#community-help

Discussion on Potential Typesense Javascript Attacks

TLDR John expressed concern about potential Typesense Javascript attacks. Kishore Nallan suggested they were likely scrapers, while Harpreet and Jason discussed the mechanics and potential sources of these supposed attacks.

31mo

Join the chat

Jul 05, 2021 (31 months ago)

Photo of md5-7a0ab48aa8979a59e1d8c3919797c1f8

John

03:11 PM

Has someone already seen attacks on his typesense Javascript? It's unbelievable the number of attacks we got since we are live!

Photo of md5-4e872368b2b2668460205b409e95c2ea

Kishore Nallan

03:12 PM

Can you please clarify what you mean by an attack?

John

03:12 PM

Like GET /quadros-decorativos/%3C?php%20echo%20$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js

03:12

John

03:12 PM

Looking in the weblogs

Kishore Nallan

03:12 PM

You mean scrapers/crawlers?

John

03:13 PM

Well, could this URL be a from a crawler?

03:13

John

03:13 PM

It's from an iPhone actually

Kishore Nallan

03:13 PM

Yes, I think so. They are probably scraping your site. If it's an ecommerce site, probably for competitive intelligence.

The user agent etc. are usually spoofed.

03:14

Kishore Nallan

03:14 PM

You can just block the originating IP subnet in your firewall.

Photo of md5-745d880d794220d9f0fb9ade17c6b861

Harpreet

04:12 PM

How is /quadros-decorativos/%3C?php%20echo%20\$this-%3EgetSkinUrl();%20?%3Ejs/typesense/search.js actually working?

Kishore Nallan

04:13 PM

Yeah I think it is just a coincidence . It is not Typesense specific.

Harpreet

04:14 PM

Interesting regardless 🙂

04:18

Harpreet

04:18 PM

John If you don't mind telling, could you tell me what the response was?

Photo of md5-8813087cccc512313602b6d9f9ece19f

Jason

04:37 PM

URL decoding that shows:

/quadros-decorativos/<?php echo \$this->getSkinUrl(); ?>js/typesense/search.js

So I think someone's just trying to check if PHP code can be executed via the URL by fetching a JS asset... Doesn't look Typesense specific.

04:38

Jason

04:38 PM

In my past experience, I've also seen automated security scanners check for vulnerabilities this way

John

07:13 PM

OK Jason interesting!

07:14

John

07:14 PM

Do you remember which security scanner?

07:14

John

07:14 PM

Although it must not be, because the origin IP changes quite a bit

07:14

John

07:14 PM

I am analysing the case more now

Jason

07:15 PM

There are many security scanning tools out there. The ones I've used are intruder.io, detectify, qualys

John

07:15 PM

Jason

07:16 PM

That said, these are platforms that companies usually sign up for to find vulernabilities in their own platforms. It is possible for someone to use these tools to scan random websites looking for vulnerabilities to exploit

John

07:16 PM

Harpreet response is 404

07:16

John

07:16 PM

Jason yes, sure...

07:38

John

07:38 PM

I am seeing as well SOOOOOOO many requests from http://ahrefs.com/robot/ - seems like one that's crazy!

Jason

07:40 PM

That's an SEO ranking monitoring tool

John

07:42 PM

Would you leave it alone?

Jason

07:47 PM

~~If you're not using ahrefs yourself, then might as well block it?~~ You could control it via robots.txt though: https://ahrefs.com/robot

07:53

Jason

07:53 PM

Actually, I'm going to take that back. Ahrefs is pretty popular, and is not malicious, and is used by many marketers. So before deciding to block it (if at all) you want to make sure that no one on the marketing side is using it to monitor your own site already.

John

08:38 PM

OK Jason, it's just crazy, look at this

08:38

John

08:38 PM

This is for the last 5 days only!

Jason

08:43 PM

Ahrefs really likes your site!

08:44

Jason

08:44 PM

Apparently it's the second largest crawler of the web after google. SEMRush is another SEO monitoring tool

Typesense

Lightning-fast, open source search engine for everyone | Knowledge Base powered by Struct.AI

Indexed 3005 threads (79% resolved)

Join Our Community

Similar Threads

Protecting Typesense Queries from DOS Attacks

Juri sought advice on securing typesense queries. Jason suggested use of Cloudflare for DOS attack protection and explained how to create user-specific API keys for data authorization. Ricardo endorsed Cloudflare for protection.

33mo

Contributing to project using JS, TS, Go and PHP

Matthew volunteered to contribute to the project using JavaScript, Typescript, Go, and PHP. Jason assigned two tasks, including Laravel integration and nest.js library. hi019 encouraged Matthew to try out the Laravel integration.

29mo

Solving Typesense Docsearch Scraper Issues

Sandeep was having issues with Typesense's docsearch scraper and getting fewer results than with Algolia's scraper. Jason helped by sharing the query they use and advised checking the running version of the scraper. The issue was resolved when Sandeep ran the non-base regular docker image.

24mo

Typesense Capabilities and Troubleshooting Queries

A had issues with refinement lists and analytics in Typesense. Jason provided a possible solution and recommended the analytics widget. They clarified import size limits and helped identify a filter issue in A's query. Upgrade options are in Typesense's roadmap.

34mo

Connection Refused Issue with Typesense and Nginx Reverse Proxy

Karthik experiences a connection refused problem with Typesense and Nginx reverse proxy. Jason helps troubleshoot, but the issue remains unresolved.

9mo