Jump to content

irigsoft

uniGUI Subscriber
  • Posts

    794
  • Joined

  • Last visited

  • Days Won

    7

Everything posted by irigsoft

  1. i have added and check by Useragent too ( to ignore big IP list). I have create other list and load from another file.
  2. Yes, but I dont use BlockedIpList. I was create my own TStringlist and load it from file. OnServermodule.HtmlCommand then check if remoteIp is in list and close the Session. That is how work to me
  3. Hello, I was made OneSignal. After update android studio (I have android project) to last version, then i have made on Android application notification service. This work but Android device must be >= android 9
  4. Here is list with Ip from link above: https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/td-p/124612 Is not complete but get most of IP's from link WebScannersIpList.txt If someone want to add this in BlockedIpList
  5. Hello, I think I found solution of this. on procedure TUniServerModule.UniGUIServerModuleHTTPCommand( just add this headers: AResponseInfo.CustomHeaders.AddValue('Cache-Control', 'no-cache, no-store, must-revalidate'); //HTTP 1.1 AResponseInfo.CustomHeaders.AddValue('Pragma','no-cache');////HTTP 1.0 AResponseInfo.CustomHeaders.AddValue('Expires', '0'); https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html this maybe will extend data transfer between Client and Server (will use more traffic)
  6. @lcolombo, were you able to replace these js files with their new versions?
  7. in this topic, security experts have recommended the replacement of files. While currently working on the security of my server, I saw that some were trying to access these system files (maybe looking for some vulnerability in them). I tried to update them and I understand that this is not possible (it is understandable on your part) and I looking for solution.
  8. And what is the solution to this vulnerability ?
  9. @Sherzod, does it matter if I use local files and URLs in this CustomFile? If I have in my list: " \mydir\customfile1.js https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js \mydir\othercustomfile.js \mydir\customfile3.js https://www.gstatic.com/firebasejs/7.21.1/firebase-firestore.js " is it possible to get wrong loading of files (If some files or URL in the list is not exist) or is not matter ?
  10. Okay, how? Add to my CustomFiles via TUniServerModule.UniGUIServerModuleCreate (Sender: TObject) ;, but after loading the address http: // myserver: port / uni-1.90.0.1526 / jQuery / MaskedInput / jquery.inputmask.min.js browser shows version 3 (older version)
  11. Hello, Is it possible to add a new version of these libraries via URL (for example: https://cdnjs.cloudflare.com/ajax/libs/jquery.inputmask/5.0.8-beta.1/jquery.inputmask.min.js ) in CustomFiles or do I need to add it to another list (who is it)?
  12. @Sherzod , Where is "top of your access control" in our unigui app. I test Censys on my server and it returns a lot of information about my headers, html document and so on. Where can I write code to block this scanner (hide information) when it intercepts a sent GET request from the scanner to my server. Is UniGUIServerModuleHTTPCommand "top of your access control"? If I use this UniGUIServerModuleHTTPCommand code in the first place, why does the response from the unigui server have so much returned information? is It possible to clear all responce info ? IF BlockedIPList.Count > 0 then begin if BlockedIPList.IndexOf (ARequestInfo.RemoteIP) > -1 then begin AResponseInfo.ContentText := '<h1>Blocked IP</h1>'; Handled := True; AResponseInfo.CloseSession; GOTO ENDALL; end; end;
  13. All web crawlers (scanners) show everyone information about the vulnerabilities of your server, I think this should be taken into account and blocked or controlled. That's why I'm raising a new topic on the security of our servers. If some has managed to block them (in the IIS, Apache, or the unigui application itself) and wants to help. Can we apply methods from this topic to block this scanners ? https://community.checkpoint.com/t5/Management/HowTo-Block-IoT-scanners-like-Shodan-Censys-Shadowserver-PAN/td-p/124612 Censys: https://developerinsider.co/censys-find-and-analyze-any-server-and-device-on-the-internet/ Shodan: https://blog.checkpoint.com/2016/01/04/check-point-threat-alert-shodan/ Shadowserver: https://www.shadowserver.org/news/the-scannings-will-continue-until-the-internet-improves/ list of scanners: https://udger.com/resources/ua-list/crawlers why I want to stop scanners: https://www.hackerfactor.com/blog/index.php?/archives/840-Why-I-want-to-block-internet-scanners.html
  14. I changed my code because WhiteIpList can't be used here.
  15. well, then I have to change my logic to the other topic
  16. I create my logic in another topic, when the ip is in the whiteiplist, then I do not check this ip by country. if it's not there, then I'm checking the state. But I understand that if I put some IP addresses in whiteIpList, then only those IP addresses can connect to my server, others are blocked by default from the unigui framework. Am I right ?
  17. I will use this logic and must to know what is right way to do it. "In this situation, there are some limitations that the user will encounter: 1. My application is not a website, this is a web application, REST server, etc. and it will need access data. 2. If the user wants to connect to this web application, then he will need: 2.1 full URL of the application (there is some data that you will receive from the owner of the server to connect to the application) 2.2 user and password 3. If they know this information and want to use a Site-to-Site VPN, then they will receive information about which country they will need to use to connect to the web application. 4. A certain IP address can always be added to the list of trusted addresses (WhiteIPList) and blocking by country will not be affected I think that the combination of all these parameters will allow the normal operation of even such users."" So 1. if IP from another Country is in WhiteIPList, then will not be blocked 2. I try it but when is populated some Ip's in WhiteIPList, then every IP outside of this list is blocked. So this is a bug with WhiteIPList or is the right way to work ?
  18. @Sherzod, If I have a WhiteIPList filled with some IP addresses, these IP addresses are allowed to work with the unigui server. I filled in some IP addresses in my WhiteIPList because they are secure, but I want other IP addresses to work, is this possible if I have a WhiteIPList filled in or only the IP addresses in this list can access the server? Example: 1. WhiteIPList populated with: 121.45.55.66 2. I try to connect with this IP (121.45.55.66) and everything is fine 3. If i try to connect with IP 21.22.33.99, then I get "Access denied 21.22.33.99" How to enable IP 21.22.33.99 to work with a server without adding it to WhiteIPList?
  19. maybe this will help if You using IIS: https://stackoverflow.com/questions/47942288/request-client-certificate-on-javascript request cert in javascript: https://stackoverflow.com/questions/38055847/request-client-certificate
  20. I'm just trying to add more security options to my app. I have created a main topic in this forum and I am trying to fill it with some security methods and discuss their effectiveness. This is just another line on my security list. I am not a security expert and more information from colleagues like you is useful to me. I hope we can all work together to make our applications more secure.
  21. @Frederick In this situation, there are some limitations that the user will encounter: 1. My application is not a website, this is a web application, REST server, etc. and it will need access data. 2. If the user wants to connect to this web application, then he will need: 2.1 full URL of the application (there is some data that you will receive from the owner of the server to connect to the application) 2.2 user and password 3. If they know this information and want to use a Site-to-Site VPN, then they will receive information about which country they will need to use to connect to the web application. 4. A certain IP address can always be added to the list of trusted addresses and blocking by country will not be affected I think that the combination of all these parameters will allow the normal operation of even such users.
  22. A user who connects to unigui Server and does not try to hack or other things has no problem working if is on WhiteIPList. You are right, this control stop some legitimate user, but this is just settings so owner of server will select them as they want. This reminds me that the unigui app can check if the user is in the WhileIPList and not block it, even if it is outside Germany. I fixed my code.
  23. But the bad kind of spoofing can be controlled. There are five things, among others, that you can do to help prevent IP spoofing and its related attacks from affecting your network: Use authentication based on key exchange between the machines on your network; something like IPsec will significantly cut down on the risk of spoofing. Use an access control list to deny private IP addresses on your downstream interface. Implement filtering of both inbound and outbound traffic. Configure your routers and switches if they support such configuration, to reject packets originating from outside your local network that claim to originate from within. Enable encryption sessions on your router so that trusted hosts that are outside your network can securely communicate with your local hosts. So, when unigui Framework will enable
  24. @Frederick, I try to control every user that connect to my unigui server. If they try some action that I dont allow, then this user is blocked.
×
×
  • Create New...