I have been publishing my site to Azure and I've been restricting IP addresses so only people on my list can access the url ex. mysite.azuretestsite.com. But now I want to show people but I don't want to have to ask everyone for their IP address just to give them permission to view it.
The one thing I'm worried about is bots/web scrappers like Google who will pick up my site and then it might end up in their search results or for other purposes, which I don't want to happen before I go live.
Should I be worried about having the site live even though I have't registered the domain name yet? What are the pros and cons here and does it really matter if nobody know the site url? I'm more worried about bots/etc
Normally, crawlers won't know your site mysite.azurewebsites.net exists, unless you have outbound link, and the landing website happens to turn on analytics.
For that case, there is nothing you can do about it. Otherwise, you have to ask user to sign-up before viewing your site.
Related
We have an app that let our users use their own domain to access our platform.
For example, if our website domain is "abc.com", we allow our user to use their own domain (for example "external.net") by setting this domain to point to our server.
To achieve it, we need to set their domain each time in our "Google Console"(/Microsoft) so that the authentication (we do have a login of course) will work with their domain as well...
The thing is that we think maybe we could accomplish such a result by just forcing all our users to use our main domain (abc.com) and just after they log in, we will redirect them to their domain.
It will save us the time to add each time their domain to "Google Console"(/Microsoft).
The question is if it's something that we really can do, or google will disallow such auth if which user comes from A domain, and will use B domain with the token he got from A domain.
*If such a thing is not allowed, is it allowed by using my subdomains? like user1.abc.com / user2.abc.com etc... without having to fill those subdomains in the provider console (Google/Microsoft).
I hope the question is clear enough,
Thanks!
A note about verification of your applicaiton.
In order to have this application verified you are going to to Verify your site ownership for every domain listed as a redirect Uri or a JavaScript origin.
So the only way that is going to work is if you can prove you own those domains. By registering them in google search console.
So I have a website that send phishing emails for employers and I get the results for this campaign (for example how many employees click on the link, etc)
While testing my website on my personal emails the website became dangerous.
What should I do ?
Disclaimer - I run a phishing simulation service called CanIPhish and I came across this exact same issue when building my phishing websites.
What's happening here, is google is discovering and analysing your website through both it's normal indexing capability but also by scanning emails and detonating links.
When Google or it's threat intelligence partners discover your website it's analysing the content and accordingly flagging it as malicious.
To get around this issue, you need to hide the website behind a load-balancer or CDN which can perform conditional routing based on querystring parameters. Within the querystring you need to create a single-use GUID tied to the campaign and target. When the target detonates the link, they're forwarded to the phishing website and the GUID becomes inoperable. This way, when google or a threat intelligence partner index the site or detonate links in an email, they see something completely different to what your actual targets see.
I'm operating my myriad of phishing websites by hosting them on Amazon S3, I'm using Cloudfront as the CDN, Lambda#Edge on Cloudfront to inspect QueryString parameters and a mixture of DynamoDB with S3 for storing target user details and details on whether a GUID has already been detonated.
To see an example of this - try browsing here and all you'll see is a "Oops you clicked a phishing link" instead of the actual page which is a Google phishing site.
I have an asp.net mvc 5 site currently hosted on windows azure.
Occasionally (normally after I have rolled out or deployed to azure) the authentication seems to bug out.
I try to log in with my google account and I get weird redirect loops where I hit login, and it takes me straight back to the login page. This is normally fixed by restarting the site on windows azure again.
Every now and again though, it will redirect back from google and ask me to enter my username to complete the registration process. It does this on my google account that has already been registered. It is registering the same google account twice or sometimes even three times.
Its happened to myself and my users and I only hear about it when someone contacts me and tells me they've lost all their stuff linked to their profile on my site.
Has anyone experienced anything like this? I'm using the bog standard login / auth controller with an mvc5 project.
EDIT ::
my url is www.dev-score.com, but it also responds to just simply dev-score.com
could it be the fact that some people register on www.dev-score.com and then try to log in with simply dev-score.com or something like that?
sorry everyone, i feel kind of stupid now.
the reason this is happening is because of the different domains, not different url's.
by default azure also has a ".azurewebsites.net" domain that a few of my users were using while my .com domain was propagating.
when i switched to my .com domain, and disabled my .azurewebsites.net domain they all had to re-register, as google (rightfully) thinks that this is a new website.
these are the people that were experiencing that bug and i had to manually move their stuff over to their new accounts. every now and again a user from that period comes back to the site and logs in and has to go through this process again, so it seemed like an intermittent bug but its not, its only a bug to those few users that registered during that small window and haven't been back to the site since.
I have registered a domain (though there is no hosting yet, just name registration) and I am trying to set up google apps so that I can have email, but I cannot figure it out. Is there something I am missing? I feel like it should be easier than it is right now.
You need to correctly set the MX records at your registrar.
Have you proved domain ownership including a CNAME record in your DNS server? Just follow the instructions.
If you don't have access to your DNS server for adding records, and don't have a webserver where you can put a verification file I think you wont be able do setup e-mail.
If you already have the domain, you just need to follow the registration process, you will be taken through all the steps. If you got to the Admin Console you should have a message bar Top of the page with Verify Domain.
the best way to do it is to try the new Learning Center, http://learn.googleapps.com/.
I've got a problem where I have a .co.uk domain of which I am the registrant but my web developers control the domain via easyspace.com. I'm not using the web developers anymore and it ended on bad terms so I would like to change my domain to another registrar without getting them involved. Does anyone know how I can do this?
Thanks
In order to do anything with your domain, you need to be a registered user for it. for every domain, there 4 types of registered user:
Registrant/Owner
Administrative Contact
Billing Contact
and Technical Contact
If you do a whois look-up of your domain name you can see if you are one of those registered users.
If you are, you should be able to contact the Registrar of record (i.e. GoDaddy, Network Solutions, GKG, etc.) and gain an account control login if you do not already have a login for them.
Once you have an account, you can change the Name Servers thereby pointing your site to a different server than it is currently, or initiate a transfer to a new registrar (which costs money - typically the price of a 1 year registration)
Tell them to give you control of it. You're not asking them to do something for you, you're just demanding them to hand over what's yours (assuming the domain is yours).
If you own the domain name, you should be able to change the information with the registrar to point it at another hosting service or your own.
Change your domain host to point to a new name server that you control.
You may lose your web site code but can always start a fresh.