waf – Stop User Enumeration requests on AJAX endpoints

I have an ecommerce website with over 5 million customer database. From past couple of days, probably a hacker is hitting an AJAX endpoint continuously. This endpoint takes email address as a parameter and returns whether that email address is registered on our website or not, and we accordingly prompt user to login or signup. My bet is that this hacker is trying to exploit User Enumeration vulnerability.

I have employed various measures to stop this hacker, but he seems to be very smart. I am getting hits from all over the world and hundreds of differents IPs in each country. Which is making it extremely difficult to block him.

To stop him, I have done following:

  1. Applied rate limit using AWS WAF – not more than 100 requests per 5 minute from single IP on this endpoint.
  2. Blocked over 1500 IP address manually going through Access logs
  3. Blocked complete traffic from over 50 countries which doesn’t contribute much in revenue.

Although above steps has curtailed the speed of attack a lot. But that guy is still running this attack and it’s not possible to keep on blocking IP addresses or countries because he keeps on bringing new IP address.

What can be a good way by which I can stop him without hampering our genuine user’s experience? I don’t want to introduce captcha, is there any other way?

sharepoint online – Create a PowerApp’s Approval Requests CDS Browse screen to show a link to the MS Flow Approval items

I want to build a PowerApp which shows the MS Flow requests from this page:-

enter image description here

So first step i did is that i add a new PowerApp from CDS >> Approval Requests, as follow:-

enter image description here
enter image description here

Where i will get this Browse screen automatically:-

enter image description here

Now i need to modify this Built-in browse screen, to show URLs which will take the user to the MS flow Approve/Reject screen.. i found that i can access these data..

enter image description here

But i am not sure if i can use/benefit from this data to build a URL to the MS Flow Approvals items? so the user from the PowerApp Browser screen can click on a link which will open this MS flow screen to provide a response:-

enter image description here

Python requests function – Stack Overflow

I’ve got a strange problem with requests. Currently I am working on web-scraping problem to gather data about malicious webpages from open-source internet tools. I’ve got a file where potentially malicious websites are stored I want to check the reputation of that websites on Virus-total. I am trying to use api calls. Everything works as It was described in Api docs untill I decided to contactenate link to api call, here is example.

 domain_check=f'https://www.virustotal.com/vtapi/v2/domain/report?apikey=71078d7e54f452c2976367b6edb75effc2a1a1390eab8b5a89a346e43168de2e7&domain={lines}'
response_2=requests.get(domain_check)
print(response_2.text)

In this code value of lines changes with every loop to domain that i want to check(values are stored in text file). The strange thing is that if i type it manually it work’s as it should.
I’ve been using requests module for a while and this is the first time when I am facing that kind of probelm have you ever had that issue?

Unused import statement ‘import requests’ PyChram

I decided to work in PyCharm, but I encountered such an error when importing the requests library, how to fix it?
Saw a way with adding:
#noinspection Py Unresolved References, but is it possible somehow without it?

sharepoint online – Change group that receives access requests for subsite with unique permissions

I want to change the group that receives access requests for my sharepoint.com subsite which has unique permissions, see screenshot

Access Requests Settings

I’ve already read a related question “How to change subsite group access request?” but the answers all begin with breaking inheritance to create unique permissions, and that process sets the group for access control. But my subsite already has unique permissions. Discussion in that answer also talks about re-inheriting then breaking back to unique, but that would be very disruptive for my subsite.

What other options do I have to change the group that receives access requests for my subsite which already has unique permissions?

java – prototype bean vs singleton is better when request consumers are high and incoming requests are growing to peak

There is an External source posts the request –> Kafka –> Kafka Consumer calls MyComputation’s business logic. Assume that these are deployed in cloud (aws or azure whatever cloud we can), we have Kafka Cluster with 4 nodes, and Kafka consumer service with 4 nodes. All 8 Linux VM’s with 2 Core, 2GB RAM (just for reference this is not much important in my question)

Option-1:

  1. There is a unit of some complex business logic (CPU & Memory intensive, but not IO intensive) in spring bean called MyComputation.java (with spring bean scope prototype) to safeguard from concurrency issues, or to have it thread-safe.
  2. We have Kafka consumer to receive the requests from external service
  3. Kafka consumer has a logic that calls org.springframework.context.ApplicationContext getBean() at runtime to get the prototype bean of MyComputation.java and executes the complex business logic inside it.

Option-2:

  1. There is a unit of some complex business logic (CPU & Memory intensive, but not IO intensive) in spring bean called MyComputation.java (with spring bean scope singleton) and make our logic with some thread safety handling mechanism.
  2. We have Kafka consumer to receive the requests from external service
  3. Kafka consumer has a logic that will have autowired MyComputation.java class (with singleton by default) and call the business logic and avoid creating the entire bean object per request.

Now, my doubt is which one is the better Option-1 or 2? when the rate of computation execution time is lower than the rate of the incoming requests. And I have been asked to opt one option out of 2 mentioned above beyond anything we might want to increase hardware we can add. But the intent of the question is to choose the better option mentioned above.

Please suggest to me which option is better Option #1 or #2??

windows – DNS Server is not responding to any requests

I am trying to set up a small network using virtual machines for my Microsoft Server 2016 class. I need to use the internet to download some applications and put them into a share folder for the other devices on my network. However, whenvever I try to look something up I get the message “DNS Server is not responding”. I’ve been bashing my head against this for a few hours now and I’m just kindve lost.

api – Can I create a mock TCP server, similar to Wiremock for http requests

Background information: I have a register(using windows) that’s used by fast food restaurants, and after I create an order, the register will send a request to the payment device(where users can tap their creditcard and pay for the food). When the register and payment device communicate through http, I have set up a mock server using WireMock to mock the payment device.

Problem: The issue is that not all payment devices use http. Some payment devices use TCP connection. Is there a tool out there that lets me create a mock TCP end point server? Or is there a way for me to create this mock TCP server so my register can talk to it?

Many thanks in advance!

NGINX frontend HTTPS server rejects requests to local backend http express server

I have an application that’s split into two servers: one is a React application running on port 8080 and the other is an Express server running on 3001. The machine running this application has to run a few other applications as well, so I set up an https reverse proxy using Nginx:

** I disabled some of the proxy options for testing, but please let me know if they should be enabled.

server {
server_name example.com ;
location / {
 proxy_pass http://example.com:8080;
#  proxy_set_header Host $host;
#  proxy_set_header X-SSL-CERT $ssl_client_escaped_cert;
#  proxy_set_header X-Real-IP $remote_addr;
#  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#  proxy_set_header X-Forwarded-Proto https;
}
listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

This works as intended; I can reach the site and it is secured, however requests made to my backend server, which is running on http://localhost:3001, is blocked because it’s attempting to load mixed active content. So I adjusted to client to make requests to https://localhost:3001, and then generated a self-signed certificate for the Express server and set it up to use https, and this is where I hit a wall. Because this certificate is self-signed, it won’t be trusted unless explicitly done so by someone, which is unreasonable for the user audience. From searching around it seems that you can’t use certbot for localhost(understandable) so I’m not quite sure where to go from here. My assumption about the proxy_pass field was that requests to the backend would come from http, but from error messages in the browser this doesn’t seem to be the case. Is it really necessary that two servers running on the same machine need to use https to communicate?

This question: Proxy HTTPS requests to a HTTP backend with NGINX
almost matches what I’m attempting to do, except that I’m only using Nginx to serve the client; requests to the backend are handled through a combination of Apollo Client/Server, so Nginx is ignorant of these requests. Is there anything obvious I’m missing here, or some other configuration options to try?

What is your process for dealing with chargeback requests

Hey everyone,

Just got a chargeback request and wanted to know your process for dealing with them? Do you terminate their plan straight a… | Read the rest of https://www.webhostingtalk.com/showthread.php?t=1827094&goto=newpost