Query String being changed - security

Our customers post links to our site on various social media sites. The query string looks like this:
?jid=6559&hjid=754BCDF775239471EB69054403DD9AB6
However a small number of requests have an invalid query string when posted back to us. Here are some examples:
?jid=655975&hjid=75477OPQS77523947131RO6905440336QQ9NO6
?jid=655945&hjid=75441OPQS77523947125RO6905440344QQ9NO6
You can see that all the numbers are left untouched and the letters in the query string values are changed. The invalid values also seem to all follow the same pattern where A-Z values are changed and numbers are left intact.
All of these requests come from the same IP address ranges:
209.133.77.163-168
89.145.102.202-207
It looks to be some sort of URL fuzzing service. Has anyone seen behavior like this before? If not any ideas on the pattern of the changes?

Related

Is there any way to display exact address from google map place api?

I got vicinity(address) from google map api in flutter but this vicinity contains extra keywords including number,operator etc(like QCPM+777, XYZ). All, i want to display only exact address (XYZ) without any numbers or operators. How can i do that?
I try to replace extra keywords with empty string "" using replaceAll method but it can't work properly.

can Google Places API do a fuzzy search

Can I set Google Places API to do a fuzzy search? It seems Google map search (which use JavaScript) does that automatically, but it appears the REST API does not. I am frustrated by having to type in the accurate hotel name....any spelling errors bring up no result.
Try Text Search requests,
The Google Places API Text Search Service is a web service that returns information about a set of places based on a string — for example "pizza in New York" or "shoe stores near Ottawa" or "123 Main Street". The service responds with a list of places matching the text string and any location bias that has been set.
The service is especially useful for making ambiguous address queries in an automated system, and non-address components of the string may match businesses as well as addresses. Examples of ambiguous address queries are incomplete addresses, poorly formatted addresses, or a request that includes non-address components such as business names.

What is Lucene query to search for a wild character string

In Kibana I am trying to pull the my application log messages that had masked fields.
Example log message:
***statusMessage=, displayMessage=, securityInfoOutput=securityPin=pin=****, pinHint=*************
I want to search and pull the messages that have masked data - more than two consecutive *'s in the message.
Trying with search term message:"pin=\*\*\*\*"
but it didn't work
You seem to be thinking of search in the same way you'd type CTRL+F and search in a file. Search engines don't work that way. Search works based on exact matches of tokens. Tokens typically correspond to words extracted from text.
You can control how text is transformed into tokens using a process known as analysis. Analysis runs text through tokenization and various filters that decide how text is broken up into tokens and other pieces of metadata associated with each token.
This blog post I wrote might help put some of this into context.

.htaccess and url rewrite

I know that url_rewrite using .htaccess requires an identifier in the pretty url by which we identify the page/link to load. But, here are a few examples where i can't make out the identifier.
Any ideas how do they do it?
http://techcrunch.com/2014/03/15/julie-ann-horvath-describes-sexism-and-intimidation-behind-her-github-exit/
http://techcrunch.com/2014/03/15/why-we-hate-google-glass-and-all-new-tech/
In both the examples above, the portion http://techcrunch.com/2014/03/15/ is constant. Any ideas on how to do this would be welcome.
There's a lookup based on the "category" and "page name". It uses both "2014/03/15", or the date, as well as the name of the post, "julie-ann-horvath-describes-sexism-and-intimidation-behind-her-github-exit" to fetch the dynamic content. This makes it so you wouldn't really need an ID unless you happen to have 2 posts with the exact same title on the same date. The fetch from the database is a little more complicated with this method, since the title in the URL isn't always going to be the title in the database because the title text needs to be cleaned of special characters and spaces so that it reads nicely within a URL. For example:
/whats-with-all-of-these-titles-in-urls/
Could have a page title: "What's with all of these titles in URLs"
So you can see the ' is removed, the spaces are changed to -'s and everything is made lowercase. CMS's handle this by creating what's called a "slug". The "whats-with-all-of-these-titles-in-urls" title is the "slug" while the real title is "What's with all of these titles in URLs". The slug is stored alongside the title in the database, and is ensured to be unique, at least within each category. This way, the slug is sort of like a numerical ID and is used, along with the category (but not necessarily), to fetch the page content from the database.

Designing a one EVERYTHING search box (date+address+keywords)

I'm storing information about local "events". They are described by 3 things - address, date, keywords(tags). I want to have only one search box for at least address and keywords. The date might go to a separate field. I'm assuming that most people will search for events that are taking place "today" so this filter won't get that much traffic.
I need those addresses to be correct (because I'm geocoding them afterwards) so I need to validate them before submitting the form and display a list of "did you mean" if a user made a typo there. I can't do life search here. I can do a live search on keywords. Keep in mind that a user can make a typo there too and I want to catch that.
Is there a clever way to design the input's parser in this case to guess which is supposed to be address and which keywords?
OR
Is there a way to actually parse it as user is entering his query? Maybe I should show autocomplete hints for keywords, after 3 first characters are entered, and if user denies to use them then to assume that it's a part of an address he's typing.
What do You think?
Take a look at Document Cloud's Visual search
http://documentcloud.github.com/visualsearch/#demo

Resources