How to stop Google search, by using “noindex” and “nofollow,” from offering options to private pages on a website

I have a family history website, call it "my_family.com". The primary file, index.php, has some introductory remarks of explanation and an html form into which one puts the website’s password (there’s a single password used by all family members). If one runs "my_family.com" and inserts the correct password and clicks on the "Submit" button, the php code in the file takes you to the first of several html files — call it "first.html," which gives one links to further html files. All of these files contain family trees, copies of letters, photos, reminiscences, obituaries, etc., and none of which should be available to non-family-members. I soon found out found that if one put the phrase "my_family.com" into the Google search window (whether on computer of smartphone), one got a list of options, not just a Login option but about eight to ten 3-4 word excerpts from html files on the website; and if one clicked on any of these latter options, one bypassed the password process and was taken directly to other files on the website, i.e., files that should never be publicly revealed.
What I’ve done to avoid such access is to create a cookie in the original index.php file. If the user inserts the correct password, the cookie is set to "passwordCorrect" Each subsequent html file then checks whether the cookie has that value before the user is allowed to move on Putting in the cookies has solved the problem of public access, but nevertheless a Google search still shows the 3-4 word excerpts. I have tried to stop Google search from doing this by putting into the header section of first.html: ”” (without the outer quotes). But that has been in the file for about three weeks and has proved useless. I tried using Google Search Console to get Google to make an early "crawl" of the file my_family.com, but am frustrated by the lack of examples about how to use it, and don’t think I succeeded. Maybe I should be asking for a crawl of the file my_family.com/first.html, instead of the basic my_family.com website? I’d appreciate any advice anyone has about this. For example, how do I determine when the last crawl was, when can I expect the next crawl, is the meta tag in the correct file, etc? Thanks

Can a druid Wild-Shaped into a raven speak using the Mimicry trait?

The description of the druid’s Wild Shape feature says, in part (PHB, p. 67):

You can’t cast spells, and your ability to speak or take any action that requires hands is limited to the capabilities of your beast form.

And the Mimicry trait of a raven says:

The raven can mimic simple sounds it has heard, such as a person whispering, a baby crying, or an animal chittering. A creature that hears the sounds can tell they are imitations with a successful DC 10 Wisdom (Insight) check.

As a druid PC, I’ve heard all the simple sounds that make up a language that I can speak. So, by RAW, can I speak all the languages my character knows while wildshaped in raven form? After all, I do keep my character’s mental abilities when I am in Wild Shape; am I able to mimic sounds well enough to speak?

If so: As slowly or weird-sounding as it may be, would it be clear enough for other people to understand?

How to preselect and disable specific checkboxes using js/jquery? [closed]

I have checkboxes with randomly generated ids on every page view and want to preselect and disable some of them, so they can not get unchecked anymore.

With a simple script which looks after value="" I’m able to achieve the preselection but if I try to disable it at the same time, it disables all input fields on the page.

I think it is smarter to get the randomly generated ids of the specific checkboxes using my method mentioned above and then put them in a function. But this is where I fail!

What would be your solution if we had this and couldn’t select by id:

<input type="checkbox" id"?" value="check1"> <input type="checkbox" id"?" value="check2"> <input type="checkbox" id"?" value="check3"> 

I would appreciate any help.

How does the action economy for a hasted Fighter using action surge work in DND 5e?

My player’s fighter has just reached 11th level, He duel wields Scimitars. On his normal attack action, he gets 3 attacks plus one additional attack for his bonus action.

If he then decides to use Action surge, on the same turn he is then receiving three additional attacks. As I understand it; action surge does not grant a second bonus action is that correct?

SO if he also happens to be hasted does he get 3 more additional attacks or just 1 additional attack? Haste states that he gets another "action" and as the multi-attack class feature applies would I be correct in my interpretation that he would indeed get 10 attacks that round in 6 seconds?

What do I do about PCs using Con damage to “nuke” bosses?

So recently my players realized that they can spam poison-based Con damage on my bosses to effectively nuke them down in a couple rounds. This is basically ruining the challenge of my fights, but they seem to love it. I’m not sure how to handle this without basically saying “No, you can’t do that.” Or making the bosses suddenly immune for some reason. Their entire tactics rely on lowering the enemies saves, then spamming Con Damage to lower it more, which allows easier Con Damage spam, until it’s dead by round three.

I don’t know how to handle this. I don’t want to be an ass and just start doing it back in a “Well fine, if you do ima do it too” fashion.

This sucks…

MiTM using ettercap and burp suit and iptables

I’m trying to perform a MiTM attack on a local network connected device. I configured the iptables to route the incoming traffic to port 443 and port 80 so it can be captured by the Burp Suite. However when i’m performing ARP poisoning using ettercap (as arpspoof is not available in KALI 2020) wireshark can capture the packets but burp can’t be able to intercept the packets.

I followed this tutorial… https://www.pentestgeek.com/penetration-testing/credential-harvesting-via-mitm-burp-suite-tutorial

But it’s not helping me anymore as arpspoof is deprecated.

Is there any point in using PGP or S/MIME when your receipients mostly don’t use it?

For an average company how much does it make sense to implement S/MIME or PGP for providing their E-mails the verification functionality (please correct me if I’m wrong), which most E-mail clients to my best of knowledge support, even though the contacts of the company usually don’t use any kind of E-mail encryption.

Termination of term rewiting using strict partial order on subterms

Are there any good books, research reports, surveys, theses, or papers that display proof techniques, with clear proofs of termination of term rewriting problems that have the following form…?

Terms are represented by directed acyclic graphs where the terms are vertices with arcs labelled $ arg_{1}…arg_{n}$ pointing to the immediate sub-terms. There would be additional equality arcs between vertices. Thinking of the transitive closure of the equality arcs as representing equivalence classes of vertices that are "merged", the $ arg$ arcs in the graph form a lattice (because or the strict order on sub-terms, and some sub-terms might be shared). A rewrite rule would add extra arcs, such that existing partial order would be preserved and added to, so the rewrite rules would be constructing a series of partial orders (represented in the graph state at each step) $ p_{0} \subset … \subset p_{m}$ more and more "constraining" the partial order relation between vertices until either the re-write rules find nothing to re-write or a rewrite would introduce a cycle (immediately detectable by a depth first search). I think this kind of termination proof is correct because we can say every step was a reduction under the partial order $ p_{m}$ but I’d like a formal justification because I have worries about my not knowing $ p_{m}$ before hand, only when it is constructed. And if the rewrite finds a cycle then that cycle was implicit from the beginning. Again I think that’s OK because my re-write rules are prove-ably LHS iff RHS so they transform the problem to an equivalent problem. I call this "construct a partial order or die trying." Is there a more formal name for this kind of proof?

Ideally the proof examples would be constructive and mathematically thorough. I see some papers that assume a lot of prior knowledge, probably because of brevity requirement, and not wanting to bore an expert audience. And others with "wordy" explanations, which are great to give intuitive understanding, but proofs should not depend on them.

Using other programming languages for malware against EDR?

As an example, one of the most basic malware to inject into a process to get a C2 beacon goes like this:

Get Handle of a process -> VirtualAllocEx -> WriteProcessMemory -> CreateRemoteThread 

Now writing this in C/C++ is quite native as it can easily communicate with WinAPI. Are there any benefits in writing this in another programming language such as Golang or Rust to fight against EDR, not just an AV with static analysis checks? More specifically EDRs that are hooking and calling JMP to those WinAPI calls?

My question comes from the rise of .NET and C# with a lot of use cases such as using LOLBAS csc.exe to compile on machine or execute-assembly to load .NET assemblies in unmanaged codespace or process. However, this still use WinAPI by using P/Invoke (and now D/Invoke).

  1. Are there any benefits in using other programming language to call WinAPI function to fight against EDR?
  2. Are there any other ways of creating malware (e.g. dropper) besides calling WinAPI?
  3. Like with .NET and C#, will there be a new rise in existing (other) languages such as Go or Rust.