jedduff
Members-
Posts
17 -
Joined
-
Last visited
-
My firefox got an update to 39.0 Now, I can't connect to my remote web console (v6). I got this message : Secure Connection Failed An error occurred during a connection to consoleeset.soges-tech.ca:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I use the server appliance in a vmware environment.
-
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
That is not a smart move from you. Letting the http proxy without password on the ESET Appliance!! I create a user password with this cmd on /opt/apache/bin ./htpasswd -c /opt/apache/.htpasswd USERNAME I create a .group on /opt/apache/ with usergroup : USERNAME on it Added the following string on the config file on /opt/apache/conf/httpd.conf (just before </Proxy>) AuthType Basic AuthName "Password Required" AuthUserFile "/opt/apache/.htpasswd" AuthGroupFile "/opt/apache/.group" Require group usergroup And voilà! My access file log is clean like water and I can see a the bad guys on the error log. You should create a kb with this informaiton.. -
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
Hi Michalp! I'm happy because I found the root of the problem Someone is trying to use the proxy. Now...How can I denied all HTTP proxy request without password? 155.133.19.30 - - [27/May/2015:19:57:59 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 213.133.97.216 - - [27/May/2015:19:58:05 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=hotmanagement.asiaHTTP/1.1" 200 254 213.133.97.216 - - [27/May/2015:19:58:08 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=8db2654a7&features=Rank&q=info:naravniporod.siHTTP/1.1" 200 31 155.133.19.30 - - [27/May/2015:19:58:05 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 91.196.48.31 - - [27/May/2015:19:58:10 -0400] "GET hxxp://179.184.10.23/search?tbo=d&filter=0&nfpr=1&source=hp&num=100&btnG=Search&q=%22site%3a.edu%22+%22%5binurl%3a%2fcampustour%2fframes%2findex.asp%3furl%5d%22+pomidorowaHTTP/1.1" 200 12373 213.133.97.216 - - [27/May/2015:19:58:24 -0400] "GET hxxp://archive.org/wayback/available?url=kopio.ru×tamp=19900101HTTP/1.1" 200 167 213.133.97.216 - - [27/May/2015:19:58:26 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=annaleenashem.blogspot.ruHTTP/1.1" 200 492 10.0.200.72 - - [27/May/2015:19:58:28 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:58:36 -0400] "POST hxxp://38.90.226.13:80/HTTP/1.1" 200 62 10.0.200.2 - - [27/May/2015:19:58:36 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.2 - - [27/May/2015:19:58:36 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.2 - - [27/May/2015:19:58:37 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 185.25.151.223 - - [27/May/2015:19:58:40 -0400] "GET hxxp://testp2.czar.bielawa.pl/testproxy.php?r=206.162.163.142:3128HTTP/1.1" 200 117 185.25.151.223 - - [27/May/2015:19:58:40 -0400] "CONNECT www.google.pl:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:58:43 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=810983536&features=Rank&q=info:texasbeatz.netHTTP/1.1" 200 31 198.50.151.0 - - [27/May/2015:19:58:26 -0400] "CONNECT www.google.pl:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:58:47 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=ncdc.unl.eduHTTP/1.1" 200 2060 155.133.19.30 - - [27/May/2015:19:58:59 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 213.133.97.216 - - [27/May/2015:19:59:05 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=itsnotokcupid.wordpress.comHTTP/1.1" 200 280 155.133.19.30 - - [27/May/2015:19:59:04 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 91.196.48.31 - - [27/May/2015:19:59:10 -0400] "GET hxxp://179.184.10.23/search?tbo=d&filter=0&nfpr=1&source=hp&num=100&btnG=Search&q=%22%5binurl%3a.edu%2fredirect.aspx%3furl%5d%22+pooperacyjn%c4%85HTTP/1.1" 200 11431 213.133.97.216 - - [27/May/2015:19:59:19 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=864f1d511&features=Rank&q=info:mohedaror.seHTTP/1.1" 200 29 10.0.200.68 - - [27/May/2015:19:59:19 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:59:20 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:59:20 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:59:27 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=lasthand.wordpress.comHTTP/1.1" 200 246 104.152.188.72 - - [27/May/2015:19:59:32 -0400] "GET hxxp://lotustours.net/forum/member.php?action=profile&uid=397552HTTP/1.0" 404 689 104.152.188.72 - - [27/May/2015:19:59:33 -0400] "GET hxxp://lotustours.net/HTTP/1.1" 200 25354 213.133.97.216 - - [27/May/2015:19:59:46 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=sparcc.wordpress.comHTTP/1.1" 200 259 64.62.219.170 - - [27/May/2015:19:59:47 -0400] "CONNECT support.microsoft.com:443 HTTP/1.0" 200 - 213.133.97.216 - - [27/May/2015:20:00:01 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=86bca50da&features=Rank&q=info:sparksoflife.coHTTP/1.1" 200 29 213.133.97.216 - - [27/May/2015:20:00:00 -0400] "GET hxxp://archive.org/wayback/available?url=mobi-games.ru×tamp=19900101HTTP/1.1" 200 172 -
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
where can i found the http proxy log? Can i enable some trace log? -
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
-
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
Yes, every client use the proxy. We have a lot of pc that aren't in the local network we want to manage -
Eset appliance burst google.ca
jedduff replied to jedduff's topic in ESET PROTECT On-prem (Remote Management)
I stop the bleeding by denied all http and https from these IP range. but it don't resolved the root of the issue ip4:216.239.32.0/19ip4:64.233.160.0/19ip4:66.249.80.0/20ip4:72.14.192.0/18ip4:209.85.128.0/17ip4:66.102.0.0/20ip4:74.125.0.0/16ip4:64.18.0.0/20ip4:207.126.144.0/20ip4:173.194.0.0/16 -
ESET Remote Administrator Agent Setup Error
jedduff replied to Blackspear's topic in ESET PROTECT On-prem (Remote Management)
Hi! Download and install the software Windows Installer Cleanup Utility. Open teh software, the Eset romate agent, delete and install again -
ok, this is really weird, We got the message "unusual traffic detected" on google when we doing google search. I did some analysis and the culprit is...the Era appliance server. Some module is doing this and I don't know why. Where can I found the log for this issue on the Era appliance?
-
Hi guys! I have an annoying problem. Before all, this is my setup : ERA Appliance, my internal computers used the internal FQDN of the ERA appliance (ex ERAConsole.localdomain.local) and my external computers (laptop, tablet etc..) are using the external FQDN (eraconsole.domain.ca) with ports forwarded to the Appliance. When I install the Agent on a external laptop, the laptop name on the Web console is the FQDN of the internet connection. My question is : How to force the use of the full computer name instead of the DNS? This is pretty annoying and it let the laptops in "lost and found" folder