Jump to content

jedduff

Members
  • Posts

    17
  • Joined

  • Last visited

About jedduff

  • Rank
    Newbie
    Newbie

Profile Information

  • Location
    Canada
  1. My firefox got an update to 39.0 Now, I can't connect to my remote web console (v6). I got this message : Secure Connection Failed An error occurred during a connection to consoleeset.soges-tech.ca:8443. SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message. (Error code: ssl_error_weak_server_ephemeral_dh_key) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. I use the server appliance in a vmware environment.
  2. That is not a smart move from you. Letting the http proxy without password on the ESET Appliance!! I create a user password with this cmd on /opt/apache/bin ./htpasswd -c /opt/apache/.htpasswd USERNAME I create a .group on /opt/apache/ with usergroup : USERNAME on it Added the following string on the config file on /opt/apache/conf/httpd.conf (just before </Proxy>) AuthType Basic AuthName "Password Required" AuthUserFile "/opt/apache/.htpasswd" AuthGroupFile "/opt/apache/.group" Require group usergroup And voilà! My access file log is clean like water and I can see a the bad guys on the error log. You should create a kb with this informaiton..
  3. Hi Michalp! I'm happy because I found the root of the problem Someone is trying to use the proxy. Now...How can I denied all HTTP proxy request without password? 155.133.19.30 - - [27/May/2015:19:57:59 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 213.133.97.216 - - [27/May/2015:19:58:05 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=hotmanagement.asiaHTTP/1.1" 200 254 213.133.97.216 - - [27/May/2015:19:58:08 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=8db2654a7&features=Rank&q=info:naravniporod.siHTTP/1.1" 200 31 155.133.19.30 - - [27/May/2015:19:58:05 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 91.196.48.31 - - [27/May/2015:19:58:10 -0400] "GET hxxp://179.184.10.23/search?tbo=d&filter=0&nfpr=1&source=hp&num=100&btnG=Search&q=%22site%3a.edu%22+%22%5binurl%3a%2fcampustour%2fframes%2findex.asp%3furl%5d%22+pomidorowaHTTP/1.1" 200 12373 213.133.97.216 - - [27/May/2015:19:58:24 -0400] "GET hxxp://archive.org/wayback/available?url=kopio.ru&timestamp=19900101HTTP/1.1" 200 167 213.133.97.216 - - [27/May/2015:19:58:26 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=annaleenashem.blogspot.ruHTTP/1.1" 200 492 10.0.200.72 - - [27/May/2015:19:58:28 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:58:36 -0400] "POST hxxp://38.90.226.13:80/HTTP/1.1" 200 62 10.0.200.2 - - [27/May/2015:19:58:36 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.2 - - [27/May/2015:19:58:36 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.2 - - [27/May/2015:19:58:37 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 185.25.151.223 - - [27/May/2015:19:58:40 -0400] "GET hxxp://testp2.czar.bielawa.pl/testproxy.php?r=206.162.163.142:3128HTTP/1.1" 200 117 185.25.151.223 - - [27/May/2015:19:58:40 -0400] "CONNECT www.google.pl:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:58:43 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=810983536&features=Rank&q=info:texasbeatz.netHTTP/1.1" 200 31 198.50.151.0 - - [27/May/2015:19:58:26 -0400] "CONNECT www.google.pl:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:58:47 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=ncdc.unl.eduHTTP/1.1" 200 2060 155.133.19.30 - - [27/May/2015:19:58:59 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 213.133.97.216 - - [27/May/2015:19:59:05 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=itsnotokcupid.wordpress.comHTTP/1.1" 200 280 155.133.19.30 - - [27/May/2015:19:59:04 -0400] "GET hxxp://www.proxygen.pl/httptest.phpHTTP/1.1" 200 21 91.196.48.31 - - [27/May/2015:19:59:10 -0400] "GET hxxp://179.184.10.23/search?tbo=d&filter=0&nfpr=1&source=hp&num=100&btnG=Search&q=%22%5binurl%3a.edu%2fredirect.aspx%3furl%5d%22+pooperacyjn%c4%85HTTP/1.1" 200 11431 213.133.97.216 - - [27/May/2015:19:59:19 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=864f1d511&features=Rank&q=info:mohedaror.seHTTP/1.1" 200 29 10.0.200.68 - - [27/May/2015:19:59:19 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:59:20 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 10.0.200.68 - - [27/May/2015:19:59:20 -0400] "CONNECT edf.eset.com:443 HTTP/1.1" 200 - 213.133.97.216 - - [27/May/2015:19:59:27 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=lasthand.wordpress.comHTTP/1.1" 200 246 104.152.188.72 - - [27/May/2015:19:59:32 -0400] "GET hxxp://lotustours.net/forum/member.php?action=profile&uid=397552HTTP/1.0" 404 689 104.152.188.72 - - [27/May/2015:19:59:33 -0400] "GET hxxp://lotustours.net/HTTP/1.1" 200 25354 213.133.97.216 - - [27/May/2015:19:59:46 -0400] "GET hxxp://data.alexa.com/data?cli=10&dat=snbamz&url=sparcc.wordpress.comHTTP/1.1" 200 259 64.62.219.170 - - [27/May/2015:19:59:47 -0400] "CONNECT support.microsoft.com:443 HTTP/1.0" 200 - 213.133.97.216 - - [27/May/2015:20:00:01 -0400] "GET hxxp://toolbarqueries.google.com/tbr?client=navclient-auto&ch=86bca50da&features=Rank&q=info:sparksoflife.coHTTP/1.1" 200 29 213.133.97.216 - - [27/May/2015:20:00:00 -0400] "GET hxxp://archive.org/wayback/available?url=mobi-games.ru&timestamp=19900101HTTP/1.1" 200 172
  4. where can i found the http proxy log? Can i enable some trace log?
  5. And by proxy, I mean this (view attach file)
  6. Yes, every client use the proxy. We have a lot of pc that aren't in the local network we want to manage
  7. I stop the bleeding by denied all http and https from these IP range. but it don't resolved the root of the issue ip4:216.239.32.0/19ip4:64.233.160.0/19ip4:66.249.80.0/20ip4:72.14.192.0/18ip4:209.85.128.0/17ip4:66.102.0.0/20ip4:74.125.0.0/16ip4:64.18.0.0/20ip4:207.126.144.0/20ip4:173.194.0.0/16
  8. Hi! Download and install the software Windows Installer Cleanup Utility. Open teh software, the Eset romate agent, delete and install again
  9. I guys! yesterday, I deploy the Vmware tools on my Eset appliance Now this appeared on my appliance The server is running smoothly. How can I edit this?
  10. ok, this is really weird, We got the message "unusual traffic detected" on google when we doing google search. I did some analysis and the culprit is...the Era appliance server. Some module is doing this and I don't know why. Where can I found the log for this issue on the Era appliance?
  11. Hi guys! I have an annoying problem. Before all, this is my setup : ERA Appliance, my internal computers used the internal FQDN of the ERA appliance (ex ERAConsole.localdomain.local) and my external computers (laptop, tablet etc..) are using the external FQDN (eraconsole.domain.ca) with ports forwarded to the Appliance. When I install the Agent on a external laptop, the laptop name on the Web console is the FQDN of the internet connection. My question is : How to force the use of the full computer name instead of the DNS? This is pretty annoying and it let the laptops in "lost and found" folder
  12. I don't know why, but my server look like it don't update itself hxxp://i.share.pho.to/976fa728_o.png I wait like 20 minutes, nothing happen (and my CRON is ok) My server is the only one I have, ERA Virtual Appliance Can you help me on this?
×
×
  • Create New...