I'm not a admin or mod...just curious.

Maybe I could find any info from page source?...😟

boardurl.com/applications/core/data/versions.json

 

@SUBRTX, why you are confused? I've replied you.

 

In important rule of (cyber) security is: don't expose more than what is strictly needed.

I would deny the access to that file.

What's the point of letting anyone to know what is the version you use? To know if a certain exploit can be used or that a vulnerability is present? You certainly don't want to provide rogue actors that valuable information.

 

Edited January 16, 20214 yr by xtech

That is pretty cray. Why is that a thing? Does something rely on that file?

That's something I actually did not know myself. I have restricted access to that file. Same thing goes for applications/forums/data/versions.json etc. (e.g calendars, commerce)

Edited January 17, 20214 yr by Jock3r

 

That is pretty cray. Why is that a thing? Does something rely on that file?

Not via the web, no. If you wish to block web access to it you can.

 

Not via the web, no. If you wish to block web access to it you can.

Do any of the json and xml files need to be accessible? I'm thinking we just blanket block any requests for those files.

No, those files don't need to be web accessible necessarily for the software to run correctly.

 

No, those files don't need to be web accessible necessarily for the software to run correctly.

Well, they've been relegated to the bowels of 404 then. Thank you. 🙂

We've been on the receiving end of a coordinated attack for the past few days, whose efforts are seemingly trying to cause SQL injections by submitting bad parameters to all sorts of things. They have been pulling these URLs as part of their attack.

We've handled the evildoers through our firewalls, but good reminder to think about what needs to be exposed and what doesn't.

How do I block this file?