I checked the server logs and I found a large number of 404 errors. For example, this post
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/ has some 404 URLs because something appended in the URL text like this one /-&e=MOAT.(something)
Example of URLs:
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.load
https://historycollection.com/16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states/4/-&e=MOAT.measurable
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.inView2sec
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.smallplayer
https://historycollection.com/10-little-known-facts-abou-axis-prisoners-of-war-in-world-war-ii/-&e=MOAT.viewable&tv=1
Most of them having referrers like this one https://historycollection.com/16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states/?utm_source=Facebook&utm_medium=Ads&utm_campaign=16-horrifying-historical-locations-where-people-continue-to-live-in-the-united-states-Automatic
And user agents like these ones:
Mozilla/5.0 (Linux; Android 10; SM-N975U1 Build/QP1A.190711.020; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/85.0.4183.101 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/289.0.0.40.121;]
Mozilla/5.0 (Linux; Android 9; E6910 Build/4.601VZ.0191.a; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/72.0.3626.121 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/163.0.0.43.91;]
Does anybody have any idea about this?
Thanks,
These are probably bots probing for vulnerabilities.
Run the IP through something like AbuseIPDB and see what others have to say about it.
Related
I know that google login for cefsharp has been blocked for long time now,
but is there any way to bypass this
for example calling a actual chrome browser for the login and get the access token
Thanks in advance
You need to add at the end of your UserAgent /CefSharp Browser" + Cef.CefSharpVersion;
Example :
settings.UserAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 /CefSharp Browser" + Cef.CefSharpVersion;
And it work...
My Http protocal, where I am setting disableFollowRedirects. However there is one get call I am making for which I want the execution to follow redirect. Can we do that ? I tried disableProtocolChecks but it isn't working
.baseUrl(brokerHost)
.acceptHeader("text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8") // Here are the common headers
.acceptEncodingHeader("gzip, deflate")
.acceptLanguageHeader("en-US,en;q=0.5")
.upgradeInsecureRequestsHeader("1")
.userAgentHeader("Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36")
.disableFollowRedirect
For this request I want to execution to follow redirects
.exec(http("Post SAML request to IDP")
.post(/authentication/SSOPOST/")
.check(status.is(302))
.check(header("Location").saveAs("redirecturl"))
)
No, it's not currently (as of gatling 3.4) possible, neither one way (disable globally and re-enable locally) or the other (enable globally and disable locally). There's no control over followRedirect behavior at the request level.
Now, could you please explain why you would be able to do that?
Usually, people want to disable followRedirect because they think they should capture the Location response header in the redirect response so they can capture data from the landing page url.
This is wrong. Instead, they should let followRedirect enabled and use the currentLocation and currentLocationRegex checks.
Actually, we're considering removing the disableFollowRedirect option, unless we really have a compelling reason not to do so.
It seems one of the LDAP strategies has stopped working for an unknown reason. I have confirmed the password and the settings are correct. I have also checked the Map Groups field and confirmed that the user role has been added and I am able to see all the user that should be in there under LDAP Users I have also tried reloading authentication configuration with no luck. Any help or suggestions would be greatly appreciated. Below is the message I am getting. Any help or tips would be greatly appreciated not sure where else to go from here.
3/11/20
8:30:46.318 AM
03-11-2020 08:30:46.318 -0500 ERROR UiAuth - user=myuser action=login
status=failure reason=user-initiated useragent="Mozilla/5.0 (Windows
NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/80.0.3987.132 Safari/537.36" clientip=123.123.123.123
host = abc001source = \Splunk\var\log\splunk\splunkd.logsourcetype =
splunkd
3/11/20
8:30:46.318 AM
03-11-2020 08:30:46.318 -0500 ERROR UserManagerPro - LDAP Login
failed, could not find a valid user="myuser" on any configured servers
host = abc001source = *\Splunk\var\log\splunk\splunkd.logsourcetype =
splunkd
Please double check your bindDNPassword for LDAP Service account and LDAP password policy.
I encountered the same error when I kept the wrong password and Service account got locked.
I had to reset the password and it worked for me. Give it a try.
Thank you.
I'm new to google-app-engine and I'm trying to migrate a PHP site that currently uses the meekrodb class for mysql (http://www.meekro.com/) to connect to a db stored with my webhost with access enable from any IP.
When I run the site on the local app-engine instance there are no issues, but when I deploy it I get an error 500 error with the following log:
90.202.109.98 - - [12/Jul/2015:04:31:36 -0700] "GET / HTTP/1.1" 500 0 - "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.130 Safari/537.36" "*.appspot.com" ms=145 cpu_ms=0 loading_request=1 exit_code=204 instance=00c61b117ce2904f41b4d706f60338b416a908e1 app_engine_release=1.9.23
The page being run was index.php and it did nothing except load up the class and DB attributes (which works fine alone), but when I add the following code:
DB::query('select * from places');
The error occurs, again, only on the remote instance.
Any thoughts on why?
Figured it out, it's because my db is remotely hosted and Google doesn't allow that for free apps. I'd have to enable sockets. See https://stackoverflow.com/a/20254933/1254900
I am trying to access Salesforce headers from a visualforce as well as inline Visualforce page. Both the headers are different. My Objective was to get the Ip address from within Visualforce page. I was able to get it from a VF page while not in inline VF Page - What could be missing. Pasting both the headers below for reference:
Header as in independent VF Page:
{Accept=text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8, Accept-Encoding=gzip, deflate, sdch, Accept-Language=en-US,en;q=0.8, Cache-Control=max-stale=0, CipherSuite=AES256-SHA TLSv1.2 256-bits, Connection=keep-alive, Host=maseratispaceq.ap1.visual.force.com, Referer=https://maseratispaceq.ap1.visual.force.com/apex/IPAddress, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36, X-BlueCoat-Via=02e34aac1d4420b1, X-Salesforce-Forwarded-To=ap1.salesforce.com, X-Salesforce-SIP=65.116.212.3}
Header as in Inline VF Page:
{CipherSuite=AES256-SHA TLSv1 256-bits, core.apexpages.framework.ApexViewServlet.getContentReflectError=true, core.apexpages.framework.ApexViewServlet.getContentRequest=1, Host=maseratispaceq.ap1.visual.force.com, User-Agent=Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.89 Safari/537.36, X-Salesforce-PDF=AAAAAUwj_BRwAAAAAAAAAAAAAAAAAAAAAAAAwpYz60xaIbnbiOgFCj3usFFqT128Tl0j8v43lSJCEqURiv38yxmjs5saKfPvaLHg4wBP_AhxJWr6dMq4BJTe4Oo=}