Discussion on Potential Typesense Javascript Attacks
TLDR John expressed concern about potential Typesense Javascript attacks. Kishore Nallan suggested they were likely scrapers, while Harpreet and Jason discussed the mechanics and potential sources of these supposed attacks.
3
Jul 05, 2021 (31 months ago)
John
03:11 PMKishore Nallan
03:12 PMJohn
03:12 PMGET /quadros-decorativos/%3C?php%20echo%20$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js
John
03:12 PMKishore Nallan
03:12 PMJohn
03:13 PMJohn
03:13 PMKishore Nallan
03:13 PMThe user agent etc. are usually spoofed.
Kishore Nallan
03:14 PMHarpreet
04:12 PM/quadros-decorativos/%3C?php%20echo%20\$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js
actually working?Kishore Nallan
04:13 PMHarpreet
04:14 PMHarpreet
04:18 PMJason
04:37 PM/quadros-decorativos/<?php echo \$this->getSkinUrl(); ?>js/typesense/search.js
So I think someone's just trying to check if PHP code can be executed via the URL by fetching a JS asset... Doesn't look Typesense specific.
1
Jason
04:38 PM1
John
07:13 PMJohn
07:14 PMJohn
07:14 PMJohn
07:14 PMJason
07:15 PMJohn
07:15 PMJason
07:16 PMJohn
07:16 PM1
John
07:16 PMJohn
07:38 PMJason
07:40 PMJohn
07:42 PMJason
07:47 PMJason
07:53 PMJohn
08:38 PMJohn
08:38 PMJason
08:43 PMJason
08:44 PMTypesense
Indexed 3005 threads (79% resolved)
Similar Threads
Protecting Typesense Queries from DOS Attacks
Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.
Contributing to project using JS, TS, Go and PHP
Matthew volunteered to contribute to the project using JavaScript, Typescript, Go, and PHP. Jason assigned two tasks, including Laravel integration and nest.js library. hi019 encouraged Matthew to try out the Laravel integration.
Solving Typesense Docsearch Scraper Issues
Sandeep was having issues with Typesense's docsearch scraper and getting fewer results than with Algolia's scraper. Jason helped by sharing the query they use and advised checking the running version of the scraper. The issue was resolved when Sandeep ran the non-base regular docker image.
Typesense Capabilities and Troubleshooting Queries
A had issues with refinement lists and analytics in Typesense. Jason provided a possible solution and recommended the analytics widget. They clarified import size limits and helped identify a filter issue in A's query. Upgrade options are in Typesense's roadmap.
Connection Refused Issue with Typesense and Nginx Reverse Proxy
Karthik experiences a connection refused problem with Typesense and Nginx reverse proxy. Jason helps troubleshoot, but the issue remains unresolved.