Jump to content

andyhill

uniGUI Subscriber
  • Content Count

    797
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by andyhill

  1. My code above blocks unwanted direct file access to any SubDirectory from outside Users (does not allow it to proceed) and adds these stats to the log file ([ANDY-S]:REJECTED) - of course my app can access these SubDirectories. The Attacks-24hr.txt file is an analysis of my apps log file from where I can review and decide to manually add any rouge IP to the BlockIPList. I put this info up because I was shocked to see so many attacks and I thought programmers should know.
  2. I thought it would be of interest to UniGUI Programmers to share my 24hr Attack List for my Stand-Alone-Server here in Australia. What is of interest is the Russian Federation probing (check out the ROUGE IP's). Attackers seem to now have some basic understanding how UniGUI and Sencha work (check out the "ext-7.0.0..." probing). 125 x 45.155.205.211 CYPRUS 276 x 106.12.54.16 CHINA 295 x 3.141.21.92 AMAZON (Why ?) 452 x 39.109.114.137 HONG KONG 550 x 192.162.101.235 RUSSIA Attacks-24hr.txt
  3. Many many years ago some Email Servers required that the sender identify themselves in the eMail Headers (old code attached):- IDstr:= IntToStr(Random(999))+IntToStr(Random(999))+FloatToStr(Time)+IntToStr(Random(999))+IntToStr(Random(999))+'@MyApp.users'; ... IdMessage1.AddHeader('Mime-Version: 1.0'); IdMessage1.AddHeader('Return-Path: '+EmailFrom); IdMessage1.AddHeader('X-Originating-Email: ['+EmailFrom+']'); IdMessage1.AddHeader('X-Sender: '+EmailFrom); IdMessage1.AddHeader('X-Originating-IP: ['+IdSMTP1.Socket.Bin
  4. HTMLFrame contains a Large Video, rather than download as a File stream contents in blocks.
  5. Sherzod please advise
  6. I noticed a while ago that Mobile Safari does record close like desktop
  7. Searching the web I found this code for implementing video caching:- ' <script>'+ ' // -- Create a MediaSource and attach it to the video'+ ' const videoTag = document.getElementById("MyVideoTag");'+ ' const myMediaSource = new MediaSource();'+ ' const url = URL.createObjectURL(myMediaSource);'+ ' videoTag.src = url;'+ ' // 1. add source buffers'+ ' const audioSourceBuffer = myMediaSource.addSourceBuffer(''audio/mp4; codecs="mp4a.40.2"'');'+ ' const videoSourceBuffer = m
  8. In my case I use ElevateDB so on the ServerModule we have an ElevateDB Server Object (for general backend work unrelated to sessions) and on the MainModule we have another ElevateDB Server Object (used for Session Access only [SELECT/INSERT/DELETE/UPDATE etc.]) unrelated to the ServerModule Object. Form can access MainModule if UniMainModule.MyQuery1.Active then UniMainModule.MyQuery1.Close; Form and MainModule can also access ServerModule HOWEVER I WOULD STRONGLY DISCOURAGE if UniServerModule.SrvQry1.Active then UniServerModule.SrvQry1.Close;
  9. I am leaving now for today but look again at https://axfite.com.au Go to last Left Menu Icon (Online Shop). We present only 3 unique products, they choose a Product, they select a Default Country (used to pre-calc freight which can be overridden if required at checkout), they choose Checkout (user has to login to PayPal where we retrieve their registered, validated Address [a must as it relates to taxes]). Then the order is placed, PayPal confirms payment - then in your case you would provide the download link. Be careful, this is a live PayPal system, do not proceed w
  10. In your case you will not present the link unless the user is logged in and then only shown custom html
  11. Just tested code on Safari (iPhone etc.) - blocked as it should have.
  12. [ANDY-S]:REJECTED - 26/03/2021 09:00:15.779 - IP: 45.146.165.157, URI: /vendor/phpunit/phpunit/src/util/php/eval-stdin.php, DOCUMENT: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [ANDY-S]:REJECTED - 26/03/2021 09:00:20.908 - IP: 45.146.165.157, URI: /api/jsonws/invoke, DOCUMENT: /api/jsonws/invoke [ANDY-S]:REJECTED - 26/03/2021 09:00:27.902 - IP: 45.146.165.157, URI: /wp-content/plugins/wp-file-manager/readme.txt, DOCUMENT: /wp-content/plugins/wp-file-manager/readme.txt [ANDY-S]:REJECTED - 26/03/2021 09:00:32.869 - IP: 45.146.165.157, URI: /_ignition/execute-solution, DOCUMENT: /_
  13. Via https://axfite.com.au yes ? If so now clear browser cache and try https://axfite.com.au/images/AxfiteEditorial.pdf
  14. So did you try my code ? Did you test the concept on https://axfite.com.au ?
  15. If you do not "yourdomain / rootfolder / somefile.pdf" but instead "yourdomain / subdirectory / somefile.pdf" then you can control access via my code above, it will prevent direct access and then via login you can optionally present them with the URI.
  16. Also, you cannot delete temp files on user's PC, you do not have access.
  17. There is a slight English translation issue for me in your posting (sorry I only speak English). I think you are saying this, a validated user pays and watches a video (which is now on his PC [cache or no cache it is there as a "temp file" etc.]). How does one prevent this user from locating that downloaded video on his PC and sending it to another person - I do not believe you can prevent the inevitable. Interesting challenge ...
  18. Luis, as a suggestion, why don't you develop your project as a StandAlone EXE project first, then when all is working as expected, rebuild it as a Service or ISAPI dll and deploy. As I see it ServerModule orchestrates all HTTP/HTTPS activity etc. (Parent) MainModule is a child process of ServerModule and handles current session activity (Children) Forms are child processes of MainModule (GrandChildren) ... In my projects I build all of my DB objects in ServerModule and access my DB objects via MainModule as Forms require.
  19. Based on my testing so far:- My code above will KILL any session trying to use a starting URL involving Sub-Directories (I deliberately left root open for static html files placed there for Google Crawler etc.). eg. https://axfite.com.au Menu: Select "Fifth Left Large Icon" URI: Click "IMAGO Editorial" Works as intended Now make sure you clear your browser, Chrome: More Tools "Clear Browsing Data - cached images and files" [Clear Data]. Then try and go direct to that URI from the starting URL https://axfite.com.au/images/AxfiteEditorial.pdf We throw a 405
  20. I would suggest that instead of making a StandAlone EXE project, create it as a Windows Service where one can stop / start it at will (Net stop servicename).
  21. Based on StandAlone Server, This is my solution to discard the Robots.txt File and in addition forbid outside access to any Sub-Directories:- procedure TUniServerModule.UniGUIServerModuleHTTPCommand(ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); ... ////////////////////////////////////////////////////////////////////////////// // Check if trying to access sub-directories from the outside (not within unigui) if ( (ARequestInfo.URI <> '/') and (ARequestInfo.Referer = '') ) then begin MyHost:= LowerCase(ARequestInfo.Host); M
  22. andyhill

    godaddy ssl

    The normal way:- If you have an External IP Bound to your NIC and if you have a registered Domain Name THEN you need to advise your DNS Host (usually your ISP) to assign a DNS Record to point your Domain Name to your External IP. Different organisations including Google demand additional assigned TXT Records.
×
×
  • Create New...