I've set my django 1.8 app to warn me when some user gets 404 or any crash.
Then I started constantly getting emails from my server pointing to requests like this one:
Referrer: <my_ip>:80/web-console/ServerInfo.jsp
Requested URL: /web-console/ServerInfo.jsp
User agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
IP address: 127.0.0.1
And this one:
Referrer: <my_ip>:80/invoker/JMXInvokerServlet
Requested URL: /invoker/JMXInvokerServlet
User agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1; 2Pac; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)
IP address: 127.0.0.1
It's a huge number of different url's. It seems a server is shooting tons of requests to several servers trying to discover some entrypoint to attack. Right?
My question is: should I do something? Assuming I don't even use the technologies this requests are looking for? Can this cause me any damage?
A few days ago security researchers has disclosed a very critical vulnerability on Java Serialization methods (Details : http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/) .Right after that publication, I've seen some exploitation attempts in the wild that try to exploit exactly same vulnerability . I'm telling this story because your log shows exactly same exploitation attempts. As long as you DON'T support Jboss or other Java technologies on your server, you will be secure against these kind of attacks.
Related
in the requirements for using the Gmail REST APIs: https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes
There is the statement:
Do not mislead Google about an application's operating environment. You must accurately represent the environment in which the authentication page appears. For example, don't claim to be an Android application in the user agent header if your application is running on iOS, or represent that your application's authentication page is rendered in a desktop browser if instead the authentication page is rendered in an embedded web view.
We have an Electron version of our app, that is only wrapping the web version URL in a desktop app. So we are using the OAuth flow for Web Server applications for both the web app and the desktop app. Can this be considered a valuation of the User Data Policy?
The key is agent header. This corresponds with the HTTP header User-Agent.
What Google is asking is that you use a User-Agent string that matches the platform that you are running on (android, iOS, Windows 10, ...). This link will give you more information about User-Agent.
You can test what strings are included by your browser using this site. This should give you a better understanding. For example on my Windows 10 desktop using Chrome:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36
This link is the RFC7231 standard.
If your software is running in the browser, you don't need to do anything except don't override the User-Agent value. If you are writing your own custom software, then do some research and specify a User-Agent string that identifies the platform and append your software / company name.
Electron publishes a list of its User-Agent strings. My initial recommendation is just leave the User-Agent header alone and let Electron manage this for you.
This StackOverflow answer shows how to set the Electron User-Agent header if you choose to do so.
I am getting error : -2146697208, while sending xml to payment gateway web service. The application is developed in VB6.0 and the OS is Microsoft windows server 2003.
And also the code works fine in Windows XP, and i verified the same with third party tools for testing Web Services (SOAP UI) in Windows Embedded Standard system and it works fine. Looks like the issue is related to VB6.0 and the OS. Please help.
Code Snippet:
On Error GoTo 0
'Set XMLHTTP = CreateObject("MSXML2.XMLHTTP.3.0")
PaymentURL = "https://testpayments.globalone.me/merchant/xmlpayment"
Dim http As Object
Set http = CreateObject("MSXML2.XMLHTTP.6.0")
http.Open "POST", PaymentURL, False
http.setRequestHeader "Content-Type", "text/xml"
http.setRequestHeader "User-Agent", "Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405"
http.send (xmldata) (error is thrown here)
Please help me.
Thanks
I want to insert data into solr through my application, I am also using elasticsearch to store data, to insert data in to elasticsearch I am using following request incloding my data in index "16-03-2016-sslindex" :
"POST http://192.168.0.164:9200/_bulk HTTP/1.1
Host: 192.168.0.164:9200
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0;)
Pragma: no-cache
Content-Type: application/x-www-form-urlencoded
Content-Length: 196"
"{"index":{"_index": "16-03-2016-sslindex","_type":"session"}}
{"UniqueID":"2016-3-16-10-45-19-1-1","Time":"2016-3-16T10:45:19","SrcIp":"192.168.0.180","SrcPort":1123,"DstIp":"74.125.68.113","DstPort":443,"InterfaceID":"1","LocationID":2,"Size":0,"Snortname":"p_snort.log.123","Dummy1":"","Dummy2":0}"
I want to use solr in same ways. what should be the request structure so as to insert valye in to solr.
Solr support HTTP protocol for insertion/updation/search.....
You have to hit Solr (again by socket programming.)
In Java
public void pumpData() {
// hit elastic cloud
// then hit solr
}
(Just for info : Solrj is a java client to access solr. It make task little easy.)
Same you have to do in C++. C++ has "SolrCpp" solr client - Solrcpp. Apache site is mentioning same - solr clients
I have a C++ (QT5) application and now I wanted to connect to TFS and get the projects and few other details of the project. The main intention is to pull out the Test Cases from MTM.
So many examples using their API with C# and easily solving this problem. However I am having no such luck with C++. I am not sure how to proceed, should I write my own web service using the SDK and then use it or does TFS provide SOAP support.
I thought it did and hence fired fiddler to get to it, but never saw an auth method anywhere. All the requests I saw was GET. And there was a NTLM authorization as shown below.
GET http://localhost:8080/tfs HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:30.0) Gecko/20100101 Firefox/30.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Authorization: NTLM TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAGAvAjAAAADw==
Any suggestions I can have or tips I would be grateful. I wish there was some documentation or samples/examples using C++.
If it has SOAP functions (WSDL) I could use KdSoap and use it with my application.
Thanks.
There is no way to bypass the API.
While you can connect to the web services for TFS directly there is no support for this method. Your code can break with any update to TFS. I would recommend that you create a web service with c# and then call that from your code. I would expect that the rest api's will become available on premises at some point.
Another option, although I am dubious of the support would be to create a hybrid DLL, C++ Managed, that can call the C# API's. You can then call the hybrid code from the native code. This is one extra level of wrapper and is really designed to help teams migrate from C++ to C#, but I believe that it will work.
http://en.wikipedia.org/wiki/C%2B%2B/CLI
that's my first question here. After long research, I decided to ask for help...
So first I'll explain my scenario. I have some SOAP web services here. They're consumed by an .Net website. The .Net framework used is in version 4.0.
So my web services are configured to accept HTTP/1.0 protocol, due to .Net limitations. In spite of that, everything works fine if I access the service directly to Jboss AS(4.2.2 GA).
But, I have to make it work with Apache web server as the receptor of the request. Apache do a inverse proxy redirection to my service, so the site send requests to port 8080 (that Apache is listening) and send it to jboss that is expecting the request at port 18080.
In many tests, I confirmed that almost every service worked almost fine, sometimes they have the same failure. But one in particular don't work anyway, the request stopped at Apache with status 400 and empty value (the - after the 400) like that:
POST /xxxx/xxxx/xxxxx/MyService HTTP/1.1" 400 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; MS Web Service Client Protocol 4.0.30319.296)
The other requests that are processed have this value filled. I guess is the response size.
Please consider my regards. thanks
After great efforts at my company we discovered using an Sniffer(Wireshark) that we had two problems that let us to had the situation described in this problem.
First problem solved: .Net platform is configured to send by default an empty request. The first attempt failed so .Net was forced to automatically send a second request with authentication. So i figured out 2 requests before the Jboss response formed an http 400 error.
Second Problem solved:
After the other side solved thise previous problem configuring .Net properly, we tested again and the results were conclusive that no more requests was hitting Apache Http Server. - So there was a strong signal that we had something blocking this specific service. With the rocks in my hand, infrastructure people started to move their asses and somehow solved the problem. Mine frustration in the end is that they didn't said nothing about the possible correction. So "suddenly" the communication was restored..
So after all we made it! but with a bitter taste of defeat. Thank you all that supported me in this problem. []s