irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 3 minutes ago, andyhill said: Via https://axfite.com.au yes ? If so now clear browser cache and try https://axfite.com.au/images/AxfiteEditorial.pdf Browser cleared: no problem to download Google with chrome. My problem is exact the same. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 Windows Explorer: Error 405 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 Now error occurred in Google Chrome . Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 I use Chrome, are you sure you cleared ALL images ? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 4 minutes ago, andyhill said: I use Chrome, are you sure you cleared ALL images ? Yes, now in Microsoft Ege: domain is opened, file is blocked. Now, the same in Goolge Chrome : domain is opened, file is blocked . no cache clearing. One tab for domain, other with link to file. Now file is opened again with Goolge Chrome Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 [ANDY-S]:REJECTED - 26/03/2021 09:00:15.779 - IP: 45.146.165.157, URI: /vendor/phpunit/phpunit/src/util/php/eval-stdin.php, DOCUMENT: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [ANDY-S]:REJECTED - 26/03/2021 09:00:20.908 - IP: 45.146.165.157, URI: /api/jsonws/invoke, DOCUMENT: /api/jsonws/invoke [ANDY-S]:REJECTED - 26/03/2021 09:00:27.902 - IP: 45.146.165.157, URI: /wp-content/plugins/wp-file-manager/readme.txt, DOCUMENT: /wp-content/plugins/wp-file-manager/readme.txt [ANDY-S]:REJECTED - 26/03/2021 09:00:32.869 - IP: 45.146.165.157, URI: /_ignition/execute-solution, DOCUMENT: /_ignition/execute-solution [ANDY-S]:REJECTED - 26/03/2021 09:12:25.602 - IP: 47.114.114.56, URI: /_ignition/execute-solution, DOCUMENT: /_ignition/execute-solution [ANDY-S]:REJECTED - 26/03/2021 09:12:26.191 - IP: 47.114.114.56, URI: /vendor/phpunit/phpunit/src/util/php/eval-stdin.php, DOCUMENT: /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php [ANDY-S]:REJECTED - 26/03/2021 09:12:56.778 - IP: 47.114.114.56, URI: /manager/html, DOCUMENT: /manager/html [ANDY-S]:REJECTED - 26/03/2021 09:12:58.238 - IP: 183.191.30.218, URI: http://110.242.68.4/, DOCUMENT: / [ANDY-S]:REJECTED - 26/03/2021 09:17:15.270 - IP: 213.214.86.89, URI: /images/axfiteeditorial.pdf, DOCUMENT: /images/AxfiteEditorial.pdf [ANDY-S]:REJECTED - 26/03/2021 09:17:19.874 - IP: 213.214.86.89, URI: /images/axfiteeditorial.pdf, DOCUMENT: /images/AxfiteEditorial.pdf Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 Just tested code on Safari (iPhone etc.) - blocked as it should have. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 I cant understand how it's work. One time file is open from url without open domain. Other time domain is opened, error 405 ocure from link to file Other link open file, with no problems. Befor every try I clear browser's cache Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 If I click on link , no problem to open file Goolge chrome. If I copy link and past to new tab in Chrome, I get error 405 Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 In your case you will not present the link unless the user is logged in and then only shown custom html Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 Try this: just click on link: If so now clear browser cache and try https://axfite.com.au/images/AxfiteEditorial.pdf no problem to open file Copy link "https://axfite.com.au/images/AxfiteEditorial.pdf" and paste to new browser tab: error 405 ocure Without Browser clear cache Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 there is something strange I try to open link via QrCode and error 405 ocure (Samsung Browser and mobile Goolge Chrome), but in every try to open by Click on link no problem ocures in Google Chrome. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 25, 2021 Author Share Posted March 25, 2021 I want to block the user from receiving the file or an login form should appear if you just click (paste) the link, but it doesn't happen Quote Link to comment Share on other sites More sharing options...
andyhill Posted March 25, 2021 Share Posted March 25, 2021 I am leaving now for today but look again at https://axfite.com.au Go to last Left Menu Icon (Online Shop). We present only 3 unique products, they choose a Product, they select a Default Country (used to pre-calc freight which can be overridden if required at checkout), they choose Checkout (user has to login to PayPal where we retrieve their registered, validated Address [a must as it relates to taxes]). Then the order is placed, PayPal confirms payment - then in your case you would provide the download link. Be careful, this is a live PayPal system, do not proceed with payment unless you want to purchase the items. Quote Link to comment Share on other sites More sharing options...
andyhill Posted April 9, 2021 Share Posted April 9, 2021 I thought it would be of interest to UniGUI Programmers to share my 24hr Attack List for my Stand-Alone-Server here in Australia. What is of interest is the Russian Federation probing (check out the ROUGE IP's). Attackers seem to now have some basic understanding how UniGUI and Sencha work (check out the "ext-7.0.0..." probing). 125 x 45.155.205.211 CYPRUS 276 x 106.12.54.16 CHINA 295 x 3.141.21.92 AMAZON (Why ?) 452 x 39.109.114.137 HONG KONG 550 x 192.162.101.235 RUSSIA Attacks-24hr.txt 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 9, 2021 Author Share Posted April 9, 2021 12 hours ago, andyhill said: Attackers seem to now have some basic understanding how UniGUI and Sencha work Hello, Thanks to share. How You know that unigui was blocking all request? Do You have some info in log file like "/script" was blocked or something else to be sure how was worked under attacks. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 9, 2021 Author Share Posted April 9, 2021 I didn't see anything saved from javascript injection attacks. Do You sure that not it was made. If was made, what may to be stolen. Some cookie, html script or else. Do You analyze that ? Quote Link to comment Share on other sites More sharing options...
andyhill Posted April 9, 2021 Share Posted April 9, 2021 My code above blocks unwanted direct file access to any SubDirectory from outside Users (does not allow it to proceed) and adds these stats to the log file ([ANDY-S]:REJECTED) - of course my app can access these SubDirectories. The Attacks-24hr.txt file is an analysis of my apps log file from where I can review and decide to manually add any rouge IP to the BlockIPList. I put this info up because I was shocked to see so many attacks and I thought programmers should know. 3 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 10, 2021 Author Share Posted April 10, 2021 7 hours ago, andyhill said: I put this info up because I was shocked to see so many attacks and I thought programmers should know. I completely agree, and the file is very useful for anyone who wants to test their application for attacks. Of course, it is best to leave this in the hands of professionals in this field, but we can test some problems. It even impresses me that a specific version of unigui has been tested, is there already a breakthrough in this version and in the next ones? Since so far I have not been able to find a correct way to block javascript injections, I decided to ask if you have found one and do you have any idea what could be extracted as information through it? Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 10, 2021 Author Share Posted April 10, 2021 Does anyone know how to apply this: The following JavaScript security best practices can reduce this risk. Avoid eval(): Don’t utilize this command in code, since it simply executes passed argument if it is a JavaScript expression. This means if the hacker succeeds in manipulating input value, he or she will be able to run any script she wants. Instead, opt for alternative options that are more secure. Set secure cookies: To ensure SSL/HTTPS is in use, set your cookies as “secure,” which limits the use of your application’s cookies to only secure web pages. Set API access keys: Assign individual tokens for each end user. If these tokens don’t match up, access can be denied or revoked. Use safe methods of DOM manipulation: Methods such as innerHTML are powerful and potentially dangerous, as they don’t limit or escape/encode the values that are passed to them. Using a method like innerText instead provides inherent escaping of potentially hazardous content. This is particularly useful in preventing DOM-based XSS attacks. Quote Link to comment Share on other sites More sharing options...
Stemon63 Posted April 12, 2021 Share Posted April 12, 2021 On 3/25/2021 at 11:33 PM, irigsoft said: If I click on link , no problem to open file Goolge chrome. If I copy link and past to new tab in Chrome, I get error 405 Hi, Have you solved your problem? I have the same trouble; sometimes files are showed, sometimes they are blocked with code 405. Any hint? Thanks! Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 12, 2021 Author Share Posted April 12, 2021 14 hours ago, Stemon63 said: Hi, Have you solved your problem? I have the same trouble; sometimes files are showed, sometimes they are blocked with code 405. Any hint? Thanks! Hello, I failed. I didn't really look for it, I just wrote it down for me as a problem. I think the problem exists when you click the url link. No problem opening / downloading a file even without login. Error 405 gives it when you put an url directly in the address bar This is a big problem for me, but I will use a Uniq user session ID to activate direct file access. When User try to access the file, I will first check if a user session is open and only then will I allow the download. In reality, if the user does not have an open session, access will be blocked, similar to blocking the directory from the code above. At the moment I have made so that in case of an attempt to open a directory other than TEMP, the communication is terminated with "Access denied". This will also be the case for accessing the files: 1. Check if there is an open session - we block access via direct url click 2. If there is an open session and it is active, then I check if there is an attempt to download the file from the directory for the specific user. When the user logs in to Temp, a special directory is created just for him and all the files that he will have access to will be in it. 3. This files are live some minutes after create it in this directory. Quote Link to comment Share on other sites More sharing options...
Stemon63 Posted April 13, 2021 Share Posted April 13, 2021 15 hours ago, irigsoft said: Hello, I failed. I didn't really look for it, I just wrote it down for me as a problem. I think the problem exists when you click the url link. No problem opening / downloading a file even without login. Error 405 gives it when you put an url directly in the address bar This is a big problem for me, but I will use a Uniq user session ID to activate direct file access. When User try to access the file, I will first check if a user session is open and only then will I allow the download. In reality, if the user does not have an open session, access will be blocked, similar to blocking the directory from the code above. At the moment I have made so that in case of an attempt to open a directory other than TEMP, the communication is terminated with "Access denied". This will also be the case for accessing the files: 1. Check if there is an open session - we block access via direct url click 2. If there is an open session and it is active, then I check if there is an attempt to download the file from the directory for the specific user. When the user logs in to Temp, a special directory is created just for him and all the files that he will have access to will be in it. 3. This files are live some minutes after create it in this directory. Hi, can you share your example code for this, so I will try if works for my scenario? Thanks in advance. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted April 13, 2021 Author Share Posted April 13, 2021 16 minutes ago, Stemon63 said: Hi, can you share your example code for this, so I will try if works for my scenario? Thanks in advance. Hi, I am sorry but i don't have code. This is still only idea. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.