I am trying to access a company website but can only access it unsafely, and was curious if anyone knew what this implies about the website and how to get by this.
Related
I'm trying to connect Printful service to my Wordpress website and I getting 403 error. After some search I found out similar issue rised by Printful devs (https://github.com/woocommerce/woocommerce/issues/10678) and it seems like nginx settings on the host I have my website is too strict. It doesn't allow urls like this as it has url as a parameter: http://example.com/wc-auth/v1/login?test=http://google.com
I've reached out Printful devs and my hosting provider, but both of them don't know how to fix it. I don't want to change hosting provider, so looking for a solution.
Does anyone know what ninx settings are responsible for urls as parameters being blocked?
I have a running website (based on ASP.NET MVC) on some domain, let's say mydomain.com
Yesterday I was looking into site access logs and I noticed very weird logs: inside it, I saw different domain!
Something like anotherdomain.com/somePage
And I saw exception text in my log saying that 404 - anotherdomain.com/somePage can't be found. It looks like somehow my code running on some other domain (Request.URL show different domain).
How it is possible? Does that means that someone somehow got access to my host (I running on Azure) and steal my binaries and deployed on another host? Or maybe my website opened from iframe?
I need to understand in order to determine whether I have a breach.
If I had to guess, I would bet that someone accidentally set their domain's DNS records to point at your server. You can check where the A record for the domain is pointed with nslookup or whoisfrom the command line. If they are in fact mis-configured, you should contact the site administrator to let them know. This kind of mis-configuration, while uncommon, can happen more frequently with cloud services due to the inherently transient nature of the servers and routes used.
It's actually possible to make a GET request to access other domains, via your domain, to check if there's a badly configured proxy. Since you're not, it simply returns a 404 Not Found because you are not actually hosting those pages.
Scans like these happen all the time and is an unfortunate side effect of being connected to the internet, but does not mean that you are under attack or that someone has access to your host.
This is about classic ASP.
I have found something Serious: After a few seconds I visit some pages (ASP, txt, html) in my web site my broadband provider will visit the same pages.
Do you know any ASP code to stop that?
I know I can put some ASP code to block the broadband provider's IP, but I do not know all its IPs.
I will be much appreciated for any suggestions.
Guess what would happen if you block the IP range of you internet provider, your own access to your webpages will be blocked too.
You ISP could be accessing your pages automatically by a robot or something in order to create a cache.
In that case, what you can probably do is to scan the User-Agent of the visitors and only serve pages to those who are accessing your page through an actual browser such as; Chrome or Firefox and such.
But keep in mind that you will be blocking access to legit robots like Search Engine Crawlers such as Googlebot.
Anyway if you have like an admin section which you only want to be accessed by you yourself, I would suggest that you secure it by Sessions, Cookies and/or SSL connection.
Good Luck...
What is the best way to authorize access to sections of the external facing website based on internal(inside company network) or external(web) user.
Is IP Address sniffing the only way(dont really like it. :S). Can we use Active Directory to check for internal users at the same time not affecting web users?.
The website does not need authentication(we dont have a login screen).
(ASP.Net MVC3, .Net 4.0)
I'd suggest you think of it as two separate websites - an internal intranet and an external site. This gives you more flexibility in deployment, and reduces the risk that a problem on one site will affect the other. If you deploy your internal site to a server without an external IP then it will by default be restricted to only those users within your network.
Without using a login, then IP address detection is the easiest, but not foolproof way of achieving what you ask.
You could also deny anonymous access but allow integrated auth to the internal sections. That would mean only folks authenticated to your domain could access the site. anyone else would be denied & you wouldn't need to add any sort of login to the app.
Simon
First let me explain the problem:
I have a little portal that any user from the internet can access.This portal is responsible only for the user authentication against a DB.If user is validated than the portal shows a list of links where they redirect to multiple web sites(this sites are in various coding languages like PHP,ASP.net and Java). If the user input the url off a web site directly on the browser, the user can access the website.I want the multiple sites can only be viewed if the page request came from the portal and not directly inputed n browser.
I have local server with IIS 6, and the portal and websites are in this server.
Can anyone help?
Thanks in advance.
Gabe
If possible , host those applications as Virtual Directories under your authentication application and restrict access to only authenticated users, this shall solve the problem.
I don't know if you are able to do this, but you could try this with an ISA/Forefront server.
You can configure this to do the redirecting for you if someone enters the website url. This way users will need to authenticate themselves and you can let ISA or FF handle the authentication part.
This is implemented a lot for OWA, but can also be used for other purposes (I've done this for several SharePoint solutions).
Of course you do need an extra server, licences and all that stuff.
Don't know how you can pull something like this with only IIS. Perhaps with some IIS Modules, but I haven't got any experience with that kind of stuff, so don't know for sure.