Fake video sharing Android App !!

shahzaib shahzaib shahzaib.cb at gmail.com
Tue Mar 17 08:22:19 UTC 2015


@itpp thanks for suggestion but the problem is , this is the invalid way of
blocking requests belong to android and the reason is , our official
android app will be releasing soon and filtering based on this user-agent
will block valid users as well. So we need something different such as,
adding some custom header in official android app and filtering requests
based on that (Maybe).

@Francis, thanks for explanation and suggestion. As you suggested, i should
enable extra logging and currently following is the log format enabled on
nginx. Does nginx support extra logging format ? i want to log each
parameter to distinguish between valid and invalid requests. Following is
current log format :

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
'
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';


Thanks.
Shahzaib

On Mon, Mar 16, 2015 at 7:50 PM, Francis Daly <francis at daoine.org> wrote:

> On Mon, Mar 16, 2015 at 06:45:30PM +0500, shahzaib shahzaib wrote:
>
> Hi there,
>
> >     I have installed that android app and requested log against my ip is
> > following :
> >
> > 39.49.52.224 - - [15/Mar/2015:10:40:26 +0500] "GET
> > /files/thumbs/2015/03/14/1426310448973c5-1.jpg HTTP/1.1" 200 13096 "-"
> > "Dalvik/1.6.0 (Linux; U; Android 4.2.2; GT-S7582 Build/JDQ39)"
> >
> > where 39.49.52.224 is ip of my modem.
>
> So - you have the log line for one request that you would like to block.
>
> Do you have the log line for the matching request that you would like
> to allow?
>
> And that log line shows just two request headers plus an ip address. If
> that is enough to accurately distinguish between "yes" and "no" requests,
> you're good. If not, examine the entire request (either by extra logging
> in nginx, or by watching the network traffic involved in each).
>
> > I have also tried blocking specific user agent such as Android but
> neither
> > it worked (sure i am doing something wrong) nor this is the correct
> > solution :
> >
> > if ($http_user_agent ~* "Linux;Android 4.2.2") {
>
> Does that 19-character string appear in the user agent header? If not,
> the "if" will not match.
>
> (I don't see it in there.)
>
> If the most important thing is that "they" don't "steal" your bandwidth,
> you can just turn off your web server. Bandwidth saved.
>
> But presumably it is also important that some requests are handled as
> they currently are.
>
> Only you can say what distinguishes a "no" request from a "yes"
> request.
>
> And only you can say which "yes" requests you are happy to
> mis-characterise as "no" requests and reject.
>
> After you determine those, then you can decide how to configure nginx
> to implement the same test.
>
> (For example: check your logs from before this app started. Do all valid
> requests include Referer? Are you happy to block any actually-valid
> requests that omit Referer, in order to block all requests from this
> app? How long do you think it will take the app author to change their
> app to include a Referer, if you do that?)
>
>         f
> --
> Francis Daly        francis at daoine.org
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150317/ae0bf6b1/attachment.html>


More information about the nginx mailing list