All Activity

This stream auto-updates   

  1. Past hour
  2. Thanks in advance referenced 500 Internal Server Error when trying to open ''test.php'' with no luck OS: Win 10 (Not Activated) Intel core Duo 4Gb RAM Using WinIDS Apache 2 with MySQL tutorial Used MBSA before winIDS process and after did not notice a change in report Per registry net frame work is up to date I was able to see the test.php page and all other test completed per tutorial Barnyard2 shows a flow of packets Attaching php.ini and httpd.conf This is the first time installing all these tools any help is appreciated. By the way these tutorials are awesome. php.ini httpd.conf
  3. Today
  4. Yesterday
  5. Last week
  6. Earlier
  7. The error (2003) Can't connect to MySQL server on 'localhost' (10061) indicates that the network connection has been refused. Open task manager and check if MySQL server running. Use telnet to check if port 3306 is open: telnet localhost 3306 Note: You may have to install the telnet client. you should see something like this: 8.0.1f0E♥>NZ♦ !☻§F↔}#g0F[-♦U@mysql_native_password
  8. Ok so now I've got a new issue. Under Configuring the MySQL Database Server, when I run the command: mysql -u root -pd1ngd0ng I get the following error:
  9. It turned out to be permissions to test.php. I had to grant permission to the DefaultAppPool from the top of the INETPUB folder
  10. The only thing I can tell is that it's not allowing you to access the test.php because you don't have sufficient permissions? What happens if you remove the test.php file and try accessing it when it is missing. You should get the same error? Do you have a space in the word base? Look at your Physical Path - It appears you have a space in base -> ba se
  11. 1) Copied your config to Windows\System32\inetsrv\config 2) Ran this command: iisreset /restart 3) Same error page 4) Restarted the server and tried again with the same result
  12. All the files look good. Attached id my config for IIS, try it. You will need to stop IIS, replace the file, and then restart IIS. applicationHost.config
  13. windows server 2019 standard edition
  14. Go back in and verify the PHP setting in IIS. For some reason the setting sometime does not save and the settings need to be re-applied. No need to reinstall because the same problem could come back. I checked your setting and the php.ini file is good but the IIS files are for version 10 and I don't have that set of configs to match yours with. I would need to install IIS 10 to get it. What OS version are you running?
  15. Performed a new installation from scratch and ended up with the same error. Files attached... Config.zip php.ini
  16. Go back to the section below and do over. Configuring IIS for PHP, and the Windows Intrusion Detection Systems security console If that fails then zip up all the files in the Windows\System32\inetsrv\config folder and attach. Also attach the php.ini file
  17. New installation and right now I'm at the point where IIS and the PHP installation is tested. The tutorial states to run TEST.PHP but I'm getting this error: HTTP Error 401.3 - Unauthorized You do not have permission to view this directory or page because of the access control list (ACL) configuration or encryption settings for this resource on the Web server. Most likely causes: The user authenticated by the Web server does not have permission to open the file on the file system. If the resource is located on a Universal Naming Convention (UNC) share, the authenticated user may not have sufficient share and NTFS permissions, or the permissions on the share may not match the permissions on the physical path. The file is encrypted. Things you can try: Open File Explorer and check the ACLs for the file that is being requested. Make sure that the user accessing the Web site is not being explicitly denied access, and that they do have permission to open the file. Open File Explorer and check the ACLs for the share and the physical path. Ensure that both ACLs allow the user to access the resource. Open File Explorer and check the encryption properties for the file that is being requested. (This setting is located in the Advanced attribute properties dialog.) Create a tracing rule to track failed requests for this HTTP status code. For more information about creating a tracing rule for failed requests, click here. Detailed Error Information: Module CgiModule Notification ExecuteRequestHandler Handler PHP Error Code 0x80070005 Requested URL http://winids:80/test.php Physical Path d:\winids\inetpub\wwwroot\base\test.php Logon Method Anonymous Logon User Anonymous More Information: The user trying to access the page was successfully logged on, but the user does not have permission to access the resource. This means the access control list (ACL) for the resource either does not include the user or explicitly denies the user. Check the ACL for the resource and add the user to the ACL. If the content is located on a share, ensure both NTFS and share permissions allow the user access. It is also possible that the user is part of a group that is denied access. View more information » Microsoft Knowledge Base Articles: 907273 332142
  18. the wrapper password for winids-cssp-x64 is not working..thank you

    1. Morpheus

      Morpheus

      All fixed...

  19. LOL! Thank You! I didn't even notice the Hash Tags. Slaps Forehead with palm of hand . . . .
  20. I am editing the snort.conf file with notepad2 and I am confused by this section of the Tutorial for x64 MySQL install: Original Line(s):# include $PREPROC_RULE_PATH/preprocessor.rules# include $PREPROC_RULE_PATH/decoder.rules# include $PREPROC_RULE_PATH/sensitive-data.rulesChange to:include $PREPROC_RULE_PATH/preprocessor.rulesinclude $PREPROC_RULE_PATH/decoder.rulesinclude $PREPROC_RULE_PATH/sensitive-data.rules There is no change here!? Would I be correct in changing to the 'Change to:' section to this? include $PREPROC_RULE_PATH d:\winids\snort\etc\preprocessor.rules include $PREPROC_RULE_PATH d:\winids\snort\etc\decoder.rules include $PREPROC_RULE_PATH d:\winids\snort\etc\sensitive-data.rules Or is there a different path for these rules? Thank You! Jeffegg
  21. No you don't need to do anything. What you are seeing is correct. I made an error in the tutorial and have since corrected it. Check out the tutorial, and it should match your install.
  22. Hi, Thanks for replying that everything is fixed but: I apologize for being dense, but I am not sure what to do next to fix my barnyard2 installation so that snort does show exiting. I downloaded the latest Winids Barnyard2 Software Development Pack, winids-b2sdp.zip. Do I unzip it and use the barnyard2.master.zip in place of the other builds? Do I need to start over and redo my installation? Is there another file I should download? Thanks for all your help! Bob
  23. Hi, In the tutorial, it shows this: If all the tests are passed, the following is a confirmation that the Barnyard2 configuration file is good. Barnyard2 successfully loaded configuration file! Snort exiting database: Closing connection to database "snort" ********************* I ran the test. Barnyard2 spooler: Event cache size set to [32768] INFO database: Defaulting Reconnect/Transaction Error limit to 10 INFO database: Defaulting Reconnect sleep time to 5 second database: compiled support for (postgresql) database: configured to use postgresql database: schema version = 107 database: host = winids database: user = snort database: database name = snort database: sensor name = WinIDS-Home database: sensor id = 1 database: sensor cid = 1 database: data encoding = hex database: detail level = full database: ignore_bpf = no database: using the "log" facility --== Initialization Complete ==-- ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.14 (Build 337) |o" )~| By Ian Firns (SecurixLive): http://www.securixlive.com/ + '''' + (C) Copyright 2008-2013 Ian Firns <firnsy@securixlive.com> This is what my configuration showed at the end of test. Barnyard2 successfully loaded configuration file! Barnyard2 exiting database: Closing connection to database "snort" Does it have to say “snort exiting” to show that the Barnyard2 configuration is good? If so, what do I need to check to make Barnyard2 test work correctly? Thanks for your help, Bob
  24. i'm already try to add that rule to the local.rule but the same error "ERROR: 1 alerts have NOT found their way into acid_event with sid = 4 " are still appear.
  25. No, i don't add that rule on my local.rules file, because that rule already active in preprocessor.rules in folder d:\winids\snort\preproc_rules. what i do is configure my snort.config file, im delete the # on this line and change the host ip address : # ARP spoof detection. For more information, see the Snort Manual - Configuring Snort - Preprocessors - ARP Spoof Preprocessor preprocessor arpspoof preprocessor arpspoof_detect_host: 192.168.43.79 f0:0f:00:f0:0f:00 i'm generate the alert usinh angry ip scanner to scan the ip address and port address. thank you so much.
  26. What is the process you used and I'll check it on another build. Did you just add the below to your local.rules file? alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) Did you use something to generate the alert?
  27. sorry to bother you all, i trying to check arp spoofing on my winids system so i'm active the prepocrule used to detect arp spoofing. the rule look like this : alert ( msg: "ARPSPOOF_ARP_CACHE_OVERWRITE_ATTACK"; sid: 4; gid: 112; rev: 1; metadata: rule-type preproc ; classtype:bad-unknown; ) and it work it shown and give alert on barnyard2 & visual syslog server it give alert like this : 05/16-13:31:06.553294 [**] [112:4:1] spp_arpspoof: ARP Cache Overwrite Attack [**] but the alert can't show on BASE it give error on BASE, the error look like this : "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:776: ERROR: 3 alerts have NOT found their way into acid_event with sid = 4" "D:\winids\Apache24\htdocs\base\includes\base_cache.inc.php:521: ERROR: Alert "4 - 9618" could NOT be found in acid_event" what should i do to fix the error and make the alert can shown on BASE? thank you so much - Fahmi
  1. Load more activity