https://typesense.org logo
Join Slack
Powered by
Has someone already seen attacks on his typesense ...
# community-help
j
Has someone already seen attacks on his typesense Javascript? It's unbelievable the number of attacks we got since we are live!
k
Can you please clarify what you mean by an attack?
j
Like 
GET /quadros-decorativos/%3C?php%20echo%20$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js
Looking in the weblogs
k
You mean scrapers/crawlers?
j
Well, could this URL be a from a crawler?
It's from an iPhone actually
k
Yes, I think so. They are probably scraping your site. If it's an ecommerce site, probably for competitive intelligence. The user agent etc. are usually spoofed.
You can just block the originating IP subnet in your firewall.
h
How is 
/quadros-decorativos/%3C?php%20echo%20\$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js
actually working?
k
Yeah I think it is just a coincidence . It is not Typesense specific.
h
Interesting regardless 🙂
@John Doisneau If you don't mind telling, could you tell me what the response was?
j
URL decoding that shows: 
/quadros-decorativos/<?php echo \$this->getSkinUrl(); ?>js/typesense/search.js
So I think someone's just trying to check if PHP code can be executed via the URL by fetching a JS asset... Doesn't look Typesense specific.
👍 1
In my past experience, I've also seen automated security scanners check for vulnerabilities this way
👍 1
j
OK @Jason Bosco interesting!
Do you remember which security scanner?
Although it must not be, because the origin IP changes quite a bit
I am analysing the case more now
j
There are many security scanning tools out there. The ones I've used are intruder.io, detectify, qualys
j
OK
j
That said, these are platforms that companies usually sign up for to find vulernabilities in their own platforms. It is possible for someone to use these tools to scan random websites looking for vulnerabilities to exploit
j
@Harpreet Sangar response is 404
👍 1
@Jason Bosco yes, sure...
I am seeing as well SOOOOOOO many requests from http://ahrefs.com/robot/ - seems like one that's crazy!
j
That's an SEO ranking monitoring tool
j
Would you leave it alone?
j
If you're not using ahrefs yourself, then might as well block it? You could control it via robots.txt though: https://ahrefs.com/robot
Actually, I'm going to take that back. Ahrefs is pretty popular, and is not malicious, and is used by many marketers. So before deciding to block it (if at all) you want to make sure that no one on the marketing side is using it to monitor your own site already.
j
OK Jason, it's just crazy, look at this
This is for the last 5 days only!
j
Ahrefs really likes your site!
Apparently it's the second largest crawler of the web after google. SEMRush is another SEO monitoring tool
Open in Slack
PreviousNext
Powered by