serverfault.com

I am facing an issue with my Google Cloud project which has been suspended due to suspected cryptocurrency mining activity. The problem is that the entire project is now restricted, and I cannot access any part of the Google Cloud Console. Every page (VM instances, IAM, logs, etc.) redirects to the appeal page. Because of this restriction, I am unable to: Check Cloud Logging for suspicious activity Stop or delete the suspected VM instance I have already submitted an appeal to Google Cloud, but it may take up to 2 business days, which is critical for our live system. My questions: Is there any way to gain limited access to the project to perform cleanup actions while the appeal is under review? Are there any alternative methods (CLI, APIs, etc.) to stop or delete resources in a suspended project? Has anyone faced a similar situation and found a faster resolution? Any guidance or sugg

I encountered a bug in MikroTik RouterOS 7.21.x where PPP secret passwords were not being saved correctly. When creating or editing PPP users (especially for SSTP), the password field did not persist. Even after setting the password via CLI or WinBox, the user would appear with the flag X - disabled in /ppp secret print. Authentication failed because the password was effectively not stored. Other fields such as service, profile, and comment were saved correctly, which suggested the PPP database itself was functioning. The problem persisted after reboot and occurred for every newly created PPP secret. Example steps to reproduce (RouterOS 7.21.4): /ppp secret add name=testuser password=test123 service=sstp profile=default /ppp secret print detail where name="testuser" Observed result: The user appears disabled (X - disabled) and the password does not appear to be

I recently set up a fedora 44 server in a home lab. I started Apache on it and installed php and php-fpm. I put in /var/www/html a PHP website (SPIP). All the files and folders of the website are owned by the apache user and have the security context system_u:object_r:httpd_sys_content:s0, except a few folders that have the system_u:object_r:httpd_sys_rw_content:s0 context. I wanted to check if SELinux was indeed limiting the actions of an intruder should the worst happen. In order to test this, I put a simple webshell at the base of the /var/www/html folder. It calls the PHP function system with whatever you sent to the webshell as an argument. The webshell has the same security context as the other files. To my surprise, the webshell runs smoothly, I can call binaries like sleep or touch. I had a look at the process tree and noticed that, when a command is

User Identity: [email protected] (and [email protected]) Source Project: sbr-coach-prod (Project Number: 8943596778866) Destination Org: beaconsfield-enterprises.com (Org ID: 13164570922) The Issue Attempting to migrate the project sbr-coach-prod from a "No Organization" (standalone) state into the Beaconsfield Organization. Despite having all required IAM roles and modifying Organization Policies, the move fails with Permission Denied (error: resourcemanager.projects.update). Steps Already Taken IAM Roles Assigned (Destination Org Level) The following roles were granted to the Beaconsfield identity at the Organization level: Organization Administrator Project Creator Project Mover Folder Admin Project Billing Manager IAM Roles Assigned (Project Level) To satisfy the "handshake," the Beaconsfield identity was invited to the sbr-coach-prod pro

I face the following error while trying to pull an image error pulling image configuration: Get "https://docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage.com/registry-v2/docker/registry/v2/blobs/sha256/e1/e1ace0ff02a53cac14dcec3a648b8b36e7212da8bdfc152442efbde66b70bc36/data?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=f1baa2dd9b876aeb89efebbfc9e5d5f4%2F20260501%2Fauto%2Fs3%2Faws4_request&X-Amz-Date=20260501T152452Z&X-Amz-Expires=1200&X-Amz-SignedHeaders=host&X-Amz-Signature=e95252d07f6684c971f1d9706232fda6279a02fd0efacf7268d6393ff604c66a": net/http: TLS handshake timeout

I spent a lot of time defining these rules but they are not working. Something is wonky. I have 2 a records on my first host (which is not hostinger) that point www.automation.MYDOMAIN.com as well as automation.MYDOMAIN.com to the IP of my VPS on Hostinger. I verified that the DNS for both A records all point properly to hostinger and are resolved properly. Pinging works and all is good. I am not using directories because i am just connecting my n8n interface running on port 5678 to the outside. What i want is very simple and i thought i had achieved it but it's not working properly. I want all my none secure requests whether with or without WWW to be redirected to the secure version of that url so that is why i configured this block: <VirtualHost *:80> ServerName automation.MYDOMAIN.com ServerAlias www.automation.MYDOMAIN.com Redirec

I'm trying to start up a productionised Keycloak on Azure Container Apps. As far as I can tell, its starting up fine but being shut down because of health probes thinking it isn't healthy. Here are the logs for the application which show it starting then being terminated ... Connecting to stream... 2026-04-30T10:26:06.64790 Connecting to the container 's175d01-ca-keycloak'... 2026-04-30T10:26:06.70026 Successfully Connected to container: 's175d01-ca-keycloak' [Revision: 's175d01-ca-keycloak--0000004', Replica: 's175d01-ca-keycloak--0000004-d95459d4b-7wfph'] 2026-04-30T10:25:58.6577656Z stdout F 2026-04-30 10:25:58,636 INFO [org.infinispan.CONTAINER] (main) ISPN000974: Virtual threads support: enabled 2026-04-30T10:25:59.7978463Z stdout F 2026-04-30 10:25:59,797 INFO [org.hibernate.orm.jdbc.batch] (JPA Startup Thread) HHH100501: Automatic JDBC statement batching enabled (maximum batch size 32) 2026-04-30T10:25:59.8935145Z stdout F 2026-04-30 10:25:59,893 WARN [io.

Goal: To bypass China's Great Firewall. Use Hysteria for all UDP traffic to increase speed for streaming videos and games. Then use VLESS for everything else (TCP). I got VLESS + Reality set up and working with help mostly from Gemini AI: 3X-UI on Ubuntu 24 on a Hong Kong server with CN2 GIA (optimized connection) to China No firewalls or security groups on the server v2rayN on Windows 11 But I want to take it the next step and also add Hysteria 2, but it's hard to get the correct info from AI and unfortunately there is very little info on setup guides (there are some Chinese videos, but no auto-translation). So far what I got for Hysteria 2 Inbound on 3X-UI: Port 4443 (3X-UI won't let me use 443 since VLESS is using that) I clicked "Set Cert from Panel" to fill in the public/private keys Everything else blank or default like blank SNI, uTLS=chrome, ALPN=h3, etc.

I have a Palo Alto PA-VM in AWS set up for a "bump-in-the-wire" firewall for traffic in the same region but different VPC and different account with a Gateway Load-Balancer (GWLB) in between. The short version of this question: does a proper GWLB setup (same region, different accounts) for a "hairpin", "bump-on-the-wire", "north-south" traffic inspection require extra pieces (such as a TGW or other intermediary step) for packets to actually reach the firewall? Is there another technical limitation I'm overlooking? I tried this same setup in my test environment first (all in the same region using different VPCs, main difference was everything on the same account) and it worked fine. I'm cheap, so I swapped the PA-VM for a Linux EC2 at that time. The current setup will have traffic moving as follows: random internet client --> IGW (data vpc) --> VPCendpoint (data vpc, for GWLB) --> GWLB (fw vpc) -->

I am trying to update resource records on a primary DNS bind9 server from a client using nsupdate. There is no issue when using the default 53 port. An issue appears when using DoT (DNS over TLS) over the port 853. The primary DNS bind9 server configuration includes: # named.conf.options tls tls-configuration { cert-file "/path/to/full_chain_cert_file"; cipher-suites "list_of_cipher_suites"; key-file "/path/to/key_file"; prefer-server-ciphers yes; protocols { TLSv1.3; }; session-tickets no; }; options { ... listen-on port 853 tls tls-configuration { !172.16.0.0/12; any; }; listen-on-v6 port 853 tls tls-configuration { !fe80::/10; any; }; ... }; Verifying the DNS server certificate from the client: $ openssl s_client -conne