irigsoft Posted July 23, 2022 Author Share Posted July 23, 2022 On 7/23/2022 at 9:40 PM, Sherzod said: MainForm.Script: Ext.onReady(function() { if (self == top) { document.getElementsByTagName("body")[0].style.display = 'block'; } else { top.location = self.location; } }); ok now thanks, what do you think, will this code block the iframe from loading on my form as mentioned in the link above? I extend with some frame busting code, based to this: https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet According to OWASP, these are the two most common techniques for preventing and mitigating clickjacking: Send directive response headers to the proper content security policy (CSP) frame ancestors to instruct the browser not to allow framing from other domains. (This replaces the older X-Frame-Options HTTP headers.) - AResponseInfo.CustomHeaders.AddValue('Content-Security-Policy', 'frame-ancestors ''none''; frame-src ''none''; object-src ''none''; '); Use defensive code in the application to make sure the current frame is the top-level window. - code from above Quote Link to comment Share on other sites More sharing options...
Sherzod Posted July 23, 2022 Share Posted July 23, 2022 The best way is to test this code in practice. 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted July 24, 2022 Author Share Posted July 24, 2022 13 hours ago, Sherzod said: The best way is to test this code in practice. I tried with the URLFrame demo to load another demo just by adding the code and when the second demo is loaded in the frame it crashes but when loaded directly in the browser it works fine. So everyone, my experience is successful and the code can be used as Frame Buster based on this information: https://seclab.stanford.edu/websec/framebusting/framebust.pdf https://owasp.org/www-pdf-archive/OWASP_AppSec_Research_2010_Busting_Frame_Busting_by_Rydstedt.pdf Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 30, 2022 Author Share Posted September 30, 2022 Hello, here is a new inquiry from a penetration testing company. How to protect yourself if the site's certificate is for a specific domain. Example: "My domain for example www.test.com (ip 123.123.123.123) I have certificate for domain (*.test.com) So when user write www.test.com all is OK. But when enter IP address 123.123.123.123 I have no certificate so browser has certificate problem. " If anyone can help it is welcome. Quote Link to comment Share on other sites More sharing options...
likemike Posted September 30, 2022 Share Posted September 30, 2022 Hello! It's not possible to bind a certificates to an IP-address. It's only possible to bind it to a domain! Quote Link to comment Share on other sites More sharing options...
irigsoft Posted September 30, 2022 Author Share Posted September 30, 2022 18 minutes ago, likemike said: Hello! It's not possible to bind a certificates to an IP-address. It's only possible to bind it to a domain! yes it is. The problem is explained well in the thread, the penetration testing company wants to block access (or session) if you refer to the site by IP and not by domain name. I've written some sample code that should handle the problem, but I have no way to test it outside of localhost. This code should solve the colleague's problem. If anyone has a similar or better example, it would be helpful for everyone if they shared it. Of course, a great solution is to enable the mandatory redirect to https Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 7, 2022 Author Share Posted November 7, 2022 Hello, new security quest "HTTP verb tampering": Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 11, 2022 Author Share Posted November 11, 2022 Hello to all. I have add a new security risk Cross-Site Request Forgery (CSRF) attacks and possible solution - Referer Validation, born from this topic: and explained here: https://portswigger.net/web-security/csrf https://portswigger.net/web-security/csrf/lab-referer-validation-depends-on-header-being-present https://www.progress.com/documentation/sitefinity-cms/configure-referrer-validation https://www.progress.com/documentation/sitefinity-cms/configure-referrer-validation https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns possible solutions: 1. add CustomMeta tag <meta name="referrer" content="no-referer"> and no more referral information will be visible! 2. Add AResponse.Header : Referrer-Policy: no-referer and no more referral information will be visible! 3. Validating of Referer 3.1 add CustomMeta tag <meta name="referrer" content="strict-origin-when-crossorigin"> or <meta name="referrer" content="unsafe-url">, always send referer! 3.2. Add AResponse.Header : Referrer-Policy: unsafe-url, always send referer! 3.3 Make RefererValidation function and try to validate Referer and Origin on UniGUIServerModuleHTTPCommand explained here: https://portswigger.net/web-security/csrf function RefererValidation begin if (TRIM (ARequestInfo.RawHeaders.Values ['Referer']) <> '') AND (TRIM (ARequestInfo.RawHeaders.Values ['Origin']) <> '') then begin if (Copy (ARequestInfo.RawHeaders.Values ['Referer'],1,Length (ARequestInfo.RawHeaders.Values ['Origin'])) <> ARequestInfo.RawHeaders.Values ['Origin']) then begin AResponseInfo.ContentText := '<h1>No valid Referer !</h1>'; Handled := True; AResponseInfo.CloseConnection:=true; AResponseInfo.CloseSession; end; end; end; 4. Add and trace whitelist of enabled HOST. like is explained here : https://www.progress.com/documentation/sitefinity-cms/configure-referrer-validation#referrer-validation-settings If someone have another solution please share. Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 11, 2022 Share Posted November 11, 2022 I have modified my ServerModuleHTTPCommand Handler that rejects questionable website access, below is 24hrs of rejections on my trivial, non-advertised, non-promoted, non-indexed site which is only used by me. Check out 173.230.152.150 who incidentally uses multiple simultaneous attacks at the same time. Note the attackers are aware of some of UniGUI structures as well as trying direct access to the cache. I have put these results up here so that as developers we can get an understanding of what our sites are dealing with - imagine what a large well used, well indexed site has going on. ROUGE IP LIST (REJECTED) 001 x 72.137.69.120 001 x 45.181.121.221 001 x 125.27.181.6 001 x 195.140.224.193 001 x 35.162.172.231 001 x 157.48.255.76 001 x 87.255.198.221 001 x 14.201.36.74 001 x 73.61.71.207 001 x 201.106.38.200 001 x 123.27.65.204 001 x 178.234.204.37 001 x 45.159.17.224 001 x 211.245.204.49 001 x 37.20.150.72 001 x 118.71.165.176 001 x 20.168.11.78 001 x 41.73.210.250 001 x 58.186.71.36 001 x 13.68.200.73 001 x 41.232.199.114 001 x 37.192.194.51 001 x 173.16.23.144 001 x 58.187.171.228 001 x 223.230.83.38 001 x 77.50.175.223 001 x 37.19.205.193 001 x 192.241.205.39 001 x 197.221.255.189 001 x 49.207.207.5 001 x 212.188.66.46 001 x 109.226.221.253 001 x 194.55.186.126 001 x 89.218.91.51 001 x 95.82.98.209 001 x 125.164.4.107 001 x 185.57.31.124 001 x 107.189.164.86 001 x 178.66.184.80 001 x 46.164.149.22 001 x 118.200.32.215 001 x 197.211.221.254 001 x 5.165.176.190 001 x 89.146.178.84 001 x 78.138.131.88 001 x 185.220.100.243 001 x 5.172.5.7 001 x 103.155.131.101 001 x 106.215.64.102 001 x 157.48.147.101 001 x 82.200.190.166 001 x 83.136.236.126 001 x 37.113.240.185 001 x 89.237.196.131 001 x 219.155.141.46 001 x 110.137.73.119 001 x 103.18.184.2 001 x 65.25.87.242 001 x 202.172.28.198 001 x 5.218.50.147 001 x 93.88.142.146 001 x 46.242.14.78 001 x 8.29.105.46 001 x 109.195.150.228 001 x 91.205.208.89 001 x 157.48.185.25 001 x 80.242.99.226 001 x 193.49.213.61 001 x 5.8.212.212 001 x 180.246.82.223 001 x 193.200.21.236 001 x 193.193.252.8 001 x 37.201.199.229 001 x 195.62.71.141 001 x 37.23.49.42 001 x 213.230.127.93 001 x 90.188.242.225 001 x 103.169.187.43 001 x 5.130.136.148 001 x 78.196.234.230 001 x 103.97.204.14 001 x 103.176.25.15 001 x 125.167.56.69 001 x 41.38.243.240 001 x 149.57.16.134 001 x 194.156.136.129 001 x 34.118.30.82 001 x 191.101.41.77 001 x 193.47.61.60 001 x 207.81.33.54 001 x 94.225.227.181 001 x 45.232.201.16 001 x 46.236.167.59 001 x 46.147.54.52 001 x 200.116.212.218 001 x 202.173.124.27 001 x 38.242.231.133 001 x 109.207.199.62 001 x 46.98.165.112 001 x 208.64.158.255 001 x 207.2.121.168 001 x 87.225.26.242 001 x 77.233.21.142 001 x 198.52.170.136 001 x 45.229.209.139 001 x 41.249.5.185 001 x 213.59.151.20 001 x 37.215.22.69 001 x 195.191.32.47 001 x 195.191.146.63 001 x 78.31.102.214 001 x 188.166.87.233 001 x 37.228.242.38 001 x 151.249.175.80 001 x 176.232.62.251 001 x 109.237.2.66 001 x 105.71.19.80 001 x 176.198.114.150 001 x 93.182.35.242 001 x 49.36.144.60 001 x 94.54.1.170 001 x 176.212.108.128 001 x 95.54.81.140 001 x 37.139.53.9 001 x 171.246.207.110 001 x 92.37.220.102 001 x 178.79.93.4 001 x 40.77.188.198 001 x 40.77.188.237 001 x 40.77.189.181 001 x 92.142.126.156 001 x 40.77.190.155 001 x 188.113.129.41 001 x 156.198.60.182 001 x 88.241.51.193 001 x 5.138.66.89 001 x 164.138.91.188 001 x 149.34.244.182 001 x 180.243.9.177 001 x 37.19.218.140 001 x 46.119.23.160 001 x 46.211.88.194 001 x 176.98.224.183 001 x 160.177.77.72 001 x 95.27.199.64 001 x 49.206.130.120 001 x 46.39.56.227 001 x 37.144.59.18 001 x 190.2.139.221 001 x 94.63.170.102 001 x 185.32.135.218 001 x 46.138.129.77 001 x 40.77.188.144 001 x 40.77.188.219 001 x 40.77.189.185 001 x 40.77.190.140 001 x 40.77.189.86 001 x 171.225.184.208 001 x 78.106.215.156 001 x 40.77.167.105 001 x 201.141.19.2 001 x 5.59.14.40 001 x 149.34.244.181 001 x 103.21.185.72 001 x 60.249.25.135 001 x 91.235.178.56 001 x 37.112.56.150 001 x 51.132.184.248 001 x 45.89.253.192 001 x 77.37.146.175 001 x 94.25.172.114 001 x 83.135.185.251 001 x 81.30.211.85 001 x 193.107.74.230 001 x 176.146.197.22 001 x 91.201.177.16 001 x 87.214.155.147 001 x 83.220.178.1 001 x 178.54.63.27 001 x 195.206.34.141 001 x 212.232.51.140 001 x 46.98.138.165 001 x 194.44.50.219 001 x 212.66.43.211 001 x 77.66.178.43 001 x 197.211.61.52 001 x 180.26.49.18 001 x 109.169.212.185 001 x 37.113.156.22 001 x 95.58.11.214 001 x 46.173.82.165 001 x 45.86.202.152 001 x 83.169.216.127 001 x 37.73.64.183 001 x 5.181.211.223 001 x 188.163.80.68 001 x 176.41.144.163 001 x 176.109.14.231 001 x 95.87.72.142 001 x 77.51.203.147 001 x 95.110.71.188 001 x 188.163.83.88 001 x 160.154.226.86 001 x 91.201.117.194 001 x 198.199.95.173 001 x 41.34.247.169 001 x 104.28.243.149 001 x 103.55.33.181 001 x 102.129.82.60 001 x 197.32.227.42 001 x 34.211.56.246 001 x 156.209.49.194 001 x 197.253.109.68 001 x 85.174.91.210 001 x 94.29.20.239 001 x 117.248.109.118 001 x 147.30.124.140 001 x 217.113.127.33 001 x 5.164.242.119 001 x 93.178.123.226 001 x 185.193.198.191 001 x 85.250.228.9 001 x 102.190.209.147 001 x 59.153.240.255 001 x 51.91.11.172 001 x 156.216.232.26 001 x 89.179.45.44 001 x 80.254.127.154 001 x 118.70.125.210 001 x 49.36.19.165 001 x 174.31.47.201 001 x 90.89.6.66 001 x 115.72.76.180 001 x 94.233.250.232 001 x 195.2.73.88 001 x 217.71.237.153 001 x 195.2.78.111 001 x 87.76.241.215 001 x 193.0.204.200 001 x 92.124.205.186 001 x 188.187.156.1 001 x 85.76.78.83 001 x 178.133.145.78 001 x 186.156.224.159 001 x 80.192.145.147 001 x 2.135.14.199 001 x 114.122.133.170 001 x 5.18.151.65 001 x 109.237.98.226 001 x 45.82.10.89 001 x 128.90.144.145 001 x 190.106.89.125 001 x 198.144.189.66 001 x 45.101.164.4 001 x 37.194.18.110 001 x 79.116.44.124 001 x 91.240.98.44 001 x 91.232.92.2 001 x 192.142.226.144 001 x 217.138.195.130 001 x 91.222.61.49 001 x 103.42.196.183 001 x 46.118.48.226 001 x 37.235.204.149 001 x 27.67.0.142 001 x 45.5.5.67 001 x 212.0.67.2 001 x 111.119.178.131 001 x 5.143.19.100 001 x 174.134.184.142 001 x 92.100.8.210 001 x 94.230.131.151 001 x 91.160.27.152 001 x 185.28.105.12 001 x 185.192.70.172 001 x 54.218.62.192 001 x 178.155.5.206 001 x 31.40.156.111 001 x 31.135.246.6 001 x 178.125.232.63 001 x 79.197.9.24 001 x 78.107.0.0 001 x 94.230.114.184 001 x 77.220.51.167 001 x 81.28.244.205 001 x 192.241.206.159 001 x 210.89.58.64 001 x 157.37.173.160 001 x 178.34.158.23 001 x 179.60.149.177 001 x 94.190.20.185 001 x 93.67.125.246 001 x 5.12.228.192 001 x 92.242.70.28 001 x 95.53.223.162 001 x 197.210.54.144 001 x 45.139.105.173 001 x 159.255.30.158 001 x 78.180.3.175 001 x 109.252.144.13 001 x 91.108.42.152 001 x 42.114.202.190 001 x 77.245.216.171 001 x 46.119.73.45 001 x 161.142.12.121 001 x 78.109.69.158 001 x 95.69.136.27 001 x 46.56.247.224 001 x 188.143.217.17 001 x 156.196.235.254 001 x 116.74.138.120 001 x 83.234.120.152 001 x 95.213.216.67 001 x 49.36.91.88 001 x 91.202.128.12 001 x 91.221.66.52 001 x 46.219.204.68 001 x 176.122.127.241 001 x 125.166.8.19 001 x 42.117.78.198 001 x 195.2.70.41 001 x 207.148.78.225 001 x 195.2.74.123 001 x 5.136.88.215 001 x 78.81.45.167 001 x 176.213.4.37 001 x 95.190.107.131 001 x 176.112.71.222 001 x 169.150.196.137 001 x 84.74.224.118 001 x 103.172.188.38 001 x 78.48.71.58 001 x 46.35.230.196 001 x 49.37.202.165 001 x 188.243.182.179 001 x 92.255.175.164 001 x 77.16.222.234 001 x 188.134.93.240 001 x 51.142.107.186 001 x 37.151.99.133 001 x 132.154.48.56 001 x 2.134.230.59 001 x 94.69.98.158 001 x 217.15.62.55 001 x 91.77.163.208 001 x 39.104.144.45 001 x 80.89.72.60 001 x 212.248.110.50 001 x 178.124.210.118 001 x 45.56.98.122 001 x 149.210.207.248 001 x 142.117.74.121 001 x 103.141.93.242 001 x 180.251.206.6 001 x 5.130.28.82 001 x 95.105.125.66 001 x 46.252.112.27 001 x 188.47.123.1 001 x 49.37.152.107 001 x 192.241.205.175 001 x 37.131.201.58 001 x 109.252.53.61 001 x 85.174.205.41 001 x 194.48.218.75 001 x 37.65.40.112 001 x 95.27.41.154 001 x 92.62.56.205 001 x 134.209.156.154 001 x 84.42.72.176 001 x 109.201.34.40 001 x 41.80.112.145 001 x 213.230.116.219 001 x 178.89.116.163 001 x 80.80.194.192 001 x 20.124.121.83 001 x 44.237.54.158 001 x 52.10.182.99 001 x 84.227.180.234 001 x 37.212.88.86 001 x 193.179.2.251 001 x 20.115.67.173 001 x 193.160.204.142 001 x 93.81.104.155 001 x 88.151.187.220 001 x 185.34.68.131 001 x 82.57.53.216 001 x 128.69.130.230 001 x 89.179.43.14 001 x 5.18.236.185 001 x 193.32.202.50 001 x 37.99.113.246 001 x 89.175.20.36 001 x 121.79.135.146 001 x 38.25.16.46 001 x 82.158.21.12 001 x 202.61.247.187 001 x 93.177.75.210 001 x 88.152.10.57 001 x 109.230.136.58 001 x 213.59.158.236 001 x 37.212.33.36 001 x 168.232.160.204 001 x 100.37.96.226 001 x 175.101.105.145 001 x 194.35.47.224 001 x 95.90.210.39 001 x 202.61.237.179 001 x 37.113.29.103 001 x 94.198.132.209 001 x 176.226.154.172 001 x 79.132.69.32 001 x 85.95.188.125 001 x 98.54.228.34 001 x 217.150.73.139 001 x 5.62.59.87 001 x 105.112.161.157 001 x 200.163.20.186 001 x 185.153.47.57 001 x 41.13.15.52 001 x 87.225.112.68 001 x 122.168.68.111 001 x 178.214.249.49 001 x 103.251.51.138 001 x 20.25.29.186 001 x 195.211.31.137 001 x 1.53.159.189 001 x 46.0.80.147 001 x 178.151.42.114 001 x 185.151.107.68 001 x 109.254.254.22 001 x 91.105.139.251 001 x 119.160.96.77 001 x 182.253.155.19 001 x 77.79.159.2 001 x 20.113.146.239 001 x 188.163.82.20 001 x 80.13.79.94 001 x 45.159.74.140 001 x 87.244.12.73 001 x 95.87.80.143 001 x 62.33.72.230 001 x 46.165.61.226 001 x 212.124.0.60 001 x 46.166.81.3 001 x 191.254.154.21 001 x 41.43.146.171 001 x 123.21.151.98 001 x 113.162.201.224 001 x 178.207.199.115 001 x 178.237.221.32 001 x 185.13.112.74 001 x 115.74.35.54 001 x 85.26.165.34 001 x 79.165.248.70 001 x 42.115.249.183 001 x 46.34.194.126 001 x 196.112.152.159 001 x 35.171.16.68 001 x 95.182.105.121 001 x 82.140.81.118 001 x 5.8.228.64 001 x 49.205.101.13 001 x 95.189.75.166 001 x 95.32.86.96 001 x 124.122.193.190 001 x 178.33.153.157 001 x 91.132.22.46 001 x 77.34.179.237 001 x 195.128.153.135 001 x 62.122.202.191 001 x 206.84.139.242 001 x 185.177.191.211 001 x 125.161.204.147 001 x 188.162.86.109 001 x 80.241.33.114 001 x 98.243.219.195 001 x 162.0.155.8 001 x 84.18.121.200 001 x 93.76.45.50 001 x 79.178.128.194 001 x 85.140.5.151 001 x 68.168.223.244 001 x 96.246.237.58 001 x 92.39.214.93 001 x 185.244.92.234 001 x 197.47.117.250 001 x 68.58.202.68 001 x 37.45.150.239 001 x 46.0.174.242 001 x 147.235.199.167 001 x 197.38.158.191 001 x 37.45.206.61 001 x 90.135.255.8 001 x 103.69.244.176 001 x 37.28.161.250 001 x 192.162.209.146 001 x 84.42.72.113 001 x 178.172.188.57 001 x 78.185.228.205 001 x 93.185.192.85 001 x 188.120.39.54 001 x 176.37.16.35 001 x 41.43.54.191 001 x 195.3.134.195 001 x 194.180.48.125 001 x 38.41.85.74 001 x 169.224.80.250 001 x 37.1.138.78 001 x 198.199.101.87 001 x 93.84.180.213 001 x 78.106.92.176 001 x 94.199.197.57 001 x 176.40.125.50 001 x 185.67.177.180 001 x 5.142.138.155 001 x 89.23.148.238 001 x 176.196.130.175 001 x 188.244.13.233 001 x 46.72.65.230 001 x 182.64.14.247 001 x 185.14.151.193 001 x 189.193.81.232 001 x 37.142.94.223 001 x 88.243.219.62 001 x 213.59.151.215 001 x 102.217.7.14 001 x 176.210.20.113 001 x 194.44.134.16 001 x 83.252.79.204 001 x 178.141.240.143 001 x 45.88.188.179 001 x 176.190.22.195 001 x 95.139.149.215 001 x 2.54.179.16 001 x 5.76.23.167 001 x 217.107.124.32 001 x 102.89.42.33 001 x 188.243.182.197 001 x 109.254.149.211 001 x 46.138.163.193 001 x 136.169.35.242 001 x 188.18.144.252 001 x 81.5.87.119 001 x 102.89.34.79 001 x 186.208.154.129 001 x 138.199.21.232 001 x 45.4.41.219 001 x 102.89.33.170 001 x 46.138.141.167 001 x 5.25.136.146 001 x 110.74.219.54 001 x 134.17.161.118 001 x 188.187.173.193 001 x 5.139.132.233 001 x 5.77.192.233 001 x 170.239.218.141 001 x 158.58.132.250 001 x 77.247.88.197 001 x 185.147.212.82 001 x 31.221.155.9 001 x 78.163.116.149 001 x 178.84.108.55 001 x 188.162.13.63 001 x 102.89.32.22 001 x 213.110.102.132 001 x 95.66.242.242 001 x 185.201.112.79 001 x 185.41.120.62 001 x 46.119.51.180 001 x 102.32.34.224 001 x 79.134.138.128 001 x 185.56.194.137 001 x 78.190.175.103 001 x 95.31.104.110 001 x 113.211.210.187 001 x 181.234.37.101 001 x 94.25.238.226 001 x 93.171.7.142 001 x 178.91.24.210 001 x 85.221.152.106 001 x 82.208.86.120 001 x 143.159.221.3 001 x 104.28.252.248 001 x 217.17.126.129 001 x 213.208.188.250 001 x 79.233.163.45 001 x 37.113.93.227 001 x 62.210.122.222 001 x 87.117.59.51 002 x 176.36.34.38 002 x 154.181.0.3 002 x 31.28.244.81 002 x 138.197.2.29 002 x 159.223.171.235 002 x 45.249.85.36 002 x 91.237.203.138 002 x 176.101.1.198 002 x 46.138.17.37 002 x 31.40.58.153 002 x 27.34.68.196 002 x 42.115.139.227 002 x 35.90.195.149 002 x 46.138.15.183 002 x 46.188.7.132 002 x 45.32.166.21 002 x 46.149.92.17 002 x 37.147.100.155 002 x 20.78.37.177 002 x 8.219.48.99 002 x 91.40.55.7 002 x 91.241.211.218 002 x 181.60.112.5 002 x 116.105.172.5 002 x 64.135.18.130 002 x 125.163.15.122 002 x 157.230.8.58 002 x 87.244.21.189 002 x 37.21.240.2 002 x 46.1.228.37 002 x 178.49.60.123 002 x 198.98.52.220 002 x 92.244.110.6 002 x 87.249.25.22 002 x 5.161.57.7 002 x 109.252.228.2 002 x 188.163.45.88 002 x 45.159.17.164 002 x 178.201.180.152 002 x 5.44.174.52 002 x 188.16.4.224 002 x 185.213.80.109 002 x 185.13.112.22 002 x 102.89.34.168 002 x 49.36.67.92 002 x 109.238.80.59 002 x 143.198.88.90 002 x 185.169.233.135 002 x 40.77.190.63 002 x 91.132.107.230 002 x 171.251.237.52 002 x 182.185.116.152 002 x 91.215.199.42 002 x 213.59.142.13 002 x 202.14.120.240 002 x 27.74.160.128 002 x 40.77.190.201 002 x 91.245.253.134 002 x 40.77.189.47 002 x 40.77.190.228 002 x 167.114.113.245 003 x 147.78.47.249 003 x 156.213.118.222 003 x 110.136.217.207 003 x 94.16.106.91 003 x 102.68.77.69 003 x 94.130.119.188 003 x 103.152.102.116 004 x 18.117.140.106 004 x 62.0.130.229 004 x 77.160.193.45 004 x 223.233.72.54 004 x 185.163.109.66 004 x 167.86.98.233 005 x 152.89.196.211 005 x 207.46.13.237 005 x 164.92.133.183 005 x 207.148.8.93 005 x 89.237.195.16 005 x 116.62.12.30 006 x 5.126.173.128 006 x 183.136.225.32 006 x 67.207.82.158 007 x 59.58.20.98 007 x 144.91.114.80 007 x 194.163.136.210 007 x 207.180.206.180 007 x 173.249.20.2 008 x 194.163.136.212 008 x 51.15.16.160 008 x 161.97.135.219 008 x 173.82.254.45 009 x 173.212.224.141 012 x 128.14.225.196 012 x 159.224.242.253 016 x 161.97.135.221 025 x 192.162.245.112 096 x 198.98.52.12 098 x 46.101.252.228 182 x 192.3.111.157 417 x 173.230.152.150 INVALID (OR PROTECTED) URI LIST 001 x /sitemap.xml 001 x /ext-7.5.1/build/classic/theme-classic/resources/theme-classic-all.css 001 x /gponform/diag_form 001 x /cache/mapaddresses_exe/1vilu9kzup10b7c0699/favicon.ico 001 x /uni-1.90.0.1564/css/uni-ext.css 001 x /ext-7.5.1/build/packages/font-awesome/resources/font-awesome-all.css 001 x /uni-1.90.0.1564/css/uni-xtheme-common.css 001 x /ext-7.5.1/build/packages/font-awesome-4.7.0/resources/font-awesome-all.css 001 x /ext-7.5.1/build/packages/font-pictos/resources/font-pictos-all.css 001 x /new 001 x /main 001 x /backup 001 x /old 001 x /home 001 x /docker-compose.yml 001 x /.well-known/security.txt 001 x /a.txt 001 x /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh 001 x /autodiscover/autodiscover.json 001 x /portal/info.jsp 001 x http://www.ziroom.com/ 001 x http://ras.arbitr.ru/ 001 x /config/getuser 001 x restapi.amap.com:443 001 x http://www.gstatic.com/generate_204 001 x /console/ 001 x /_ignition/execute-solution 001 x /explore 001 x /ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.css 001 x /uni-1.90.0.1564/css/uni-xtheme-classic.css 001 x /uni-1.90.0.1564/css/uni-xtheme-colors.css 001 x http://uni.open2ch.net/test/newsplus/dat/1667272167.dat 001 x http://www.poi86.com/poi/amap/city/330200.html 001 x http://bj.58.com/ 001 x /actuator/gateway/routes 001 x http://aqicn.org/city/beijing/ 001 x /bk 001 x /api/consumer/user/common/applet/code 001 x http://azenv.net/page/1145245861365703 001 x /style.php 001 x /_ignition/health-check/ 001 x /actuator/health 001 x /wp-login.php 001 x /wp-includes/wlwmanifest.xml 001 x /wordpress 001 x /wp 001 x /bc 001 x /public/_ignition/health-check/ 002 x /ext-7.5.1/build/classic/theme-classic/theme-classic.js 002 x /ext-7.5.1/build/ext-all.js 002 x /uni-1.90.0.1564/jquery/autonumeric/autonumeric-1.9.35.js 002 x /uni-1.90.0.1564/ext-unigui-min.js 002 x /ext-7.5.1/build/classic/locale/locale-.js 002 x /bots/testnaifpaper 002 x /font-awesome/4.3.0/css/font-awesome.min.css 002 x /uni-1.90.0.1564/jquery/maskedinput/jquery.inputmask.min.js 002 x /owa/auth/logon.aspx 002 x /uni-1.90.0.1564/ext-unicommon-min.js 002 x http://godaddy.com/ 002 x http://vps291258.vps.ovh.ca/judge/judge.php 002 x http://www.bing.com/ 002 x /cache/mapaddresses_exe/lsltzyeksc10b7cd846/favicon.ico 002 x http://us.vansto.net/verify.txt 002 x /uni-1.90.0.1564/jquery/jquery-1.11.2.min.js 002 x /uni-1.90.0.1564/ext-sync-min.js 003 x /robots.txt 003 x /ab2g 003 x /favicon.ico 003 x /ab2h 003 x http://ipinfo.io/json 003 x http://images.google.com/ 004 x ftp.halifax.rwth-aachen.de:443 005 x /.env 005 x http://zhaopin.baidu.com/ 006 x http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css 007 x http://go.com/ 008 x http://httpheader.net/azenv.php 008 x http://ftp.stw-bonn.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.23media.com/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.de.leaseweb.net/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://debian.charite.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.dogado.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://ftp.uni-stuttgart.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://de.mirrors.clouvider.net/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 012 x http://work.a-poster.info:25000/ 048 x httpbin.org:443 051 x http://ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.css 054 x http://httpbin.org/ip 098 x http://116.202.171.57/judge/ 191 x http://azenv.net/ 211 x http://httpbin.org/ 212 x http://ip-api.com/json 616 x http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css ACCESS DENIED LIST 038 x PCPATHWITHHELD\proxy.php. 001 x PCPATHWITHHELD\mifs\.;\services\LogService. FILE NOT FOUND LIST 001 x http://116.202.171.57/judge/ 001 x PCPATHWITHHELD\sitemap.xml Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 12, 2022 Author Share Posted November 12, 2022 9 hours ago, andyhill said: I have modified my ServerModuleHTTPCommand Handler that rejects questionable website access, below is 24hrs of rejections on my trivial, non-advertised, non-promoted, non-indexed site which is only used by me. Check out 173.230.152.150 who incidentally uses multiple simultaneous attacks at the same time. Note the attackers are aware of some of UniGUI structures as well as trying direct access to the cache. I have put these results up here so that as developers we can get an understanding of what our sites are dealing with - imagine what a large well used, well indexed site has going on. ROUGE IP LIST (REJECTED) 001 x 72.137.69.120 001 x 45.181.121.221 001 x 125.27.181.6 001 x 195.140.224.193 001 x 35.162.172.231 001 x 157.48.255.76 001 x 87.255.198.221 001 x 14.201.36.74 001 x 73.61.71.207 001 x 201.106.38.200 001 x 123.27.65.204 001 x 178.234.204.37 001 x 45.159.17.224 001 x 211.245.204.49 001 x 37.20.150.72 001 x 118.71.165.176 001 x 20.168.11.78 001 x 41.73.210.250 001 x 58.186.71.36 001 x 13.68.200.73 001 x 41.232.199.114 001 x 37.192.194.51 001 x 173.16.23.144 001 x 58.187.171.228 001 x 223.230.83.38 001 x 77.50.175.223 001 x 37.19.205.193 001 x 192.241.205.39 001 x 197.221.255.189 001 x 49.207.207.5 001 x 212.188.66.46 001 x 109.226.221.253 001 x 194.55.186.126 001 x 89.218.91.51 001 x 95.82.98.209 001 x 125.164.4.107 001 x 185.57.31.124 001 x 107.189.164.86 001 x 178.66.184.80 001 x 46.164.149.22 001 x 118.200.32.215 001 x 197.211.221.254 001 x 5.165.176.190 001 x 89.146.178.84 001 x 78.138.131.88 001 x 185.220.100.243 001 x 5.172.5.7 001 x 103.155.131.101 001 x 106.215.64.102 001 x 157.48.147.101 001 x 82.200.190.166 001 x 83.136.236.126 001 x 37.113.240.185 001 x 89.237.196.131 001 x 219.155.141.46 001 x 110.137.73.119 001 x 103.18.184.2 001 x 65.25.87.242 001 x 202.172.28.198 001 x 5.218.50.147 001 x 93.88.142.146 001 x 46.242.14.78 001 x 8.29.105.46 001 x 109.195.150.228 001 x 91.205.208.89 001 x 157.48.185.25 001 x 80.242.99.226 001 x 193.49.213.61 001 x 5.8.212.212 001 x 180.246.82.223 001 x 193.200.21.236 001 x 193.193.252.8 001 x 37.201.199.229 001 x 195.62.71.141 001 x 37.23.49.42 001 x 213.230.127.93 001 x 90.188.242.225 001 x 103.169.187.43 001 x 5.130.136.148 001 x 78.196.234.230 001 x 103.97.204.14 001 x 103.176.25.15 001 x 125.167.56.69 001 x 41.38.243.240 001 x 149.57.16.134 001 x 194.156.136.129 001 x 34.118.30.82 001 x 191.101.41.77 001 x 193.47.61.60 001 x 207.81.33.54 001 x 94.225.227.181 001 x 45.232.201.16 001 x 46.236.167.59 001 x 46.147.54.52 001 x 200.116.212.218 001 x 202.173.124.27 001 x 38.242.231.133 001 x 109.207.199.62 001 x 46.98.165.112 001 x 208.64.158.255 001 x 207.2.121.168 001 x 87.225.26.242 001 x 77.233.21.142 001 x 198.52.170.136 001 x 45.229.209.139 001 x 41.249.5.185 001 x 213.59.151.20 001 x 37.215.22.69 001 x 195.191.32.47 001 x 195.191.146.63 001 x 78.31.102.214 001 x 188.166.87.233 001 x 37.228.242.38 001 x 151.249.175.80 001 x 176.232.62.251 001 x 109.237.2.66 001 x 105.71.19.80 001 x 176.198.114.150 001 x 93.182.35.242 001 x 49.36.144.60 001 x 94.54.1.170 001 x 176.212.108.128 001 x 95.54.81.140 001 x 37.139.53.9 001 x 171.246.207.110 001 x 92.37.220.102 001 x 178.79.93.4 001 x 40.77.188.198 001 x 40.77.188.237 001 x 40.77.189.181 001 x 92.142.126.156 001 x 40.77.190.155 001 x 188.113.129.41 001 x 156.198.60.182 001 x 88.241.51.193 001 x 5.138.66.89 001 x 164.138.91.188 001 x 149.34.244.182 001 x 180.243.9.177 001 x 37.19.218.140 001 x 46.119.23.160 001 x 46.211.88.194 001 x 176.98.224.183 001 x 160.177.77.72 001 x 95.27.199.64 001 x 49.206.130.120 001 x 46.39.56.227 001 x 37.144.59.18 001 x 190.2.139.221 001 x 94.63.170.102 001 x 185.32.135.218 001 x 46.138.129.77 001 x 40.77.188.144 001 x 40.77.188.219 001 x 40.77.189.185 001 x 40.77.190.140 001 x 40.77.189.86 001 x 171.225.184.208 001 x 78.106.215.156 001 x 40.77.167.105 001 x 201.141.19.2 001 x 5.59.14.40 001 x 149.34.244.181 001 x 103.21.185.72 001 x 60.249.25.135 001 x 91.235.178.56 001 x 37.112.56.150 001 x 51.132.184.248 001 x 45.89.253.192 001 x 77.37.146.175 001 x 94.25.172.114 001 x 83.135.185.251 001 x 81.30.211.85 001 x 193.107.74.230 001 x 176.146.197.22 001 x 91.201.177.16 001 x 87.214.155.147 001 x 83.220.178.1 001 x 178.54.63.27 001 x 195.206.34.141 001 x 212.232.51.140 001 x 46.98.138.165 001 x 194.44.50.219 001 x 212.66.43.211 001 x 77.66.178.43 001 x 197.211.61.52 001 x 180.26.49.18 001 x 109.169.212.185 001 x 37.113.156.22 001 x 95.58.11.214 001 x 46.173.82.165 001 x 45.86.202.152 001 x 83.169.216.127 001 x 37.73.64.183 001 x 5.181.211.223 001 x 188.163.80.68 001 x 176.41.144.163 001 x 176.109.14.231 001 x 95.87.72.142 001 x 77.51.203.147 001 x 95.110.71.188 001 x 188.163.83.88 001 x 160.154.226.86 001 x 91.201.117.194 001 x 198.199.95.173 001 x 41.34.247.169 001 x 104.28.243.149 001 x 103.55.33.181 001 x 102.129.82.60 001 x 197.32.227.42 001 x 34.211.56.246 001 x 156.209.49.194 001 x 197.253.109.68 001 x 85.174.91.210 001 x 94.29.20.239 001 x 117.248.109.118 001 x 147.30.124.140 001 x 217.113.127.33 001 x 5.164.242.119 001 x 93.178.123.226 001 x 185.193.198.191 001 x 85.250.228.9 001 x 102.190.209.147 001 x 59.153.240.255 001 x 51.91.11.172 001 x 156.216.232.26 001 x 89.179.45.44 001 x 80.254.127.154 001 x 118.70.125.210 001 x 49.36.19.165 001 x 174.31.47.201 001 x 90.89.6.66 001 x 115.72.76.180 001 x 94.233.250.232 001 x 195.2.73.88 001 x 217.71.237.153 001 x 195.2.78.111 001 x 87.76.241.215 001 x 193.0.204.200 001 x 92.124.205.186 001 x 188.187.156.1 001 x 85.76.78.83 001 x 178.133.145.78 001 x 186.156.224.159 001 x 80.192.145.147 001 x 2.135.14.199 001 x 114.122.133.170 001 x 5.18.151.65 001 x 109.237.98.226 001 x 45.82.10.89 001 x 128.90.144.145 001 x 190.106.89.125 001 x 198.144.189.66 001 x 45.101.164.4 001 x 37.194.18.110 001 x 79.116.44.124 001 x 91.240.98.44 001 x 91.232.92.2 001 x 192.142.226.144 001 x 217.138.195.130 001 x 91.222.61.49 001 x 103.42.196.183 001 x 46.118.48.226 001 x 37.235.204.149 001 x 27.67.0.142 001 x 45.5.5.67 001 x 212.0.67.2 001 x 111.119.178.131 001 x 5.143.19.100 001 x 174.134.184.142 001 x 92.100.8.210 001 x 94.230.131.151 001 x 91.160.27.152 001 x 185.28.105.12 001 x 185.192.70.172 001 x 54.218.62.192 001 x 178.155.5.206 001 x 31.40.156.111 001 x 31.135.246.6 001 x 178.125.232.63 001 x 79.197.9.24 001 x 78.107.0.0 001 x 94.230.114.184 001 x 77.220.51.167 001 x 81.28.244.205 001 x 192.241.206.159 001 x 210.89.58.64 001 x 157.37.173.160 001 x 178.34.158.23 001 x 179.60.149.177 001 x 94.190.20.185 001 x 93.67.125.246 001 x 5.12.228.192 001 x 92.242.70.28 001 x 95.53.223.162 001 x 197.210.54.144 001 x 45.139.105.173 001 x 159.255.30.158 001 x 78.180.3.175 001 x 109.252.144.13 001 x 91.108.42.152 001 x 42.114.202.190 001 x 77.245.216.171 001 x 46.119.73.45 001 x 161.142.12.121 001 x 78.109.69.158 001 x 95.69.136.27 001 x 46.56.247.224 001 x 188.143.217.17 001 x 156.196.235.254 001 x 116.74.138.120 001 x 83.234.120.152 001 x 95.213.216.67 001 x 49.36.91.88 001 x 91.202.128.12 001 x 91.221.66.52 001 x 46.219.204.68 001 x 176.122.127.241 001 x 125.166.8.19 001 x 42.117.78.198 001 x 195.2.70.41 001 x 207.148.78.225 001 x 195.2.74.123 001 x 5.136.88.215 001 x 78.81.45.167 001 x 176.213.4.37 001 x 95.190.107.131 001 x 176.112.71.222 001 x 169.150.196.137 001 x 84.74.224.118 001 x 103.172.188.38 001 x 78.48.71.58 001 x 46.35.230.196 001 x 49.37.202.165 001 x 188.243.182.179 001 x 92.255.175.164 001 x 77.16.222.234 001 x 188.134.93.240 001 x 51.142.107.186 001 x 37.151.99.133 001 x 132.154.48.56 001 x 2.134.230.59 001 x 94.69.98.158 001 x 217.15.62.55 001 x 91.77.163.208 001 x 39.104.144.45 001 x 80.89.72.60 001 x 212.248.110.50 001 x 178.124.210.118 001 x 45.56.98.122 001 x 149.210.207.248 001 x 142.117.74.121 001 x 103.141.93.242 001 x 180.251.206.6 001 x 5.130.28.82 001 x 95.105.125.66 001 x 46.252.112.27 001 x 188.47.123.1 001 x 49.37.152.107 001 x 192.241.205.175 001 x 37.131.201.58 001 x 109.252.53.61 001 x 85.174.205.41 001 x 194.48.218.75 001 x 37.65.40.112 001 x 95.27.41.154 001 x 92.62.56.205 001 x 134.209.156.154 001 x 84.42.72.176 001 x 109.201.34.40 001 x 41.80.112.145 001 x 213.230.116.219 001 x 178.89.116.163 001 x 80.80.194.192 001 x 20.124.121.83 001 x 44.237.54.158 001 x 52.10.182.99 001 x 84.227.180.234 001 x 37.212.88.86 001 x 193.179.2.251 001 x 20.115.67.173 001 x 193.160.204.142 001 x 93.81.104.155 001 x 88.151.187.220 001 x 185.34.68.131 001 x 82.57.53.216 001 x 128.69.130.230 001 x 89.179.43.14 001 x 5.18.236.185 001 x 193.32.202.50 001 x 37.99.113.246 001 x 89.175.20.36 001 x 121.79.135.146 001 x 38.25.16.46 001 x 82.158.21.12 001 x 202.61.247.187 001 x 93.177.75.210 001 x 88.152.10.57 001 x 109.230.136.58 001 x 213.59.158.236 001 x 37.212.33.36 001 x 168.232.160.204 001 x 100.37.96.226 001 x 175.101.105.145 001 x 194.35.47.224 001 x 95.90.210.39 001 x 202.61.237.179 001 x 37.113.29.103 001 x 94.198.132.209 001 x 176.226.154.172 001 x 79.132.69.32 001 x 85.95.188.125 001 x 98.54.228.34 001 x 217.150.73.139 001 x 5.62.59.87 001 x 105.112.161.157 001 x 200.163.20.186 001 x 185.153.47.57 001 x 41.13.15.52 001 x 87.225.112.68 001 x 122.168.68.111 001 x 178.214.249.49 001 x 103.251.51.138 001 x 20.25.29.186 001 x 195.211.31.137 001 x 1.53.159.189 001 x 46.0.80.147 001 x 178.151.42.114 001 x 185.151.107.68 001 x 109.254.254.22 001 x 91.105.139.251 001 x 119.160.96.77 001 x 182.253.155.19 001 x 77.79.159.2 001 x 20.113.146.239 001 x 188.163.82.20 001 x 80.13.79.94 001 x 45.159.74.140 001 x 87.244.12.73 001 x 95.87.80.143 001 x 62.33.72.230 001 x 46.165.61.226 001 x 212.124.0.60 001 x 46.166.81.3 001 x 191.254.154.21 001 x 41.43.146.171 001 x 123.21.151.98 001 x 113.162.201.224 001 x 178.207.199.115 001 x 178.237.221.32 001 x 185.13.112.74 001 x 115.74.35.54 001 x 85.26.165.34 001 x 79.165.248.70 001 x 42.115.249.183 001 x 46.34.194.126 001 x 196.112.152.159 001 x 35.171.16.68 001 x 95.182.105.121 001 x 82.140.81.118 001 x 5.8.228.64 001 x 49.205.101.13 001 x 95.189.75.166 001 x 95.32.86.96 001 x 124.122.193.190 001 x 178.33.153.157 001 x 91.132.22.46 001 x 77.34.179.237 001 x 195.128.153.135 001 x 62.122.202.191 001 x 206.84.139.242 001 x 185.177.191.211 001 x 125.161.204.147 001 x 188.162.86.109 001 x 80.241.33.114 001 x 98.243.219.195 001 x 162.0.155.8 001 x 84.18.121.200 001 x 93.76.45.50 001 x 79.178.128.194 001 x 85.140.5.151 001 x 68.168.223.244 001 x 96.246.237.58 001 x 92.39.214.93 001 x 185.244.92.234 001 x 197.47.117.250 001 x 68.58.202.68 001 x 37.45.150.239 001 x 46.0.174.242 001 x 147.235.199.167 001 x 197.38.158.191 001 x 37.45.206.61 001 x 90.135.255.8 001 x 103.69.244.176 001 x 37.28.161.250 001 x 192.162.209.146 001 x 84.42.72.113 001 x 178.172.188.57 001 x 78.185.228.205 001 x 93.185.192.85 001 x 188.120.39.54 001 x 176.37.16.35 001 x 41.43.54.191 001 x 195.3.134.195 001 x 194.180.48.125 001 x 38.41.85.74 001 x 169.224.80.250 001 x 37.1.138.78 001 x 198.199.101.87 001 x 93.84.180.213 001 x 78.106.92.176 001 x 94.199.197.57 001 x 176.40.125.50 001 x 185.67.177.180 001 x 5.142.138.155 001 x 89.23.148.238 001 x 176.196.130.175 001 x 188.244.13.233 001 x 46.72.65.230 001 x 182.64.14.247 001 x 185.14.151.193 001 x 189.193.81.232 001 x 37.142.94.223 001 x 88.243.219.62 001 x 213.59.151.215 001 x 102.217.7.14 001 x 176.210.20.113 001 x 194.44.134.16 001 x 83.252.79.204 001 x 178.141.240.143 001 x 45.88.188.179 001 x 176.190.22.195 001 x 95.139.149.215 001 x 2.54.179.16 001 x 5.76.23.167 001 x 217.107.124.32 001 x 102.89.42.33 001 x 188.243.182.197 001 x 109.254.149.211 001 x 46.138.163.193 001 x 136.169.35.242 001 x 188.18.144.252 001 x 81.5.87.119 001 x 102.89.34.79 001 x 186.208.154.129 001 x 138.199.21.232 001 x 45.4.41.219 001 x 102.89.33.170 001 x 46.138.141.167 001 x 5.25.136.146 001 x 110.74.219.54 001 x 134.17.161.118 001 x 188.187.173.193 001 x 5.139.132.233 001 x 5.77.192.233 001 x 170.239.218.141 001 x 158.58.132.250 001 x 77.247.88.197 001 x 185.147.212.82 001 x 31.221.155.9 001 x 78.163.116.149 001 x 178.84.108.55 001 x 188.162.13.63 001 x 102.89.32.22 001 x 213.110.102.132 001 x 95.66.242.242 001 x 185.201.112.79 001 x 185.41.120.62 001 x 46.119.51.180 001 x 102.32.34.224 001 x 79.134.138.128 001 x 185.56.194.137 001 x 78.190.175.103 001 x 95.31.104.110 001 x 113.211.210.187 001 x 181.234.37.101 001 x 94.25.238.226 001 x 93.171.7.142 001 x 178.91.24.210 001 x 85.221.152.106 001 x 82.208.86.120 001 x 143.159.221.3 001 x 104.28.252.248 001 x 217.17.126.129 001 x 213.208.188.250 001 x 79.233.163.45 001 x 37.113.93.227 001 x 62.210.122.222 001 x 87.117.59.51 002 x 176.36.34.38 002 x 154.181.0.3 002 x 31.28.244.81 002 x 138.197.2.29 002 x 159.223.171.235 002 x 45.249.85.36 002 x 91.237.203.138 002 x 176.101.1.198 002 x 46.138.17.37 002 x 31.40.58.153 002 x 27.34.68.196 002 x 42.115.139.227 002 x 35.90.195.149 002 x 46.138.15.183 002 x 46.188.7.132 002 x 45.32.166.21 002 x 46.149.92.17 002 x 37.147.100.155 002 x 20.78.37.177 002 x 8.219.48.99 002 x 91.40.55.7 002 x 91.241.211.218 002 x 181.60.112.5 002 x 116.105.172.5 002 x 64.135.18.130 002 x 125.163.15.122 002 x 157.230.8.58 002 x 87.244.21.189 002 x 37.21.240.2 002 x 46.1.228.37 002 x 178.49.60.123 002 x 198.98.52.220 002 x 92.244.110.6 002 x 87.249.25.22 002 x 5.161.57.7 002 x 109.252.228.2 002 x 188.163.45.88 002 x 45.159.17.164 002 x 178.201.180.152 002 x 5.44.174.52 002 x 188.16.4.224 002 x 185.213.80.109 002 x 185.13.112.22 002 x 102.89.34.168 002 x 49.36.67.92 002 x 109.238.80.59 002 x 143.198.88.90 002 x 185.169.233.135 002 x 40.77.190.63 002 x 91.132.107.230 002 x 171.251.237.52 002 x 182.185.116.152 002 x 91.215.199.42 002 x 213.59.142.13 002 x 202.14.120.240 002 x 27.74.160.128 002 x 40.77.190.201 002 x 91.245.253.134 002 x 40.77.189.47 002 x 40.77.190.228 002 x 167.114.113.245 003 x 147.78.47.249 003 x 156.213.118.222 003 x 110.136.217.207 003 x 94.16.106.91 003 x 102.68.77.69 003 x 94.130.119.188 003 x 103.152.102.116 004 x 18.117.140.106 004 x 62.0.130.229 004 x 77.160.193.45 004 x 223.233.72.54 004 x 185.163.109.66 004 x 167.86.98.233 005 x 152.89.196.211 005 x 207.46.13.237 005 x 164.92.133.183 005 x 207.148.8.93 005 x 89.237.195.16 005 x 116.62.12.30 006 x 5.126.173.128 006 x 183.136.225.32 006 x 67.207.82.158 007 x 59.58.20.98 007 x 144.91.114.80 007 x 194.163.136.210 007 x 207.180.206.180 007 x 173.249.20.2 008 x 194.163.136.212 008 x 51.15.16.160 008 x 161.97.135.219 008 x 173.82.254.45 009 x 173.212.224.141 012 x 128.14.225.196 012 x 159.224.242.253 016 x 161.97.135.221 025 x 192.162.245.112 096 x 198.98.52.12 098 x 46.101.252.228 182 x 192.3.111.157 417 x 173.230.152.150 INVALID (OR PROTECTED) URI LIST 001 x /sitemap.xml 001 x /ext-7.5.1/build/classic/theme-classic/resources/theme-classic-all.css 001 x /gponform/diag_form 001 x /cache/mapaddresses_exe/1vilu9kzup10b7c0699/favicon.ico 001 x /uni-1.90.0.1564/css/uni-ext.css 001 x /ext-7.5.1/build/packages/font-awesome/resources/font-awesome-all.css 001 x /uni-1.90.0.1564/css/uni-xtheme-common.css 001 x /ext-7.5.1/build/packages/font-awesome-4.7.0/resources/font-awesome-all.css 001 x /ext-7.5.1/build/packages/font-pictos/resources/font-pictos-all.css 001 x /new 001 x /main 001 x /backup 001 x /old 001 x /home 001 x /docker-compose.yml 001 x /.well-known/security.txt 001 x /a.txt 001 x /cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh 001 x /autodiscover/autodiscover.json 001 x /portal/info.jsp 001 x http://www.ziroom.com/ 001 x http://ras.arbitr.ru/ 001 x /config/getuser 001 x restapi.amap.com:443 001 x http://www.gstatic.com/generate_204 001 x /console/ 001 x /_ignition/execute-solution 001 x /explore 001 x /ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.css 001 x /uni-1.90.0.1564/css/uni-xtheme-classic.css 001 x /uni-1.90.0.1564/css/uni-xtheme-colors.css 001 x http://uni.open2ch.net/test/newsplus/dat/1667272167.dat 001 x http://www.poi86.com/poi/amap/city/330200.html 001 x http://bj.58.com/ 001 x /actuator/gateway/routes 001 x http://aqicn.org/city/beijing/ 001 x /bk 001 x /api/consumer/user/common/applet/code 001 x http://azenv.net/page/1145245861365703 001 x /style.php 001 x /_ignition/health-check/ 001 x /actuator/health 001 x /wp-login.php 001 x /wp-includes/wlwmanifest.xml 001 x /wordpress 001 x /wp 001 x /bc 001 x /public/_ignition/health-check/ 002 x /ext-7.5.1/build/classic/theme-classic/theme-classic.js 002 x /ext-7.5.1/build/ext-all.js 002 x /uni-1.90.0.1564/jquery/autonumeric/autonumeric-1.9.35.js 002 x /uni-1.90.0.1564/ext-unigui-min.js 002 x /ext-7.5.1/build/classic/locale/locale-.js 002 x /bots/testnaifpaper 002 x /font-awesome/4.3.0/css/font-awesome.min.css 002 x /uni-1.90.0.1564/jquery/maskedinput/jquery.inputmask.min.js 002 x /owa/auth/logon.aspx 002 x /uni-1.90.0.1564/ext-unicommon-min.js 002 x http://godaddy.com/ 002 x http://vps291258.vps.ovh.ca/judge/judge.php 002 x http://www.bing.com/ 002 x /cache/mapaddresses_exe/lsltzyeksc10b7cd846/favicon.ico 002 x http://us.vansto.net/verify.txt 002 x /uni-1.90.0.1564/jquery/jquery-1.11.2.min.js 002 x /uni-1.90.0.1564/ext-sync-min.js 003 x /robots.txt 003 x /ab2g 003 x /favicon.ico 003 x /ab2h 003 x http://ipinfo.io/json 003 x http://images.google.com/ 004 x ftp.halifax.rwth-aachen.de:443 005 x /.env 005 x http://zhaopin.baidu.com/ 006 x http://yastatic.net/bootstrap/3.3.6/css/bootstrap.min.css 007 x http://go.com/ 008 x http://httpheader.net/azenv.php 008 x http://ftp.stw-bonn.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.23media.com/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.de.leaseweb.net/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://debian.charite.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://mirror.dogado.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://ftp.uni-stuttgart.de/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 008 x http://de.mirrors.clouvider.net/ubuntu/pool/main/liby/libyaml-syck-perl/libyaml-syck-perl_1.27.orig.tar.gz 012 x http://work.a-poster.info:25000/ 048 x httpbin.org:443 051 x http://ajax.googleapis.com/ajax/libs/jquerymobile/1.4.5/jquery.mobile.min.css 054 x http://httpbin.org/ip 098 x http://116.202.171.57/judge/ 191 x http://azenv.net/ 211 x http://httpbin.org/ 212 x http://ip-api.com/json 616 x http://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/css/font-awesome.min.css ACCESS DENIED LIST 038 x PCPATHWITHHELD\proxy.php. 001 x PCPATHWITHHELD\mifs\.;\services\LogService. FILE NOT FOUND LIST 001 x http://116.202.171.57/judge/ 001 x PCPATHWITHHELD\sitemap.xml Hello, can you tell which IP address, exactly which one resource attack? And I have a web scanner in my list every day that checks some resources and sometimes I block access attempts from different countries. This scanner uses a different IP every day to check my server In the file I have shared information about several such attempts: BlockedData.txt Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 12, 2022 Author Share Posted November 12, 2022 IP Lookup of 173-230-152-150 ISP: Linode LLC Services: Datacenter Assignment: Likely Static IP Country: United States State/Region: California City: Fremont How do you block this IP, I take the IP on the first try and add it to the BlockedIPLIst, and then I don't get any more information in the log for this IP. Quote Link to comment Share on other sites More sharing options...
andyhill Posted November 12, 2022 Share Posted November 12, 2022 Yes, I know it is Linode on a Class "A" network, the point is why are they constantly probing my site ? Although I do block their IP access I still log what it was they were trying to do before blocking as a way of learning what they were up to, they usually hit my site with multiple sessions (on different IP's) all at once. IP: 173.230.152.150, URI: http://ip-api.com/json GeoLocation Services IP: 173.230.152.150, URI: http://httpbin.org/ Request & Response Service // "A" 1.0.0.0 .. 127.255.255.255 // "B" 128.0.0.0 .. 191.255.255.255 // "C" 192.0.0.0 .. 223.255.255.255 // 224.0.0.0 .. 239.255.255.255 Multicast // 240.0.0.0 .. 255.255.255.255 Broadcast The default subnet mask for Class A IP address is 255.0.0.0 which implies that Class A addressing can have 126 networks (27-2) and 16777214 hosts (224-2). Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 12, 2022 Author Share Posted November 12, 2022 1 hour ago, andyhill said: Yes, I know it is Linode on a Class "A" network, the point is why are they constantly probing my site ? Although I do block their IP access I still log what it was they were trying to do before blocking as a way of learning what they were up to, they usually hit my site with multiple sessions (on different IP's) all at once. IP: 173.230.152.150, URI: http://ip-api.com/json GeoLocation Services IP: 173.230.152.150, URI: http://httpbin.org/ Request & Response Service // "A" 1.0.0.0 .. 127.255.255.255 // "B" 128.0.0.0 .. 191.255.255.255 // "C" 192.0.0.0 .. 223.255.255.255 // 224.0.0.0 .. 239.255.255.255 Multicast // 240.0.0.0 .. 255.255.255.255 Broadcast The default subnet mask for Class A IP address is 255.0.0.0 which implies that Class A addressing can have 126 networks (27-2) and 16777214 hosts (224-2). thanks, I asked for this information to check how my server is doing for me. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted December 27, 2022 Author Share Posted December 27, 2022 Hello all. Happy holidays. I found a way to obfuscate js code: If some one want to try and share result or some problems. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 7, 2023 Author Share Posted January 7, 2023 Hello everyone. I am adding this topic to expand security knowledge, how to make unigui Session Cookie secure : Open UniGUIApplication.pas and change Line 1946 to if (not FServerMonitor) and (TUGS(FUniServerInstance).ServerLimits.SessionRestrict in [srOnePerPC]) then begin FUniGUIApplication.Cookies.SetCookie(UniSessionIDCookie, //ACookieName SessionID, //AValue 0, //AExpires SSL, //ASecure True //AHTTPOnly ); end; And topics add some penetration test results ! 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted January 8, 2023 Author Share Posted January 8, 2023 Hello, I have to extend knowledge to "How to disable low version TLS?" or "Support TLS 1_3" Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 4, 2023 Author Share Posted March 4, 2023 Hello, if someone can help I add this topics here. How to check the header to see the real file type with javascript before upload file: Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 4, 2023 Author Share Posted March 4, 2023 I found solution on Server Side: procedure UniFileUpload1Completed(Sender: TObject; AStream: TFileStream); var DestName : string; DestFolder : string; dataDyn : array [0..10] of byte; sFileExt, sByte : String; //convert Byte To String function bintoAscii(const bin: array of byte): AnsiString; var i: integer; begin SetLength(Result, Length(bin)); for i := 0 to Length(bin)-1 do Result[1+i] := AnsiChar(bin[i]); end; begin DestFolder := UniServerModule.StartPath + 'UploadFolder\'; DestName := DestFolder + ExtractFileName(UniFileUpload1.FileName); AStream.Position := 0; AStream.Read (dataDyn,SizeOf (dataDyn)); //convert readed Bytes to String sByte := bintoAscii (dataDyn); If POS (#$3C#$3F#$78#$6D#$6C#$20,sByte) > 0 then begin //3C 3F 78 6D 6C 20 sFileExt := '.xml'; end; If POS (#$25#$50#$44#$46#$2D,sByte) > 0 then begin //25 50 44 46 2D sFileExt := '.pdf'; end; If POS (#$89#$50#$4E#$47#$0D#$0A#$1A#$0A,sByte) > 0 then begin //89 50 4E 47 0D 0A 1A 0A IsImage := True; sFileExt := '.png'; end; If POS (#$42#$4D,sByte) > 0 then begin //42 4D IsImage := True; sFileExt := '.bmp'; end; If POS (#$FF#$D8#$FF#$E0,sByte) > 0 then begin //FF D8 FF E0 IsImage := True; sFileExt := '.jpg'; end; If (POS (#$FF#$D8#$FF#$E0#$00#$10#$4A#$46#$49#$46#$00#$01,sByte) > 0) OR (POS (#$FF#$D8#$FF#$EE,sByte) > 0) OR (POS (#$FF#$D8#$FF#$E1 + '????' + #$45#$78#$69#$66#$00#$00,sByte) > 0) OR (POS (#$FF#$D8#$FF#$E0,sByte) > 0) then begin // IsImage := True; sFileExt := '.jpeg'; end; If (POS (#$66#$74#$79#$70#$69#$73#$6F#$6D,sByte) > 0) then begin //66 74 79 70 69 73 6F 6D sFileExt := '.mp4'; end; //check if Declared Extention is Real Extention if (ExtractFileExt(UniFileUpload1.FileName) <> sFileExt) then begin ShowMessage ('For FILE: ' + UniFileUpload1.FileName + '</br>' + ', real File Type is ' + ANSIUPPErCase (sFileExt) + '</br>' + 'UPLOAD is NOT possible.' ); AStream.Position := 0; //AStream.Size := 0; AStream := nil; end //If OK, then UpLoad else begin DestFolder:=UniServerModule.StartPath+'UploadFolder\'; DestName:=DestFolder+ExtractFileName(UniFileUpload1.FileName); UniLabel4.Caption:='File Name: '+UniFileUpload1.FileName; CopyFile(PChar(AStream.FileName), PChar(DestName), False); ShowMessage('File: '+ UniFileUpload1.FileName+' Uploaded to folder: '+DestFolder); end; FileUpload_CheckFileExt.zip Quote Link to comment Share on other sites More sharing options...
irigsoft Posted March 9, 2023 Author Share Posted March 9, 2023 Hello, information for Using TLS 1.3 in Hyper server I will add it here too. You can add additional properties to above setup. You can other properties which are valid for TUniSSL & TIdSSLOptions objects. You can simply copy from a DFM file of a ServerModule and paste into hyper.ssl.cfg file. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted May 10, 2023 Author Share Posted May 10, 2023 Hello, Here I am going to share some useful links with: 1. how to hide url parameters: UniSession.AddJS( 'var f=document.createElement(''form''); '+ ' f.style.display=''none''; '+ ' f.action='''+sURL+'''; '+ ' f.method=''post''; ' ' f.innerHTML=''<input type="hidden" name="PARAMETER_NAME" value="PARAMETER_VALUE"/>''; '+ ' document.body.appendChild(f); '+ ' f.submit(); ' ); 2. How to use "Content Type:='application/octet-stream' " when work with files without knowing file extension //uses list SysUtils, uIdCustomHTTPServer, uIdGlobal procedure TUniServerModule.UniGUIServerModuleHTTPCommand( ARequestInfo: TIdHTTPRequestInfo; AResponseInfo: TIdHTTPResponseInfo; var Handled: Boolean); begin if (ARequestInfo.Document <> '') and (SysUtils.FileExists(ExtractFilePath(ParamStr(0)) + ARequestInfo.Document)) then begin AResponseInfo.ContentType:='application/octet-stream'; AResponseInfo.ContentStream := TIdReadFileExclusiveStream.Create(ExtractFilePath(ParamStr(0)) + ARequestInfo.Document); Handled := True end; end; 1 Quote Link to comment Share on other sites More sharing options...
irigsoft Posted May 18, 2023 Author Share Posted May 18, 2023 Hi, I'm adding this thread because it reports a security issue, if anyone can help: Quote Link to comment Share on other sites More sharing options...
chefdackel Posted June 2, 2023 Share Posted June 2, 2023 Thank you all contributors for very helpful and detailed information how to deal with security and UniGui. You may also look at a ready-to-use and not very pricy solution for basic protection: https://tsplus.me/tsplus-advanced-security/ I installed it in version "Essentials Edition" on two windows VPS (which are not dedicated for UniGui applications at the moment) and every day hundreds of hacking attempts are stopped. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 29, 2023 Author Share Posted November 29, 2023 Hi, I am trying to extend my protection against XSS attacks and I am trying to add a Java Encoder, if anyone can help please advise. Quote Link to comment Share on other sites More sharing options...
irigsoft Posted November 29, 2023 Author Share Posted November 29, 2023 If some one can help, how to know (and add in Blocking list) remoteIP by flood detection from unigui ? Quote Link to comment Share on other sites More sharing options...
Thiago Moraes Posted November 29, 2023 Share Posted November 29, 2023 For DDoS, check out guides on setting up firewalls or using services like Cloudflare. SQL injection and HTML injection have plenty of tutorials with examples to help you grasp the concepts and prevention methods. And for JavaScript injection, look into securing your web apps against cross-site scripting (XSS). When it comes to discussions and forums, there are some great online communities like Stack Overflow or Reddit's r/netsec. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.