I have a website, today looking at the log, I found some request to a page from my server with appended this variable &sa=U&ei.
Could you tell me guys what &sa=U&e could mean? Could be an attempt to find Nullable Scrips? Could be a security threat?
&sa=U&ei=XuRBT92UFseYhQf_w7HeBQ&ved=0CNYBEBYwYw&sig2=Rt1Cr_FCPD1-6VYu__Oavg&usg=AFQjCNFlHVaDQL--kgDbOn2vNgUqwUOsTA
The error in my log is:
A potentially dangerous Request.Path value was detected from the client (&)
http://www.bleepingcomputer.com/forums/topic442637.html
But nevermind. I found the offending culprit. Seems that for some
reason my "GoogleEnhancer" became "incompatible" with Firefox. It
worked fine even before I updated to 10, but go figure. And it wasn't
the whole add-on, it was the "Use Google Classic" radio button turned
on. I got this add-on after Google started making their search engine
so... oh, what's the word I'm looking for... umm... oh, yeah...
crappy!
http://www.ausforces.com/showthread.php?6595-Google-is-acting-odd...
I figured out what it is... I have an add-on called google enhancer
which obviously hasn't been updated properly of late. Disabled it and
it worked fine. Well that was a waste of a thread. Thanks for the help
though guys.
So, the unnecessary part of the request is created by an outdated add-on for Firefox, nothing serious. The visitors with that add-on have more problems than your website :)
Practically, it could just be simple url request.
And the random texts you are seeing could be an autogenerated random string to maintain sessions. As there seems nothing wrong with the URL, and those sa and ei simply means, that these get variables are assigned some values, which would then be used in your application, for may be session management or other purpose.
From the face of it, it doesn't appears to be any hackable stuff.
Related
Bots are amazing, unless you're Google Analytics
After many months of learning to host my own Discord bot, I finally figured it out! I now have a node server running on my localhost that sends and receives data from my Discord server; it works great. I can do all kinds of the things I want to with my Discord bot.
Given that I work with analytics everyday, one project I want to figure out is how to send data to Google Analytics (specifically GA4) from this node server.
NOTE: I have had success in sending data to my Universal Analytics property. However, as awesome as that was to finally see pageviews coming into, it was equally heartbreaking to recall that Google will be getting rid of Universal Analytics in July of this year.
I have tried the following options:
GET/POST requests to the collect endpoint
This option presented itself as impossible from the get-go. In order to send a request to the collection endpoint, a client_id must be sent along with the request itself. And this client_id is something that must be generated using Google's client id algorithm. So, I can't just make one up.
If you consider this option possible, please let me know why.
Install googleapis npm package
At first, I thought I could just install the googleapis package and be ready to go, but that idea fell on its face immediately too. With this package, I can't send data to GA, I can only read with it.
Find and install a GTM npm package
There are GTM npm packages out there, but I quickly found out that they all require there to be a window object, which is something my node server would not have because it isn't a browser.
How I did this for Universal Analytics
My biggest goal is to do this without using Python, Java, C++ or any other low level languages. Because, that route would require me to learn new languages. Surely it's possible with NodeJS alone... no?
I eventually stumbled upon the idea of actually hosting a webpage as some sort of pseudo-proxy that would send data from the page to GA when accessed by something like a page scraper. It was simple. I created an HTML file that has Google Tag Manager installed on it, and all I had to do was use the puppeteer npm package.
It isn't perfect, but it works and I can use Google Tag Manager to handle and manipulate input, which is wonderful.
Unfortunately, this same method will not work for GA4 because GA4 automatically excludes all identified bot traffic automatically, and there is no way to turn that setting off. It is a very useful feature for GA4, giving it quite a bit more integrity than UA, and I'm not trying to get around that fact, but it is now the Bane of my entire goal.
https://support.google.com/analytics/answer/9888366?hl=en
Where to go from here?
I'm nearly at the end of my wits on figuring this one out. So, either an npm package exists out there that I haven't found yet, or this is a futile project.
Does anyone have any experience in sending data from NodeJS to GA4? (or even GTM?) How did you do it?
...and this client_id is something that must be generated using Google's client id algorithm. So, I can't just make one up...
Why, of course you can. GA4 generates it pretty much the same as UA does. You don't need anything from google to do it.
Besides, instead of mimicking just requests to the collect endpoint, you may just wanna go the MP route right away: https://developers.google.com/analytics/devguides/collection/protocol/ga4 The links #dockeryZ gave, work perfectly fine. Maybe try opening them in incognito, or in a different browser? Maybe you have a plugin blocking analytics urls.
Moreover, you don't really need to reinvent the bicycle. Node already has a few packages to send events to GA4, here's one looking good: https://www.npmjs.com/package/ga4-mp?activeTab=readme
Or you can just use gtag directly to send events. I see a lot of people doing it even on the front-end: https://www.npmjs.com/package/ga-gtag Gtag has a whole api not described in there. Here's more on gtag: https://developers.google.com/tag-platform/gtagjs/reference Note how the library allows you to set the client id there.
The only caveat there is that you'll have to track client ids and session ids manually. Shouldn't be too bad though. Oh, and you will have to redefine the concept of a pageview, I guess. Well, the obvious one is whenever people post in the chan that is different from the previous post in a session. Still, this will have to be defined in the code.
Don't worry about google's bot traffic detection. It's really primitive. Just make sure your useragent doesn't scream "bot" in it. Make something better up.
I have tried everything. I configured Windows Server 2019 according to Microsoft documentation and I successfully deployed a .NET 5 web application to the IIS.
I can get to the login page. I can even get to the forgot password page and they show themselves fine. However when I try to do any action (send the forgot password link or login to the page) I get a "Bad Request" from the server. I haven't found a way to explain why.
I have tried several, and I mean several things found Googling around but nothing helps. This include disabling https within the .NET Core application, trying to get a detailed error page using the app.UseDeveloperExceptionPage(); instruction inside Startup, etc etc but nothing works. I always receive this page trying to execute any action:
If someone could help or point me into the right direction, I will really, REALLY appreciate it.
Thank you
PD: In case it has anything to do with the problem, the error, at least the two that I can reproduce (because I can't even log in), happens, I think (maybe don't) when redirecting to another page in Microsoft Identity.
EDIT: code was asked by one of you. Thank you.
As you see, there's nothing specific in the forgot password screen for my application. This is scaffold code from Microsoft Identity. I even edited it and just let one line of code inside it, which is the default return code anyway as follow:
public async Task<IActionResult> OnPostAsync()
{
return RedirectToPage("./ForgotPasswordConfirmation");
}
As you can see, there's nothing special with that code. Here's the html that calls it, again, is a scaffold of Microsoft Identity with little to no changes (by little, I mean, maybe some CSS and a new value of view data):
But then again, forgot password page actually shows and seems well in the front end, but immediately I try to enter my email and click enter in this page, (also, just a scaffold of Microsoft Identity):
Nothing happens. I receive the bad request. There's NO magic nor custom code here. Something silly is going on.
EDIT II: YES, locally it works perfectly. The strange behavior happens only when deployed to IIS.
EDIT III: I coded and enabled logging in my .NET Core APP and wrote that to a file, and I think I finally got, at least the error (not the reason yet):
But why?? Cookies are enabled in the server browser without avail, same issue. Someone has a better idea than disabling anti forgery rules to login and forgot password pages?
Thank you
For some reason, when I deployed the first version of my app into IIS, I thought it was a good idea to just browse it from the IIS link. Of course, in a new mounted Windows Server 2019, IE is still the default browser. I connected directly to the IP of my web app via VPN, but used Chrome this time. Guess what? All problems disappeared. Yes, it's a bad idea to try to use a modern framework like .NET Core Identity with IE.
I use "CORS Anywhere":
https://github.com/Rob--W/cors-anywhere
Everything worked just fine until a few days ago.
Now, every request I make returns the same error:
Missing required request header. Must specify one of: origin,x-requested-with
for example:
https://cors-anywhere.herokuapp.com/https://www.instagram.com/adidas/
You can try for yourself, every request returns the same error.
I uploaded the code to my server and i still have the same problem.
I think CORS anywhere's owner got finally fed up with people abusing his service, kindly and freely provided for development purposes only:
Please see the related issue: https://github.com/Rob--W/cors-anywhere/issues/301
The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse (rate limits in #45 and #164, and blocking other forms of requests). Downtime becomes increasingly frequent (e.g. recently #300, #299, #295, #294, #287) due to abuse and its popularity.
EDIT: Turns out that I'm a few years too late, oh well, better late than never :D
Been going round and round on this one. Not a new issue but struggling to identify exactly why LinkedIn doesn't like my images and everyone else does. Facebook and twitter show ok with it
At first thought might be meta issue or cache issue (am familiar with the clear method) or image requirements stated by LinkedIn but ruled all that out. The ssl is a free one but soon to be using a wildcard as facebook didn't like it to see if that has any effect.
The image server uses node js express to deliver static files.
If I just share the image, that shows an error of: "Cannot display preview. You can post as is, or try another link." which points to the server and image to me instead of the website.
The site and images are on different servers with different setups.
Main url is https://rocketthomerentals.com/property/5-bed-house-to-rent-in-newcastle-under-lyme/102750000371
with the image of
http://media.estateapps.co.uk/487/102750000371_IMG_371_1_large.jpg
Anything else I can try? Should be getting the new wildcard SSL sorted early next week but posting here to see if there is anything else I am missing I can try to see if that has any effect.
Thanks
For anyone who's gone around in circles about this issue, was resolved by defining the content type as image, it was missing from the server config.
I have searched all over the internet for an answer and although I can find a million people with the same question I cannot find an official solution to the problem im experiencing.
I always get "Cannot display preview. You can post as is, or try another link." displayed.
I've stripped a page down to only the required open graph meta tags so I know they work (run through multiple OG validators), Ive disabled any kind of robots blocking, any kind of redirects, disabled the firewall on a test server, made sure the LinkedIn bot requests are hitting the server. All I see in the browser console all the time is a status 500 being returned from LinkedIn's preview generator API.
We are hosting on Windows Server in IIS 8.5, it seems if I create a demo and host it somewhere else it works, which makes me think it is server related or IIS settings.
Reading this Linkedin post's picture doesn't appear in summary its seems like a similar issue. We are not serving over SSL so nothing to do with that.
I have already asked this question on LinkedIn's forum but having no luck, so im hoping someone on here can help or someone from LinkedIn's tech team can help.
Thanks
So we had this issue as well and it turns out parts of our system that use user generated themes were not adding the "Content-Type" header to the response.
So examine the response headers coming from your server and make absolutely sure they are correct and that they include the correct "Content-Type" (with correct encoding) and "Content-Length".