Getting numerous HEAD requests by Java user agents to resources that require authentication to view within a web application. Should I block them?

I have recently started using Cloudflare’s firewall in front of a web application. This app has a limited user base of selected applicants and they must log in to view anything. There is no public registration form and nothing within the portal can be accessed without an account.

Since moving the DNS to Cloudflare I can see we are receiving numerous daily HEAD requests to paths that are only accessible within the portal.

These requests come from one of two groups of IP addresses from the United States (we are not a US-based company; our own hosting is based in AWS Ireland region and we’re pretty sure at least 99% of our users have never been US-based):

Java User Agents

  • User agent is Java/1.8.0_171 or some other minor update version.
  • The ASN is listed as Digital Ocean.
  • The IP addresses all seem to have had similar behaviour reported previously, almost all against WordPress sites. Note that we’re not using WordPress here.

Empty User Agent

  • No user agent string.
  • The ASN is listed as Amazon Web Services.
  • The IP addresses have very little reported activity and do not seem at all connected to the Java requests.

Other Notes

  • The resources being requested are dynamic URLs containing what are essentially order numbers. We generate new orders every day, and they are visible to everyone using the portal.
  • I was unable to find any of the URLs indexed by Google. They don’t seem to be publicly available anywhere. There is only one publicly accessible page of the site, which is indexed.
  • We have potentially identified one user who seems to have viewed all the pages that are showing up in the firewall logs (we know this because he shows up in our custom analytics for the web app itself). We have a working relationship with our users and we’re almost certain he’s not based in the US.

I am aware that a HEAD request in itself is nothing malicious and that browsers sometimes make HEAD requests. Does the Java user agent, or lack of a user agent in some cases, make this activity suspicious? I already block empty user agents and Java user agents through the firewall, although I think Cloudflare by default blocks Java as part of its browser integrity checks.

Questions

  1. Is there any reason why these might be legitimate requests that I shouldn’t block? The fact it’s a HEAD request from a Java user agent suggests no, right?

  2. One idea we had is that one of the users is sharing links to these internal URLs via some outside channel, to outsource work or something. Is it possible some kind of scraper or something has picked up these links and is spamming them now? As I say, I was unable to find them publicly indexed.

  3. Is it possible the user we think is connected has some sort of malware on their machine which is picking up their browser activity and then making those requests?

  4. Could the user have some sort of software that is completely innocent which would make Java based HEAD requests like this, based on their web browsing activity?

Any advice as to how I should continue this investigation? Or other thoughts about what these requests are?

Is it possible to use the resources of a second computer to supplement the power for a principal one? [closed]

I’m using COMSOL to set up some models and I have two computers – one that is weak and has the license on and a second one which is very powerful and I would like to use the weak computer with the license to set up the model, the geometry, boundary conditions etc, and the second one for carrying the heavy stuff – the the computation. Are there any ways to do something like this? This questions is more general than just COMSOL. Is there any way to use the resources of a second computer to supplement the power of the first one?

How to determine if particular .NET/ASP.NET version has known vulnerabilities by version-build number using Microsoft resources?

I’m trying to find any list which can help finding if particular ASP.NET version has known vulnerabilities by version-build number. Googling doesn’t help. Is there a known list by microsoft which can help me, containing all existing build numbers (like “ASP.NET Version:2.0.50727.8813”), or any other way of checking if security patches has been already applied, for example the list of security patches with build numbers to which it updates the components? https://www.cvedetails.com/ doesn’t help because it doesn’t contain build information, only lists major versions.

Firefox and Chrome load resources with max-age differently?

I’m trying to troubleshoot something on the client and I believe it has something to do with the the browser caching requests.

I’m loading the same page on Firefox and Chrome (Canary). When I look in the network tab, I see different behavior.

There server response has a max-age set for cache control. I see that Chrome always loads from (disk cache) if max-age has not been reached. But for Firefox, I’ll see it load the resource not from cache once in a while before max-age has been reached. Also I’m seeing 304 ‘not modified’ in Firefox, but not in Chrome.

Can someone help explain what I’m seeing?

Here are some screenshots of the Network tabs… Firefox network tab Chrome network tab

Chrome: why is invalid certificate usage for resources loaded from localhost disabled?

In chrome there is a flag called: allow-insecure-localhost. As far as I can tell all it does is block localhost connection over tls if the certificate is self signed.

Why is this feature turned off by default? Does it affect regular users in any way (regular user = someone who is not developing something). Are there any serious cases of localhost connection being used malicious that could have been prevented by having this option enabled?

Resources on dice rolling for Rolisteam

Where can I find reliable instructions as to how dice rolling programming works with Rolisteam specifically (I use 1.8.2)?

All I can find is about DiceParser (which seems to be the base code used in Rolisteam) but the commands provided aren’t working for me. Even if I copy and paste the examples for DiceParser in Rolisteam, it isn’t working (and yes, I add the “!” at the beginning).

Assign resources that each have a certain amount of work they can provide to tasks that require a certain amount of work

I’m attempting to do a hobby automation project and have come to a roadblock. I have a certain problem I need to solve, but can’t think of the solution nor what the name for the problem would be.

Say we have n tasks where each task requires $ x_i$ amount of work to be done and m resources where each resource can provide $ y_j$ work. The total amount of work required will equal the the total amount of work the resources can provide, i.e. $ \sum_{i=1}^{n} y_i = \sum_{j=1}^{m}x_j$ . For all j from 1 to m, $ y_j \in \left \{1, 2, 6, 12, 24\right \}$ and each $ x_i = a*1 +b *2 + c*6+d*12+e*24$ . I was looking at task assignment problems, but those seemed to be a bit overkill since they were concerned with optimization where I’m just simply trying to slot the correct blocks in the right place so that I don’t have tasks that are given too few or too many resources.

My current guess is that you can iterate over each task, and give it the largest resource available that doesn’t go over the amount of work that is left for the task to be completed. It’s almost analagous to filling a jar with different sized rocks; the best way is to start with the largest rocks and then go down in size from there, so that the smaller rocks fill in the space between the larger ones. Am I not taking something into consideration that complicates this problem further? I’m sorry if this is an obvious one, but I’m a hobbyist programmer and couldn’t think of the name of the problem or of a good set of keywords to google. The closest I could find is task assignment so far.

Claim that Skype is an unconfined application able to access all one’s own personal files and system resources


Situation

I was about to install Skype on a laptop driven by Ubuntu 18.04 LTS Desktop. The software installation helper graciously informs me that Skype

is unconfined. It can access all your personal files and system resources

as per the screenshot below.

screenshot software installer ubuntu 18.04

Apparently there must be reasons to make a distinction from applications that do not call for this warning.

Reality-checks

  • Can Skype really scan anything I have in my home directory regardless of the permissions set to files and directories? Does it become like a sort of superuser?
  • What is the meaning of system resources there? Does it go about functional resources like broadband and memory, or is that an understatement for control on all applications?

Mitigation

  • How is it possible for an average “power user” to confine such an unconfined application?

Beside the mere answering, pointing out to interesting readings is also appreciated.