DEV Community: RiversideRocks

How on earth does this work?

RiversideRocks — Sat, 28 Aug 2021 15:28:32 +0000

I was browsing the internet the other day and came across a site known as spur.us. The site claims to "Stops fraud and abuse on the internet" by collecting and indexing IP usage, VPN IPs, and proxy IPs.

Its a very interesting site, you can get info on any IP by visiting spur.us/context/youriphere. My question is, how does it work? How does a site collect data on every IP address out there? How do they know that X amount of people are on my IP address? How do they know that I have connected to the Tor network or used ProtonVPN?

Dev.to seems to be down now

RiversideRocks — Tue, 26 Jan 2021 16:53:52 +0000

I'm having some issues with dev.to right now, is it working for everyone else?

Don't fall for the "freeproxy" scam

RiversideRocks — Wed, 09 Dec 2020 14:01:17 +0000

Recently I was taking a look at my access logs for my website. Nothing too unusual, just the regular hacking attempts. I was reading them then I noticed this request.

185.220.100.243 - - [09/Dec/2020:07:17:37 -0500] "GET / HTTP/1.1" 200 2212 "https://freevpn.space/web-proxy/riverside.rocks" "Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0"

First of all, a few things to note about this request, the first being that it is almost definitely a bot. Firefox 68 is old and nobody uses it anymore. Second, after a lookup of the IP on AbuseIPDB, it is from the Tor network:

My first thought was, oh crap, my website is on some proxy list, this is bad. But after some more digging, it looks like this is a scam. I decided to follow the link in the referrer with cURL to get an idea of where it went.

It forwards the user to very shady looking website with what looks like an affiliate tag in the HTTP referrer.

This website then forwards you to ExpressVPN.com with the affiliate code. My best guess is that these scammers are exploiting ExpressVPN's affiliate program to make some easy cash by scarring webmasters. Stay safe folks!

The Fixed Line Mystery...

RiversideRocks — Fri, 06 Nov 2020 23:20:01 +0000

A few days ago I deiced to open up my SSH to the internet. Possibly not the greatest idea, but I have a service set up to block brute force attempts and report unauthorized connections to AbuseIPDB. After a few days I started noticing some odd patterns.

Over the last few days, I have gotten a ton of break in attempts from "Fixed Line" ISPs (IPs being used by people's homes and possibly businesses). A good deal of these requests appear to be coming from smaller ISPs (to this date no requests have come from one of the biggest ISPs in the United States, Comcast), mostly from CenturyLink Communications LLC.

At first I thought that most of these attacks were from exploited hosts - IPs that have been hacked. A bot (possibly a person) brute forced a login page that was on the internet, and uploaded malware that lets the IP scan for more login pages, and the cycle continues creating a botnet. While some of the requests were likely just this, I noticed something odd. Most of the IPs had only 1 or 2 reports (one of them being mine). I was a bit confused at why I was one of the only reports, but then I came up with an interesting idea.

The Theory

Likely the malware inserted on to these IPs wasn't scanning the entire internet, instead it was scanning only residential CIDR blocks. My server's IP, which is a Comcast IP likely fell under one of the CIDR blocks. Most people choose to use web hosts instead of self hosting which would explain the few reports.

The Lesson

If it doesn't need to be on the internet, don't put it on the internet. If you are unsure if you have any router logins online, please do an Nmap scan of your IP.

For example:
nmap -sS 0.0.0.0

Stay safe!

AbuseIPDB - Riverside Rocks

My Website

How to Make Your Open Source Project Top Tier

RiversideRocks — Thu, 15 Oct 2020 15:18:40 +0000

As I begin work on my own open-source project and create pull requests for Hacktoberfest, I wanted to share what I think makes a great open-source repo.

I boiled down what I want to see in an open source project down into three points. Here they are:

1 - Keep it to GitHub

Please don't make me go to your bug reporting site that was last updated in 1995. Staying on GitHub makes my life much easier and allows me to see all of my contributions in one spot, which makes it easier to create a resume.

2 - Listen

Don't slap the Hacktoberfest tag on your report and then run for the hills. Review pull requests and issues. If you can't help out a user right away, tell them that you are working on it.

3 - Give Feedback

If an issue gets denied, tell me why it was denied and how I can improve in the future. That helps everyone out!

PHP Functions every beginner should know.

RiversideRocks — Sat, 08 Aug 2020 19:02:16 +0000

PHP is one of the most popular languages for building websites. In fact, you probably used it today if you visited a Wordpress site or Facebook.

Here are a few useful built in PHP functions every developer should use more often.

1 - htmlspecialchars

The htmlspecialchars function is better than than using only using echo for one main reason: it prevents XSS. For example:

<?php

echo htmlspecialchars("<script>console.log('XSS!');<script>");

Output:

&lt;script&gt;console.log('XSS!');&lt;script&gt;gt;

2 - exec

This function allows you to run code on the command prompt or terminal, depending what OS you use to host/test. While this function is a bit more advanced, it is very useful. Example:

<?php

exec("mkdir files");

Upon running this code, a folder will be created called files. This is a very powerful command, and user input NEVER be allowed in this function.

3 - header

HTTP headers are very useful online, they tell your browser what to do when a website is loaded. You can use PHP to set headers in seconds. This code will set the 302 Found header, creating a redirect to riverside.rocks:

<?php
header("Location: https://riverside.rocks");
die();

Upon viewing this with cURL, we can see it worked.

Note: The die() function is used to end the code, it is not necessary, but good to use to ensure no more code is executed after the redirect.

This is an example of a 404:

<?php
header("HTTP/1.1 404 Not Found");

4 - file_get_contents

This function retrieves the HTML contents of a website. If you ever work with APIs in PHP, you will have to use this function quite a bit. This example gets and echos the HTML contents of riverside.rocks:

<?php
echo file_get_contents("https://riverside.rocks");

I hope you enjoyed reading and keep coding!

~ Riverside Rocks

Scripting To Save Lives: A COVID-19 Charity where Developers can pitch in.

RiversideRocks — Thu, 16 Apr 2020 16:09:30 +0000

Introduction:

Recently, the world has been swept with the COVID-19 pandemic. Recently a few developers from the Glitch community and I founded scriptingtosavelives.com. Let me explain how it works. Visitors have three main ways of helping out.

The first way to help:

The first way to help us out is to donate code. Donating code makes the website look better and may even prompt more people to donate! More on that here.

The second way to help:

Visitors can create there own subdomain of our website tailored to their town! Just fill out the form here.

The third way to help:

Visitors can donate money to one of the causes that we have showcased on our website. These causes need a lot of help now and we are proud to advertise them!

See you on scriptingtosavelives.com!