.htaccess — Trailing slash and characters after file extension

I’ve got some weird usability warnings popping up in my search console for pages which don’t actually exist on my site. It looks like someone is creating 100’s of malformed links to my pages.

Here’s the problem.

Say I have https://example.com/pagename.html

Someone is creating hundreds of links with random text after the filetype like this: https://example.com/pagename.html/randomtext

Strangely, with that malformed URL, part of the page renders, but renders with broken styling for some reason. (Triggering search console warnings for every one of those "pages"). I’m not really sure how or why these broken URLs are rendering at all. My understanding is that this should return a 404 error. But it doesn’t.

So…

I’m trying to solve the problem with .htaccess like this:

RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.+)/$   /$  1 [L,R=301] 

That sort of works. It removes the trailing slash from https://example.com/pagename.html/ but it doesn’t fix https://example.com/pagename.html/randomchars

How do I get it to ignore all characters following the file type? (except standard GET strings starting with a ?)

Thanks in advance.

What is the application of symbols in the cultural extension of UWP?

In Traveller-5, worldgen step E includes creating the world’s cultural extension (Cx), the last digit of which is “symbols.” The rule book explains only that:

Symbols used by the culture may range from the concrete (idol; totems; statuary) to the abstract (symbolized belief systems; group affiliations).

Given that the value is computed as Tech Level + Flux with a minimum of 1, one can easily infer that more primitive cultures have a lower value while more advanced cultures have a higher value. One also might infer from the brief description that the axis it measures has more “concrete” symbols at the lower range and more “abstract” symbols at the higher end.

How is this value applied to describing the world’s culture?

[Responses relevant to other editions of Traveller besides 5 are useful.]

Having problems with SQL injection with mysqli extension PHP

I am new to SQL injections, and people on Reddit asked me do the portswigger labs. Which I did up till before 2nd order ones. So I am pretty comfortable with usual SQL injections.

Now I have myself made a PHP website using mysqli extensions instead of mysql. So for example, a basic Query execution looks like:

//mysqli// $ result = mysqli_query($ conn, $ qry); instead of $ result = mysql_query($ qry);

========================================================================

So I asked others and found out that without proper sanitization or separate query builders, mysqli extension is as vulnerable as mysql extension. So, the app I made is too basic. It’s just querying the DB and spitting out results. It’s that simple. No sanitization is done.

But executing basic payloads like ‘+or+1=1–+ or anything basic, gives me the error:

mysqli_error() expects exactly 1 parameter, 0 given

So I tried a lot and can’t get past this error for anything I try. I simply can’t execute injections with mysqli extension. Any help is highly appreciated.

Thank You.

Attacked by ransomware that has encrypted and renamed all files with a .makop extension

I’ve spent several hours searching the internet to see if anyone has cracked this encryption yet, but without any luck. I don’t want to reward criminals for their activity, but I do have a few files that I absolutely need. Besides finding a decryptor or paying the ransom, do I have any other options for recovering my files? I have been able to successfully restore a couple of systems from backups, but my personal system wasn’t backed up and has temporarily housed important files.

I’m somewhat familiar with best practices of backing up important files and/or saving to the cloud, but I will definitely be more vigilant in the future. It was mostly due to the ‘it will never happen to me’ mindset.

Relevant information:

  • I’ve identified how they got in, and have reset the password on that account (and all other accounts just in case).
  • I did have malware bytes and sophos installed. Looking at the Event Viewer, there are logs of both of these software being successfully uninstalled.
  • The files are renamed like this: originalFileName.orig.[8-digit-hex].[ruthlessencry@qq.com].makop
  • The ransom note file says to contact them at ruthlessencry@qq.com to pay them in bitcoins.
  • They’ll decrypt a couple of files for free, and then send me a scanner-decoder program after being paid.

Chrome Extension: document.querySelector(‘button’).click() is not working on button created on React

I want from extension to click the button but button click event is not working as if i use JS DOM Methods:

getElementsByClassName('button')[0].click(); // Not working //or document.querySelector('button').click(); // Not working   

The problem is that button is created either on “React.js“, so i think that causes not to happen the button click event.

Please suggest me any solution for this problem.

Thanks.

Chrome extension differences: Urban Shield VS Urban Free VPN proxy Unblocker

What’s the difference between these two Chrome extensions, which provide VPN functionality for browsing via Chrome:

Urban Shield: https://chrome.google.com/webstore/detail/urban-shield/almalgbpmcfpdaopimbdchdliminoign?hl=en

Urban Free VPN proxy Unblocker: https://chrome.google.com/webstore/detail/urban-free-vpn-proxy-unbl/eppiocemhmnlbhjplcgkofciiegomcon

They are both developed by the same company, but I couldn’t find any explanation regarding the differences between the two.

Would it be a big security vulnerability if someone wrote a browser extension to retrieve personal information on Google’s behalf?

I am a 6th grader working in a project and came across the following question:
On most browsers, you can inject JavaScript code into the browser, for example by typing in javascript:alert(‘Injecting javascript code’). On Google Chrome, if you do this on Google Drive, instead of the title being “drive.google.com says”, the title is “Google Drive”. Would this be a security threat in any way if someone wrote a malicious extension to ask for personal information on Google’s behalf?

Using Beyond20 extension – How to connect your sheet to the VTT?

I recently discovered the Beyond20 browser extension and have installed it. The extension is supposed to make it so you can “roll” from your DNDbeyond character sheet and it will do the roll in your VTT (Roll20 for me.)

I’ve verified that my Roll20 character sheet is the dnd5e by Roll20 that it uses, but any time I click on a roll, it doesn’t roll in Roll20.

Is there something I’m missing or a step where the Roll20 token is linked to it? I’d really like to not track two character sheets, but can’t seem to get it to work.