Rocksolid Light

Welcome to Rocksolid Light

register   nodelist   faq  


rocksolid / rocksolid.shared.security / Re: predicted place scan

SubjectAuthor
* predicted place scanJohn Doe
+* Re: predicted place scan294384023948
|`* Re: predicted place scanJohn Doe
| `- Re: predicted place scanAnonUser
+* Re: predicted place scanNeodome Admin
|`- Re: predicted place scanJohn Doe
`* Re: predicted place scan90238209348
 `* Re: predicted place scanJohn Doe
  `* Re: predicted place scantrw
   `* Re: predicted place scanJohn Doe
    `* Re: predicted place scan3232342342
     `* Re: predicted place scanJohn Doe
      `- Re: predicted place scan394820498029

Subject: predicted place scan
From: invalid@invalid.invalid (John Doe)
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (news.novabbs.com)
Date: Tue, 26 Feb 2019 16:22 UTC
How to protect hidden service from such scan?

"GET /test/
"GET /status
"GET /stats/
"GET /sql.tgz
"GET /sql.zip
"GET /sql.tar.gz
"GET /site/
"GET /site.zip
"GET /site.tgz
"GET /site.tar.gz
"GET /shell.php
"GET /settings.php
"GET /server-status
"GET /server-info
"GET /secret/
"GET /register.php
"GET /register
"GET /private_key
"GET /private/
"GET /priv/
"GET /pma/
"GET /phpmyadmin/
"GET /phpinfo.php
"GET /phpinfo
"GET /phpbb/
"GET /old/
"GET /new/
"GET /mysql.zip
"GET /mysql.tgz
"GET /mysql.tar.gz
"GET /logs/
"GET /login/
"GET /login.php
"GET /log/
"GET /install/
"GET /install.php
"GET /includes/
"GET /include/
"GET /inc/
"GET /home.php
"GET /home/
"GET /hidden/
"GET /fr/
"GET /forums/
"GET /forum/
"GET /foro/
"GET /files/
"GET /file/
"GET /FCKeditor/
"GET /file.php
"GET /etc/
"GET /es/
"GET /en/
"GET /dump.zip
"GET /dump.tgz
"GET /dump.tar.gz
"GET /dump.sql.zip
"GET /dump.sql.gz
"GET /dump.sql.bz2
"GET /dump.sql
"GET /dump.gz
"GET /downloads/
"GET /download.php
"GET /demo/
"GET /de/
"GET /db.sql
"GET /data/
"GET /cpanel/
"GET /controlpanel/
"GET /content/
"GET /config.php
"GET /config/
"GET /conf/
"GET /c99.php
"GET /board/
"GET /bitcoin.php
"GET /backups/
"GET /backup/
"GET /backup.zip
"GET /backup.tgz
"GET /backup.tar.gz
"GET /ar/
"GET /administrator/
"GET /admin/
"GET /admin.php
"GET /adm/
"GET /accounts/
"GET /account/
"GET /.svn/
"GET /.ssh/
"GET /.htaccess
"GET /.git/index
"GET /.bash_history
"GET /files/


Subject: Re: predicted place scan
From: 294384023948@anon.com (294384023948)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Tue, 26 Feb 2019 22:28 UTC

depends what server you run, and what (on that server).
let's say you run a static site with /$webroot/index.html as the only document, you could either forbid everything else or you could redirect everything else (every request which is not index.html) to index.html.
directory listing must be turned off, of course. it is possible to replace the 404 with the 403 error message (or vice versa). this way, it is not revealed if the requested does not exist or is just forbidden.
if you have several documents (like usual), you can extend the scheme. how you implement the rights is depending on the server system you run, i think on apache you could use htaccess for this. if you have something dynamic (like a forum or a blog), you could limit or redirect all requests to the application (the cgi or php script, or whatever you use).
if you have a script, you could also do something more sophisticated and try to check the requests for such scans and then react somehow (shutting down the connection for one minute or displaying a (possibly misleading) error page, writing to a log, trying to dos the scanner...).
and of course, you could also construct a spider/bottrap with endless redirects or something else funny (malicious files like zip bombs, obscure error messages or just some random garbage).

hope this helps

Posted on def4


Subject: Re: predicted place scan
From: invalid@invalid.invalid (John Doe)
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (news.novabbs.com)
Date: Thu, 28 Feb 2019 09:12 UTC
On 2019-02-26 22:28, you wrote:


depends what server you run, and what (on that server).

I run static site with sthttpd. sthttpd seem does not support ".htaccess" file
- he ignore every string there.

let's say you run a static site with /$webroot/index.html as the only
document, you could either forbid everything else or you could redirect
everything else (every request which is not index.html) to index.html.
directory listing must be turned off, of course. it is possible to replace
the 404 with the 403 error message (or vice versa). this way, it is not
revealed if the requested does not exist or is just forbidden.
if you have several documents (like usual), you can extend the scheme. how
you implement the rights is depending on the server system you run, i think
on apache you could use htaccess for this. if you have something dynamic
(like a forum or a blog), you could limit or redirect all requests to the
application (the cgi or php script, or whatever you use).
if you have a script, you could also do something more sophisticated and try
to check the requests for such scans and then react somehow (shutting down
the connection for one minute or displaying a (possibly misleading) error
page, writing to a log, trying to dos the scanner...).
and of course, you could also construct a spider/bottrap with endless
redirects or something else funny (malicious files like zip bombs, obscure
error messages or just some random garbage).


Subject: Re: predicted place scan
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Organization: NovaBBS
Date: Thu, 28 Feb 2019 12:24 UTC
John Doe wrote:

On 2019-02-26 22:28, you wrote:


depends what server you run, and what (on that server).

I run static site with sthttpd. sthttpd seem does not support ".htaccess"
file
- he ignore every string there.

Previous post covers a good amount of good ideas. I haven't used sthttpd, looks interesting https://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/

Maybe mess with the throttling feature and refuse connections instead of just throttle them for predicted locations
http://www.acme.com/software/thttpd/thttpd_man.html#THROTTLING

--
Posted on Rocksolid Light.




Subject: Re: predicted place scan
From: admin@neodome.net (Neodome Admin)
Newsgroups: rocksolid.shared.security
Organization: Neodome
Date: Thu, 28 Feb 2019 16:06 UTC
John Doe <invalid@invalid.invalid> wrote:
How to protect hidden service from such scan?

"GET /test/
"GET /status
"GET /stats/
"GET /sql.tgz
"GET /sql.zip
"GET /sql.tar.gz
"GET /site/
"GET /site.zip
"GET /site.tgz
"GET /site.tar.gz
"GET /shell.php
"GET /settings.php
"GET /server-status
"GET /server-info
"GET /secret/
"GET /register.php
"GET /register
"GET /private_key
"GET /private/
"GET /priv/
"GET /pma/
"GET /phpmyadmin/
"GET /phpinfo.php
"GET /phpinfo
"GET /phpbb/
"GET /old/
"GET /new/
"GET /mysql.zip
"GET /mysql.tgz
"GET /mysql.tar.gz
"GET /logs/
"GET /login/
"GET /login.php
"GET /log/
"GET /install/
"GET /install.php
"GET /includes/
"GET /include/
"GET /inc/
"GET /home.php
"GET /home/
"GET /hidden/
"GET /fr/
"GET /forums/
"GET /forum/
"GET /foro/
"GET /files/
"GET /file/
"GET /FCKeditor/
"GET /file.php
"GET /etc/
"GET /es/
"GET /en/
"GET /dump.zip
"GET /dump.tgz
"GET /dump.tar.gz
"GET /dump.sql.zip
"GET /dump.sql.gz
"GET /dump.sql.bz2
"GET /dump.sql
"GET /dump.gz
"GET /downloads/
"GET /download.php
"GET /demo/
"GET /de/
"GET /db.sql
"GET /data/
"GET /cpanel/
"GET /controlpanel/
"GET /content/
"GET /config.php
"GET /config/
"GET /conf/
"GET /c99.php
"GET /board/
"GET /bitcoin.php
"GET /backups/
"GET /backup/
"GET /backup.zip
"GET /backup.tgz
"GET /backup.tar.gz
"GET /ar/
"GET /administrator/
"GET /admin/
"GET /admin.php
"GET /adm/
"GET /accounts/
"GET /account/
"GET /.svn/
"GET /.ssh/
"GET /.htaccess
"GET /.git/index
"GET /.bash_history
"GET /files/


I, personally, just ignore it.

--
Neodome


Subject: Re: predicted place scan
From: 90238209348@anon.com (90238209348)
Newsgroups: rocksolid.shared.security
Organization: def5
Date: Thu, 28 Feb 2019 18:06 UTC

sthttpd - a fork of thttpd, a tiny/turbo/throttling HTTP server
version 2.27.0 Oct 3, 2014 sthttpd is a fork of Jef Poskanzer's
popular thttpd server. This fork aims to simply maintain the
original codebase as bugs or security issues are found.

oh yeah, thttpd is back, how cool is that ? i think for minimalistic sites it is just the best server there is.




Posted on def4


Subject: Re: predicted place scan
From: invalid@invalid.invalid (John Doe)
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (news.novabbs.com)
Date: Thu, 28 Feb 2019 20:18 UTC
On 2019-02-28 16:06, you wrote:

John Doe <invalid@invalid.invalid> wrote:
How to protect hidden service from such scan?

"GET /sql.tgz
"GET /sql.zip
"GET /sql.tar.gz
"GET /db.sql
"GET /backup.zip

I, personally, just ignore it.

He overload low bandwidth tor/i2p tunnel.


Subject: Re: predicted place scan
From: invalid@invalid.invalid (John Doe)
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (news.novabbs.com)
Date: Thu, 28 Feb 2019 20:22 UTC
On 2019-02-28 18:06, you wrote:


sthttpd - a fork of thttpd, a tiny/turbo/throttling HTTP server
version 2.27.0 Oct 3, 2014 sthttpd is a fork of Jef Poskanzer's
popular thttpd server. This fork aims to simply maintain the
original codebase as bugs or security issues are found.

oh yeah, thttpd is back, how cool is that ? i think for minimalistic sites it
is just the best server there is.

it is fast and secure. best choice for static site.


Subject: Re: predicted place scan
From: trw@i2pmail.org (trw)
Newsgroups: rocksolid.shared.security
Organization: Dancing elephants
Date: Fri, 1 Mar 2019 10:12 UTC
He overload low bandwidth tor/i2p tunnel.

on tor, you are on your own. but on i2p, you can avoid such attacks pretty easily by finetuning the tunnels properties.
has worked like a charm for def3, which was subject to heavy spider and inproxy traffic.

cheers

trw
Posted on: def3.i2p


Subject: Re: predicted place scan
From: invalid@invalid.invalid (John Doe)
Newsgroups: rocksolid.shared.security
Organization: rocksolid2 (news.novabbs.com)
Date: Sun, 3 Mar 2019 10:06 UTC
On 2019-03-01 05:12, you wrote:

He overload low bandwidth tor/i2p tunnel.

on tor, you are on your own. but on i2p, you can avoid such attacks pretty
easily by finetuning the tunnels properties.

which one properties exactly?

has worked like a charm for def3, which was subject to heavy spider and
inproxy traffic.


Pages:12
rocksolid light 0.6.5e
clearnet i2p tor