgi:error] [pid 9768:tid 140208561432320] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.613714 2022] [proxy_fcgi:error] [pid 9768:tid 140208553039616] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.645807 2022] [proxy_fcgi:error] [pid 9768:tid 140208536254208] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.667662 2022] [proxy_fcgi:error] [pid 9768:tid 140208368465664] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.728957 2022] [proxy_fcgi:error] [pid 9768:tid 140208603395840] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.784193 2022] [proxy_fcgi:error] [pid 9768:tid 140208360072960] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.790822 2022] [proxy_fcgi:error] [pid 9780:tid 140208553039616] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.815988 2022] [proxy_fcgi:error] [pid 9768:tid 140208351680256] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.850240 2022] [proxy_fcgi:error] [pid 9780:tid 140208536254208] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.876244 2022] [proxy_fcgi:error] [pid 9780:tid 140208511076096] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.920156 2022] [proxy_fcgi:error] [pid 9780:tid 140208494290688] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:55.930878 2022] [proxy_fcgi:error] [pid 9768:tid 140208259458816] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:56.039324 2022] [proxy_fcgi:error] [pid 9780:tid 140208452327168] [client 162.158.163.222:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:56.090775 2022] [proxy_fcgi:error] [pid 9768:tid 140208527861504] [client 162.158.163.214:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:27:56.192898 2022] [proxy_fcgi:error] [pid 9768:tid 140208595003136] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error: Uncaught Error: Object of type Blomstra\\Redis\\Extend\\Redis is not callable in /var/www/vhosts/domain.com/ask.domain.com/extend.php:23\nStack trace:\n#0 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(65): require()\n#1 /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Foundation/Site.php(38): Flarum\\Foundation\\Site::loadExtenders()\n#2 /var/www/vhosts/domain.com/ask.domain.com/site.php(47): Flarum\\Foundation\\Site::fromPaths()\n#3 /var/www/vhosts/domain.com/ask.domain.com/public/index.php(10): require('...')\n#4 {main}\n thrown in /var/www/vhosts/domain.com/ask.domain.com/extend.php on line 23'
[Wed Jun 15 02:29:43.170174 2022] [:error] [pid 9768:tid 140208519468800] [client 162.158.163.214:0] [client 162.158.163.214] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlEF05yvNKGrhj@JcvjRwAAAAo"]
[Wed Jun 15 02:31:56.359284 2022] [:error] [pid 9768:tid 140208267851520] [client 162.158.163.222:0] [client 162.158.163.222] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlEnE5yvNKGrhj@JcvjVAAAABA"]
[Wed Jun 15 02:32:52.681099 2022] [:error] [pid 9768:tid 140207462545152] [client 162.158.162.17:0] [client 162.158.162.17] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlE1E5yvNKGrhj@JcvjWQAAABY"]
[Wed Jun 15 02:35:03.919471 2022] [proxy_fcgi:error] [pid 9768:tid 140208578217728] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4198400 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Frontend/Compiler/JsCompiler.php on line 58'
[Wed Jun 15 02:41:58.453864 2022] [:error] [pid 9768:tid 140208578217728] [client 162.158.163.214:0] [client 162.158.163.214] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "YqlG9k5yvNKGrhj@JcvjbAAAAAM"]
[Wed Jun 15 19:02:46.831198 2022] [:error] [pid 9780:tid 140208544646912] [client 162.158.163.230:0] [client 162.158.163.230] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.profile openid https:/www.googleapis.com/auth/userinfo.email"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yqos1ok86vzjmWxiXhdjWQAAAEc"]
[Wed Jun 15 19:20:16.365823 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 20:37:24.316972 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 20:38:11.296962 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 20:54:00.391607 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 20:56:59.767639 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 21:23:31.169513 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Wed Jun 15 21:26:51.529563 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 00:00:06.258800 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 00:00:12.462299 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 00:10:49.866051 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 00:15:09.871371 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 04:26:42.517867 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 04:38:37.132509 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Thu Jun 16 16:51:01.892066 2022] [proxy_fcgi:error] [pid 214153:tid 140208536286976] [client 162.158.163.192:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 2097152 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
[Thu Jun 16 16:51:25.710449 2022] [proxy_fcgi:error] [pid 214139:tid 140208360105728] [client 162.158.162.235:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8388608 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/sycho/sourcemap/src/parsing/SegmentParser.php on line 51', referer: https://ask.domain.com/admin
[Thu Jun 16 16:51:30.075556 2022] [proxy_fcgi:error] [pid 214139:tid 140208616523520] [client 162.158.162.17:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
[Thu Jun 16 16:51:55.763089 2022] [proxy_fcgi:error] [pid 214139:tid 140208402069248] [client 162.158.162.225:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 8388608 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/sycho/sourcemap/src/parsing/SegmentParser.php on line 52', referer: https://ask.domain.com/admin
[Thu Jun 16 16:51:57.093191 2022] [proxy_fcgi:error] [pid 214139:tid 140208536286976] [client 162.158.162.123:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 32768 bytes) in /var/www/vhosts/domain.com/ask.domain.com/storage/less/lessphp_cp1441skk1kwk4sk8sggocso4ccwsws.lesscache on line 3', referer: https://ask.domain.com/admin
[Fri Jun 17 00:00:06.016973 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Fri Jun 17 00:00:12.356501 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 00:00:07.083509 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 00:00:13.358214 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 04:40:29.461238 2022] [:error] [pid 522273:tid 140208435574528] [client 162.158.163.14:0] [client 162.158.163.14] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile openid https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yq1XPW3j44ht3Vj6@4NbLgAAAFM"]
[Sat Jun 18 04:43:42.949876 2022] [:error] [pid 522245:tid 140208622507776] [client 162.158.162.225:0] [client 162.158.162.225] ModSecurity: Access denied with code 403 (phase 2). Matched phrase ".profile" at ARGS:scope. [file "/etc/apache2/modsecurity.d/rules/comodo_free/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt||ask.domain.com|F|2"] [data "Matched Data: .profile found within ARGS:scope: email profile https:/www.googleapis.com/auth/userinfo.email https:/www.googleapis.com/auth/userinfo.profile openid"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "ask.domain.com"] [uri "/auth/google"] [unique_id "Yq1X-hcxu015Y@ZC6uBIZQAAAAU"]
[Sat Jun 18 04:49:19.569052 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 05:01:59.656548 2022] [ssl:warn] [pid 1326:tid 140208871599168] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 05:11:12.533569 2022] [ssl:warn] [pid 561930:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 05:11:12.556320 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 05:11:16.385620 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
[Sat Jun 18 05:11:29.136927 2022] [proxy_fcgi:error] [pid 562138:tid 140494503876352] [client 162.158.163.14:0] AH01071: Got error 'PHP message: PHP Fatal error: Allowed memory size of 134217728 bytes exhausted (tried to allocate 4202496 bytes) in /var/www/vhosts/domain.com/ask.domain.com/vendor/flarum/core/src/Frontend/Compiler/JsCompiler.php on line 58', referer: https://ask.domain.com/admin
[Sat Jun 18 05:30:12.149110 2022] [ssl:warn] [pid 561932:tid 140494744509504] AH01909: ask.domain.com:443:0 server certificate does NOT include an ID which matches the server name
It’s been a number of years since I have done much programing and want to secure some places user can input data on a webpage I am creating.
I essentially have an HTML page that has some javascript sliders where I user can select different values to filter results back from my database. I also have one drop down.
When the user clicks “submit” I run a call to a php file on my website that then grabs the data from the mysql database and returns it to the web app.
I tried to use sliders and a drop down so there would be no user input, but i am pretty sure the user could just use the path to the php file and just type a web address into the search bar along the line of:
myfile.php?T=
My first guess is to use a simple filter within the php file and since all the values that come in should be a number from 1-100 and then the drop down is like 1 of five words.
Would it be enough to just check if the number are a number 1-100 and if the drop down is one of the 5 specific words and then just not run the rest of the code if it doesn’t fit one of those perameters?
Why is a VPN so important ?
Picture this. You’re surfing the web at home, minding your own business, and suddenly a raft of unexpected adverts relating to what you’ve been looking at on the web appear in front of you as soon as you visit another site, or perhaps take a break and come back to your browser session later… As invasive as this sounds, it’s not uncommon by any stretch of the imagination - neither is the sale of your browsing history to third parties - and even worse, such activity isn’t illegal. Ok, so your smart… you open an Incognito browser session, so now nobody can see what you’re doing, right ?
Wrong.
The Incognito browser session doesn’t record anything locally on your PC, and will destroy all browsing evidence as soon as you close that tab, but don’t be under any illusion (or let anyone convince you otherwise) that your browsing activities are masked from the outside world. They aren’t. All internet requests will spool through your internet service provider. They can see all of your browsing activity, what sites you’ve been to, what you’ve been looking at etc, etc. so full privacy in this case is a misconception. The only way to stay truly anonymous anywhere in this digital world is to live completely off the grid in a forest somewhere. No cell phone, no address, no internet, nothing - especially not social media. However, whilst we all want privacy, yet have no real intentions of getting back to nature and basics in order to maintain that, what’s the next best thing ?
Use a VPN to surf the web
The foremost solution to the privacy conundrum is to use a VPN service to surf the web. Your ISP (Internet Service Provider) will know what IP Address you have been issued, and will see that you are connected to a VPN service, but owing to the nature of the traffic being encrypted between your machine and the VPN endpoint, the ISP will not be able to see or inspect any of the resultant traffic. Sounds great, right ? Yes, of course it does, and there are plenty of providers out there that will offer this service relatively cheaply. A VPN is also used to work around GEO fencing (geographical restrictions applied to services such as Netflix to prevent access to US based content from another country for example) - when you are connected to the VPN, you are connected to a US based endpoint, meaning Netflix thinks you are in the US, and then serves the content as a result. Netflix has some of the toughest GEO restrictions in place, but there are a small handful of providers who are able to bypass this - some even have a high success rate in China.
The downside to the cheaper VPN’s is that they can actually see what you are accessing, and therefore, could provide this to external parties, or divulge it at the request of a subpoena. Worse still, that VPN which is supposed to mask your activity in fact is doing the opposite in the sense that although the ISP can no longer see what you are doing, the VPN operator can. When you are looking for a VPN service, it’s important to choose one that offers privacy and security. One that immediately springs to mind for me (and yes, I use this myself on all PC’s and my cell phone) is NordVPN. The real reason for this is that the company is based in Panama - a privacy haven by default, and does not log any of your traffic. They have two independent audits completed by one of the big 4 firms (PwC), and also a well known security firm. Both entities drew the same conclusion - NordVPN does not keep logs of user activity, and it does not track you either.
To anyone else reading this thread and thinking that this isn’t true, then you’ve never been through an audit in your life . If you claim to do something and then can’t prove it in an audit, you’ll fail that same process and you’ll be out of business before you know it owing to a loss of client trust and confidence alone. It’s important to note that, auditing is a double edged sword. Sure, you are stating your compliance to a set of narratives (direct instructions exactly how you conduct business, and the operation itself), but auditors will look for any chink in the armour - this is what they are paid to do. This is why you never self audit, but always gain independent attestation of your controls by a third party with no bias.
Currently, NordVPN do log some activity to disk (nothing that identifies you or your browsing session) so that does raise the question of retention etc, but is shortly moving to a RAM based model where once the server has been rebooted, all traces of any activity are forensically destroyed.
I was going to write a review about my favourite VPN service (NordVPN), but seeing as VPN Mentor beat me to it I’ll just leave this here. It’s very thorough, and a great read.
https://www.vpnmentor.com/reviews/nordvpn/
Subcategories
-
Malware
Get help with malware removal here
-
Privacy
Looking to protect your privacy?
-
Vulnerability
Want to know more about threats?