Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Increased knowledge will help you now. Have mate's phone bugged.


rocksolid / rocksolid.shared.security / Re: predicted place scan

Re: predicted place scan

<5b22094d656107ae8a82304ae725f1f1@def4>

 copy mid

https://www.novabbs.com/rocksolid/article-flat.php?id=17&group=rocksolid.shared.security#17

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: 29438402...@anon.com (294384023948)
Newsgroups: rocksolid.shared.security
Message-ID: <5b22094d656107ae8a82304ae725f1f1@def4>
Subject: Re: predicted place scan
Date: Tue, 26 Feb 2019 22:28:39+0000
Organization: def5
In-Reply-To: <q53p3s$iuh$1@novabbs.com>
References: <q53p3s$iuh$1@novabbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: 294384023948 - Tue, 26 Feb 2019 22:28 UTC

depends what server you run, and what (on that server).
let's say you run a static site with /$webroot/index.html as the only document, you could either forbid everything else or you could redirect everything else (every request which is not index.html) to index.html.
directory listing must be turned off, of course. it is possible to replace the 404 with the 403 error message (or vice versa). this way, it is not revealed if the requested does not exist or is just forbidden.
if you have several documents (like usual), you can extend the scheme. how you implement the rights is depending on the server system you run, i think on apache you could use htaccess for this.
if you have something dynamic (like a forum or a blog), you could limit or redirect all requests to the application (the cgi or php script, or whatever you use).
if you have a script, you could also do something more sophisticated and try to check the requests for such scans and then react somehow (shutting down the connection for one minute or displaying a (possibly misleading) error page, writing to a log, trying to dos the scanner...).
and of course, you could also construct a spider/bottrap with endless redirects or something else funny (malicious files like zip bombs, obscure error messages or just some random garbage).

hope this helps

Posted on def4

SubjectRepliesAuthor
o predicted place scan

By: John Doe on Tue, 26 Feb 2019

12John Doe
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor