Fake video sharing Android App !!

shahzaib shahzaib shahzaib.cb at gmail.com
Tue Mar 17 10:12:36 UTC 2015 

@itpp, as i sent the logs above that referer_header for android requests
are empty, maybe blocking requests based on empty referer_header will
partially resolve our issue ? Following is the config i used to block empty
referer_header but in vain.

valid_referers server_names ~.;
if ($invalid_referer) {
    return   403;
}

Android request log :


39.49.52.224 - - [15/Mar/2015:10:40:26 +0500] "GET
/files/thumbs/2015/03/14/1426310448973c5-1.jpg HTTP/1.1" 200 13096 "-"
"Dalvik/1.6.0 (Linux; U; Android 4.2.2; GT-S7582 Build/JDQ39)"


I might be putting this config under wrong location, following is the
content of android.conf and virtual.conf :

virtual.conf :

server {
        listen  80;
        server_name  conversion.domain.com;
        client_max_body_size 8000m;
#        limit_rate 180k;
    #    access_log  /websites/theos.in/logs/access.log  main;

        location / {
            root   /var/www/html/conversion;
            index index.html index.htm index.php;
     #      autoindex on;
            include android.conf;
}
location ~ \.(flv|jpg|jpeg)$ {
                flv;
                root /var/www/html/conversion;
                expires 2d;
               include android.conf;
                  valid_referers none blocked domain.net
www.domain.net  domain.com www.domain.com;
                 if ($invalid_referer) {
                    return   403;
                }
                }
location ~ \.(mp4)$ {
                mp4;
                root /var/www/html/conversion;
                expires 1d;
                include android.conf;
                 valid_referers none blocked domain.net www.domain.net
 domain.com www.domain.com;
                if ($invalid_referer) {
                    return   403;
                }
                }

 # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            root /var/www/html/conversion;
            fastcgi_pass   127.0.0.1:9000;
           fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include        fastcgi_params;
        }

        location ~ /\.ht {
            deny  all;
        }
}


android.conf :

#if ($http_user_agent ~* "Android") {
#   return 403;
#}

valid_referers server_names ~.;
if ($invalid_referer) {
    return   403;
}

Regards.

Shahzaib


On Tue, Mar 17, 2015 at 2:10 PM, itpp2012 <nginx-forum at nginx.us> wrote:

> I'd use some kind of authentication based on a user logging in before
> allowing use of a service, an encrypted cookie or something along that
> line.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,257269,257303#msg-257303
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150317/044a1aa4/attachment.html>

More information about the nginx mailing list