Prevent users from reusing website source files (downloading is okay) - javascript

UPDATE:
Something's wrong with stackoverflow. It seems people couldn't read the first line of the question properly and they start preaching about "how websites can't be downloaded" which is not exactly the question. So here is the question in a more specific way:
How to get hosted server's IP address (or any other information which is unique to the hosted server) using jQuery. Googling doesn't help much.
Now, please don't start with "getting client's IP address" or "this can't be done". I know this is nearly impossible; but if someone can get me close to the idea, that'll do.
Oringinal Question:
I know users can download the source files if they can see it in their browser. What I am trying to do is stop them from reusing it. Like checking IP of hosted server and redirecting to the original domain if the files are hosted in a different server.
Using PHP (or any server programs) won't do as the end user will be getting the final html/css/js files.
Basically, I don't want anyone to download and host/reuse website files.
Thanks in advance.

Javascript is code, and can be obfuscated. This makes it so difficult to maintain that it's usually easier for the end user to re-write from scratch. Try Googling for "Javascript Obfuscator".
With HTML and CSS, it's pretty much open to the user. Not much you can do about that!

If you make website in PHP you will write some code that gets translated into end-html that user can view and download. So your source file in PHP is unreachable for end-user. Like in Wordpress your code could be only few rows and end html could be hundreds of rows long because it reads data from a database and puts it into html.
If you write scripts in javascript you can not protect it from downloading and reusing that.

This can't be helped. If the viewer can view your website he can download the front-end of the website.
If your worried about someone downloading your server-side scripts, you don't have to because server side cannot be downloaded through the front-end.

Related

How to do a server redirect of URL to a different URL if the traffic is accessing from static QR code

I've always found this forum helpful. So I'm faced with a big dilemma here and was hoping someone here could help :D
HERE'S THE SITUATION:
We have multiple static QR codes that were printed on thousands of boxes which have already been distributed that go to the wrong URL. Unfortunately the designer didn't make the QR code dynamic, so we don't have the option of editing the URL through the QR code generator's interface.
We are a white label manufacturer and provide packaging to tons of clients, so what happened was a batch of qr codes got put on the wrong brand's packaging and so as you could imagine its a huge mess. Hoping someone could help ya girl out! :D
I've decided that our best bet would be to implement automatic redirects of the individual pages on the server side. My question is, is there any type of script that would be able to redirect traffic ONLY coming from a QR Code scan?? I've heard of Bootstrap being able to route traffic based on device and browser, etc. So I'm remaining hopeful that someone has heard of a way of doing this. And if there is such magical code, what file or table to I need to edit? Btw I have phpmyadmin but no cPanel.
Thank you SO MUCH in advance!
Side Note -
NO CPANEL! I'm using Wordpress 6.1 on wordpress managed hosting through GoDaddy - and so I do not have access to a cPanel unfortunately :(
I tried going through the QR code generator's interface to "edit" the URL of the QR Code, however the QR code was not created as dynamic. It is a static QR Code.
And lastly, the reason why we can't just simply sticker over the wrong QR code with a new one is because the boxes were already distributed.
Danii
It depends on what URL it goes to. If it goes to your site's domain, e.g. it shows a 404 page of your site or another page, then it is easy to fix. There are plugins for redirection and the most downloaded one and free is Redirection.
Install the plugin
Go to the plugin's settings page
Open the tab "Redirects"
Add a new redirect at the bottom of the page
see the screenshot

Malicious? Code in my JS file that wasn't there previously

I don't know too much about web security but I found a piece of code in a javascript file of mine yesterday that would not have been added by me or anyone else with access to my website.
Nothing bad seems to have been happening on the site so I wouldn't have worried that much except that I have been consistently told by Google Adwords that I have malware on my website. Every time I ask them to investigate however, neither they nor google search console can find anything.
The piece of code in question was this something like this:
<script type="text/javascript" src="http://synchronize.exsads.com/click.js">
The only reason I found it was because it gave me an error in the dev console because the file wasn't able to be loaded.
I have no idea how the code got there. I've been trying to read up on code injections and XSS attacks but i don't really understand it and it seems like that has more to do with sending malicious code back to a server instead of actually changing the code within files. (please correct me if I'm wrong)
Is there a specific security vulnerability that would allow someone to access the code on my website, and if so, what steps do I have to take to prevent that? (Details or easy to understand resources please, much appreciated!)
That JS insert ads on your site.
Search manually for a extrange PHP file (i'll asume php), they generate extra HTML and insert some ads on your site.
EDIT
Ok, it's not a CMS. Change your FTP password and access to CPanel or PLESK.
Follow this steps: enter over FTP to the files on your hosting, look for a obvious with a extrange name .php file or .js, that file is the corrupted one.
Other solution: download all site over FTP and scan with a good antivirus.

ASP pages not bringing in Images, CSS or JavaScript

My uncle's has got the files for his website that he got made a few years ago and needs something changed on it. So he has sent me the files as I am willing to make small changes as I know HTML and CSS. But when I open his index.asp page in a browser this only shows html even though the images, css and javascript files are linked properly.
I am not familiar with asp, I would really appreciate it if someone could let me know why the files are not being brought up when I open the index.asp file in a browser.
Thanks
Because when you just open the asp file on a browser, there's no web server intervention so that the ASP page is properly processed. You are just opening a file as if you were opening it on Notepad. You need to configure the whole site as an IIS Application and browse to the site by going to http://localhost/YourSite
First things first - as the previous comment says, you need to run ASP through an IIS based web site because the code needs to be processed.
If you're running through IIS and having this issue, check to see that your IIS settings are correct. Google "static content IIS" and you should find articles relating to this problem.

Can I host a file or folder on another person's domain?

I don't think this is possible, but it never hurts to ask.
Is there any way for me to host a file (or folder) on someone else's domain (with their permission, of course)? For example, if their site is hosted at www.example.com, I would like to host a file at www.example.com/foo.html, or a folder at www.example.com/foo/, or the like. I just need to be able to make changes at will to a single file.
We can't use a redirect or anything like that - the purpose of this is to allow me to control a document loaded in an <iframe> on their site, and for the JavaScript in that <iframe> to have access (i.e., no security restrictions) to its parent page - which is only allowed if the domains match. Their site doesn't change the document.domain property to relax the security restrictions, nor can we ask them to start using that approach (it's an enormous site).
I also can't generate an <iframe> and create its document solely using JavaScript - we've done that in the past, and it gets around the security restrictions (the generated <iframe> is in the same domain as its parent page), but it causes other issues and difficulties that add up to a deal-breaker in this case.
Please let me know if you have any alternative suggestions, or if you need any more information about what exactly I'm trying to do.
Thanks in advance for any help!
I hope I'm understanding this correctly. Since you have their permission to host a file on their site, can you just use FTP? They can set you up to only be able to drop files in one directory on their site, and you can edit the file there.
Provide embed code to the other party to load remote javascript file to their page. You may then generate content or information gathering. As the javascript file is hosted on your side, it's under your control. A Visitor Counter is a similar case.
You could make a php script that loads it's data from your own site.
this should work actually:
<?php echo file_get_contents("http://www.yoursite.com/yourfile.html"); ?>
Edit: You might be able to do the same with javascript, but i don't know the code for it... Sorry. :-/
Sounds like your friend can set up a reverse proxy rule on their web server for your file. http://httpd.apache.org/docs/2.0/mod/mod_proxy.html

Upload a file to an html page with no backend?

Is it possible to read the contents of an uploaded file (through <form><input type="file">) from inside javascript with no backend? I suppose it's possible with HTML5, but what about HTML4?
You can read (not upload - well, you can upload too, but that's like sending fan-mail to Edgar Allen Poe; nothing stops you but he won't be able to read it) from files if your script runs in a very trusted context.
If anyone on your network is browsing the web in a browser set to give that much trust, disconnect their machine from the network first, make their settings tighter second.
I don't know if I understand correctly. How about using something like uploadify together with jQuery. I guess you'll have to grant the webserver the privilege to write in the specified folders.
The security model will not let you unless you change the security to allow this.
http://www.mozilla.org/projects/security/components/signed-scripts.html
Can you elaborate on what you want to do?
I read the question as "How do I grab the contents from a file chosen using a file upload field and process it on the client without involving a backend/webserver".
I am thinking UniversalBrowserRead access for FF and HTA filesystem for IE for example

Categories

Resources