Advertisement:

Author Topic: Firewall monitor for SMF code itself – Restricting Mod modules talking to WEB  (Read 3359 times)

Offline Sesquipedalian

  • The Mad Doctor
  • Lead Developer
  • Sr. Member
  • *
  • Posts: 945
  • Gender: Male
  • It works! ... in theory.
    • Sesquipedalian on GitHub
Certain parties would like to keep their site a secret (I know a few), in which case they can just use htaccess to block anyone without an adequate username and password from accessing their site.

Or more simply...

disable guest access
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Offline njtweb

  • Sr. Member
  • ****
  • Posts: 917
I'm confused, why would anybody NOT want bots visiting their site? It's how they get indexed?

You feel confused because, although Kiriakos GR believes his request makes sense, in fact it is nonsensical. He is fundamentally asking for public data to somehow not be public and yet still be public.

LOL, that was great!


Offline Sesquipedalian

  • The Mad Doctor
  • Lead Developer
  • Sr. Member
  • *
  • Posts: 945
  • Gender: Male
  • It works! ... in theory.
    • Sesquipedalian on GitHub
I promise you nothing.

Sesqu... Sesqui... what?
Sesquipedalian, the best word in the English language.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
Nothing Kiriakos GR has said so far makes any sense lol :D

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,403
    • StoryBB/StoryBB on GitHub
He just doesn’t want it hard enough, otherwise he could pay a professional services company to implement it.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
He just doesn’t want it hard enough, otherwise he could pay a professional services company to implement it.

I have a hunch that he needs it, but wants it for free.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 2,104
  • Gender: Male
    • Macedonian electronics forum
Or more simply...

disable guest access

Most of the parties I mentioned in my previous post wouldn't like anyone to know that that site exists. Only people with the link and credentials can access the site. And they also don't like the site/sites showing up on search engines. That is why using htaccess in those cases is actually a better solution ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,403
    • StoryBB/StoryBB on GitHub
If you’re going down that road, don’t use a domain name and just make everyone use IP addresses.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline njtweb

  • Sr. Member
  • ****
  • Posts: 917
Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?

This is a very good question. The only thing that comes to mind to me, is a website that is up to no good... .

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,433
  • Gender: Male
    • Kindred-999 on GitHub
Sounds like the sort of website that wants to be on the "dark web" but does not have anyone in charge of it who has any actual knowledge (and therefore does not belong on the dark web to begin with)
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,403
    • StoryBB/StoryBB on GitHub
Nah, I don’t think it’s that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn’t, bots wouldn’t know about it or get it from the board index or RSS feeds.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
Nah, I don’t think it’s that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn’t, bots wouldn’t know about it or get it from the board index or RSS feeds.

In other words a moron then :D

That is the only other possible explanation that makes sense.

Offline Arantor

  • Resident Overthinker
  • SMF Friend
  • SMF Legend
  • *
  • Posts: 71,403
    • StoryBB/StoryBB on GitHub
See Hanlon’s Razor.

Also note that this was initially pitched as an idea that can be used for free. Problem is, ideas are bountiful, finding the good ones is hard, making them real harder still.
Don’t try to tell me that some power can corrupt a person. You haven’t had enough to know what it’s like.

No good deed goes unpunished / No act of charity goes unresented.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 2,104
  • Gender: Male
    • Macedonian electronics forum
If you’re going down that road, don’t use a domain name and just make everyone use IP addresses.

But... you can't do that on a shared hosting account.

In any case, that is an option if the site was hosted at home, but I don't think most of those sites are... or even if they are, maybe they've got other sites hosted on the same IP, so... once again, a problem.

Sounds more like an intranet kind of interest. I wonder, what is the point of running a website if you don't want anybody knowing about it?

Doing something you wouldn't want anyone, except a certain handpicked crowd, knowing about. There are certain types of info and/or data that is considered precious... not to mention that gaining that info or data involves certain activities that are, at the very least, frowned upon.

And yes... basically these are kind of like intratnet sites... except they're available worldwide and are accessible with the right credentials.

This is a very good question. The only thing that comes to mind to me, is a website that is up to no good... .

I believe I answered that in the previous part of this post ;).

Nah, I don’t think it’s that creative, just someone who assumes that bots come to steal content without realising that the content is otherwise publicly visible because if it wasn’t, bots wouldn’t know about it or get it from the board index or RSS feeds.

Well, I could name a few things that, as far as I know of and as far as I've searched online, aren't available anywhere else on the web... but I'd rather I didn't, at least not in public.

And no, it's not about bots stealing content, it's about anyone without the address knowing about the site, including bots and search engines. And if somehow, someone found out about it, they'll need htaccess credentials to access the site. And if they somehow found them out, guess what, there's another loging screen after that... no signup, no background image, nothing, just a plain login screen saying "Username and Password".
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 58,433
  • Gender: Male
    • Kindred-999 on GitHub
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...

Seriously -- if you're hosting that sort of thing on a share server, then you're not doing it right to begin with... :P



but fine....   add an htpassword, protect the directory level from the server. The turn off the forum for guests.
done.
nothing else needed.

Still a complete waste, IMO.
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 2,104
  • Gender: Male
    • Macedonian electronics forum
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...

Ummm... depends how you look on things... and for the record, I wouldn't call the people running these sites "having no knowledge". Most of them are well established in certain circles... and as I said, I have no idea if they're doing this from their home, a paid server, a shared hosting account, cloud hosting, etc. It was just a guess, I haven't actually tried to find this info out.

Seriously -- if you're hosting that sort of thing on a share server, then you're not doing it right to begin with... :P

Well, maybe they just like to hide in the forest, who knows :).

As I said, I have no idea where they're hosted, and even if I did, I wouldn't share that here.

Still a complete waste, IMO.

Each with his own opinion ;).
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
in other words, it's a bunch of people who want to think they have something worth protecting but don't actually have any knowledge...

Ummm... depends how you look on things... and for the record, I wouldn't call the people running these sites "having no knowledge".

While that may be true in theory, based on the posts of the OP in this topic, and elsewhere in this forum for that matter, "having no knowledge" can be safely said and it is nicely put imo.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 2,104
  • Gender: Male
    • Macedonian electronics forum
The last posts in this thread are completely unrelated to what the OP asked for. They're related to "why would anyone have a website and not want it indexed or accessible for everyone".
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline doug_ips

  • Jr. Member
  • **
  • Posts: 298
The last posts in this thread are completely unrelated to what the OP asked for. They're related to "why would anyone have a website and not want it indexed or accessible for everyone".

It is kind of related imho. The thing is that the last posts are a result of the OP 's strange/weird request.