Press ctrl+c to copy the text from an error message.
No need to painstakingly copy it out into the Google search…
This works for all standard OS supplied message boxes.
e.g.
will copy as:
---------------------------
Error!!!
---------------------------
Error: 0xc000005. Access violation.
---------------------------
OK Cancel
---------------------------
@Williamsburg sure it’s possible, and it shouldn’t be too difficult either.
I will speak about Mailgun because I am familiar with them, but it may be possible with other services also.
In Mailgun you route incoming email using “routes”. e.g. you can declare a route commanding mailgun to forward all mails who’s recipient address matches a certain regex to a certain email.
The routing mechanism is controllable through the web UI and also programatically via their API.
Their API documentation is clear and easy to understand.
Basically you will need to programatically create a new route whenever a listing is added. It can be achieved using a simple POST request.
This is free to distribute. I can’t find the source now for credit.
CUSTOM.zip
@Knaper-Yaden why don’t you try this simple experiment:
run
"C:\Windows\SysWOW64\cmd.exe" /c echo ^%processor_architecture^%
on a 64bit machine…
@CtrlAltDel said in Populer Software Alternatives:
That’s just photopea in an iframe with more ads… why not use the original?
There was a big outage today in parts of the Internet due to a problem Level 3
@Williamsburg said in Dynamic Email routes:
it’s not needed as Mailgun will receive all email’s sent to my domain anyway
correct 
http://www.angusj.com/pdftkb/ is a cute program that I used to use before I payed for a PDF editor.
@Chaim-Hirsch it depends how strong you would like the block to be.
To block only unsophisticated users it may be possible to use various weak methods such as a proxy that only allows certain urls, or a browser extension, or a dns resolver that only resolves certain domains.
@Chocolate said in How to secure a server:
I din’t get the point, if they will manage to crack my pass then whats the difference if it’s root on a non-root with sudo privileges? they can do whatever they wand with sudo.
You are right if they have your password.
There ways of getting into an account without having the password.
Anything else to do except for whitelisting inbound connections, it’s not really possible for me to do that?
It’s possible to whitelist/blacklist complete ranges of addresses. IDK, maybe that would work for you.
Just out of curiosity how do they manage to hack a 16 digit password that is a combination of letters caps & digits, it should take years, no?
It is indeed very very unlikely that they brute-forced/guessed a strong password.
Why are you sure that they got in via SSH? Did you go through logs?
Maybe your password was in the clear somewhere?
There are many possibilities.
It is כדאי to understand how they got in, in order to protect yourself in future.
what are those guys gaining? except for them deleting a couple of files nothing changed, whats their goal?
BTW, the general rule in the industry is that once bad guys have gotten on to your server, you should never trust it again. i.e. wipe it and start fresh.
@Chocolate in addition you should enable the firewall and only allow inbound connections on a as-needed basis. If you only need incoming SSH from specific IPs only enable those IPs.
@Chocolate said in How to secure a server:
should I disable SSH for root? should I change SSH port? allow SSH only with key? install Fail2Ban?
Do every single one… but mainly disable SSH for root (but still give your root user a strong password) and allow SSH only with key. The others will lessen the hacking attempts and clean up your logs a bit but are not critical.
There was a big outage today in parts of the Internet due to a problem Level 3
@Chaya-sara are you exporting it as PDF? PDF supports hyperlinks.
@Hacker26 I haven’t finished an exhaustive check…
My initial comments.
This seems to be a slimmed down version of Bar Illan which I am very familiar with.
1st thing I noticed was that the data files (FILE00.XXX etc.) don’t seem to get installed.
@CtrlAltDel said in Populer Software Alternatives:
That’s just photopea in an iframe with more ads… why not use the original?
I think step 1 is to identify the ransomware strain. In this case it seems to be Rapid Ransomware (or some variant of it) based on the file extension and the note.
Does anyone know of a good company that can decrypt those files potentially? It’s quite critical…
I think you’re barking up the wrong tree. There seems to be a lot of information sharing within the community in the fight against ransomware, and if a decryption tool would exist, I think it would be freely available.
A quick Google search seems to suggest that there is no known weakness in the crypto of this particular ransomware.
Please note also that it is entirely possible using strong crypto to encrypt a file in a way that there is no feasible method to decrypt it using any known technology.
At this point I would channel my resources into other recovery methods.
Sorry for the bad news.
(Please do double check that there really isn’t any know weakness and that this really is Rapid Ransomware. https://www.nomoreransom.org/en/decryption-tools.html is a good resource, backed by some big anti-virus companies).