It may sound a little weird. I am validating one of my possible research ideas where I want to see if I can intentionally and effectively make websites such as Google and AWS to block my IP. By "block", I mean it won’t let me directly access the service, but not necessarily blacklist my IP. For example, the website will ask me to solve a ReCaptcha before I can access its service, instead of telling me service is unavailable.
I know if I send a large number of requests in a short time (i.e., using DoS) it is very likely that I can make it work, but I wonder if there is any other "efficient" way to make it happen. From what I have found here: https://support.google.com/websearch/thread/2596872?hl=en, it mentioned Google may block the following:
- Sending searches from a robot, computer program, automated service, or search scraper
- Using software that sends searches to Google to see how a website or webpage ranks on Google
- Using an app, program or script to perform a large number of searches in a short time
Is it possible that I mimic such a request and cause myself to be blocked in just one or a few requests?
We have a web app hosted in AWS. I want users to only reach specifics URIs not but not the home page of the app. For instance, if the app is reachable at https://mypublicapp.com, I only want the users to access https://mypublicapp.com/submit/d131dd02c5e6eec4/. The "d131dd02c5e6eec4" example hash value is different for different resources. When I take a look at how the app works using the DEV tools of the browser, the "Requested URL" is https://mypublicapp.com/submit**?key=**d131dd02c5e6eec4/ so the hash is sent as a query string in the headers under the value "key". At this point I could simply use the AWS waf to inspect the request header and reject everything that has no key as a query string. But the problem is that the web app, which I do not have control over, also does a request to the "/", so If I restrict the home page, I also restrict the access to the submit resource mentioned above. Any ideas on how to do the home block without blocking the resource?
Ichabod the Inscrutable has an imp familiar and is exploring a dungeon. He comes across a series of trapped rooms that have Antimagic Fields in them, and he wants to send his familiar to explore them.The Antimagic Fields completely fill each room, but do not extend beyond their walls.
Ichabod is currently standing outside of the first room.
Would an Antimagic Field block telepathic communication with a familiar?
I have recently started using Cloudflare’s firewall in front of a web application. This app has a limited user base of selected applicants and they must log in to view anything. There is no public registration form and nothing within the portal can be accessed without an account.
Since moving the DNS to Cloudflare I can see we are receiving numerous daily HEAD requests to paths that are only accessible within the portal.
These requests come from one of two groups of IP addresses from the United States (we are not a US-based company; our own hosting is based in AWS Ireland region and we’re pretty sure at least 99% of our users have never been US-based):
Java User Agents
- User agent is
Java/1.8.0_171 or some other minor update version.
- The ASN is listed as Digital Ocean.
- The IP addresses all seem to have had similar behaviour reported previously, almost all against WordPress sites. Note that we’re not using WordPress here.
Empty User Agent
- No user agent string.
- The ASN is listed as Amazon Web Services.
- The IP addresses have very little reported activity and do not seem at all connected to the Java requests.
- The resources being requested are dynamic URLs containing what are essentially order numbers. We generate new orders every day, and they are visible to everyone using the portal.
- I was unable to find any of the URLs indexed by Google. They don’t seem to be publicly available anywhere. There is only one publicly accessible page of the site, which is indexed.
- We have potentially identified one user who seems to have viewed all the pages that are showing up in the firewall logs (we know this because he shows up in our custom analytics for the web app itself). We have a working relationship with our users and we’re almost certain he’s not based in the US.
I am aware that a HEAD request in itself is nothing malicious and that browsers sometimes make HEAD requests. Does the Java user agent, or lack of a user agent in some cases, make this activity suspicious? I already block empty user agents and Java user agents through the firewall, although I think Cloudflare by default blocks Java as part of its browser integrity checks.
Is there any reason why these might be legitimate requests that I shouldn’t block? The fact it’s a HEAD request from a Java user agent suggests no, right?
One idea we had is that one of the users is sharing links to these internal URLs via some outside channel, to outsource work or something. Is it possible some kind of scraper or something has picked up these links and is spamming them now? As I say, I was unable to find them publicly indexed.
Is it possible the user we think is connected has some sort of malware on their machine which is picking up their browser activity and then making those requests?
Could the user have some sort of software that is completely innocent which would make Java based HEAD requests like this, based on their web browsing activity?
Any advice as to how I should continue this investigation? Or other thoughts about what these requests are?
I’ve researched this and found the following on StackExchange and ServerFault, but they’re very old.
Is it a bad idea for a firewall to block ICMP?
Security risk of PING?
So, as of now (mid-2020) is there any valid security reason to block outbound ping on one’s server.
I have a plugin installed that adds additional custom block types that can be used in the Gutenberg editor (the plugin is called Block Lab). Now I want to remove that plugin. For that, I have to remove all the used instances of those blocks. Is there a way to find all the occurrences of a used block type?
We have a web server behind an AWS Load Balancer. We’d like to block any host from accessing our web server if they are connecting from a Consumer VPN style network. We’ll also be doing some geo-location blocking too which we can do with AWS WAF.
For blocking Consumer VPN networks, does anyone know the easiest/fastest way to obtain a listing of CIDR blocks registered to Consumer VPN companies? I have a list of IPs that I can do a WHOIS on and find the registered block, but that wouldn’t give me all of the networks out there. I’d have to do quite a bit of WHOIS searching and guessing to build it manually. If there’s a resource out there that could help me with this endeavor that’d be great.
I want to do something really basic but I need to be sure that the process is safe :
Alice and Bob have to agree on a secret 6 digits PIN. They each have a pre-shared aes symetric key k and a AES-128 block cipher. The PIN will then be used only once secretly.
I want to take care of Man-in-the-Middle.
- Alice creates à 128 bits random number :
- She encrypts
Arand with basic ECB(
Arand, k) and gets
- Again, She encrypts
Acipher, k), as a MAC, and gets
- Alice sends to Bob
Bob does the same and sends
Bcipher|Bmac to Alice
The two of them verify the Mac by encrypting
[A|B]cipher and comparing it to
If the mac is ok, they uncipher
[A|B]cipher and get the
[A|B]rand of the other.
They compute the 6 digits PIN by taking 3 digits in Arand and 3 in Brand.
Is it safe to use ECB mode in this particular case ? Is it safe to use the same key for encryption and for the mac in this case ? Is there a much easier solution to only agree on 6 digits ?
my answer is : as we use fixed size one-bloc long messages, it’s ok am i right ?
I know we should’nt imagine ourself our own algorithms but this one seems really trivial.
Thanks ! Louis
Suppose me and my friend are on same wifi network. Now I want to block a website say Instagram.com for him. How shall I do that through MITM attack? (Say the wifi is just a mobile hotspot and not a wifi router, so do not suggest any router configuration)
I am using Woocommerce Booking plugin and I would like to display the number of blocks a user is about to book.
- Create bookable product with 30 minute blocks, min:1, max;4
- User selects start:9:00, end:10:30
- Front end displays calculated price and “3 Blocks”
Is this possible? and how would I go about doing this? Is there a hook or is it a template change?