Comments (5)
MikePriceAero
commented on June 16, 2024
1
Just bumping this on behalf of myself and @haleyngonadi (as well as anyone else who's experienced it and hasn't reported) - it's happening to me today on an Expose Pro subdomain I'm using for the very first time. No-one except me knows it even exists, so how is this happening?
from expose.
MikePriceAero
commented on June 16, 2024
Just been seeing the same thing happening to me as well - not sure how it would know what subdomain I'm using given it's not indexing anywhere in Google and I don't think just scanning IP addresses would lead to this?
from expose.
isokcevic
commented on June 16, 2024
Bumping this, as another pro user.. This is a very bad look, especially with silence from the dev.
Some of the originating IPs can be found on blacklists when googling as well.
I am stopping usage of this tool until a reasonable explanation for this behavior is provided. Wrote to support as well.
from expose.
sschlein
commented on June 16, 2024
Hi all, this is actually the open yource repository of the client and please raise these types of issues via our support inbox so that we can answer them quickly.
While we are looking into ways to block requests based on a IP list, these are typical requests of malicious bots that scan random URLs on the internet. If you check the logs of your normal web server of your application, you'll also find them. Luckily, Laravel is secure enough by default that this is not an issue and more an annoyance.
So if you encounter these scans, please create a support ticket by emailing us the information, your subdomain at that time and the Expose server region to [email protected] and we'll block the IP for future requests asap.
I am closing this ticket because that's not an issue in this repository here but with the global network that we manage. If you come to this issue via a google search, please raise a support ticket via email with the requested information.
Thanks
from expose.
sschlein
commented on June 16, 2024
To give you even more information:
There are sites that monitor certificates that are created by let's encyrpt. They publish them for transparency reasons and all certificates that you create with them are also monitored. Sites like https://leakix.net/ use this data to automatically scan all sites that use these certificates and this is why you sometimes get requests from them.
As mentioned, we've working on solutions to block their bots but there is like an infinite number of services like this and so it's quite hard to block all of them.
from expose.
Related Issues (20)
- Could not connect to the server. Connection to tls://us-1.sharedwithexpose.com:443 failed during TLS handshake: SSL operation failed with code 1. OpenSSL Error messages: error:1408F10B:SSL routines:ssl3_get_record:wrong version number HOT 7
- Asset URLs Contain Incorrect Port in Laravel Sail Environment with Expose Reverse Proxy HOT 1
- Docker
- Could not connect to server error:80000002 HOT 5
- Could not connect to the server. - 502 Bad Gateway HOT 2
- Carbon\Carbon::setLastErrors(): Argument #1 ($lastErrors) must be of type array, bool given HOT 1
- Docs don't reflect renaming 'auth' argument to 'basicAuth'
- Auto restarting after disconnect HOT 1
- Authentication failed HOT 6
- Authentication Error on Pro License HOT 6
- Could not connect to the server.
- OpenSSL certificate verify failed HOT 4
- [Bug]: expose command not found HOT 1
- OpenSSL Error: wrong version number HOT 13
- [Bug]: Website documentation images broken
- [Bug]: Config Page missing -- How to configure client for docker server?
- [Bug]: Standard Laravel install with Vite - CSS not loading HOT 4
- [Feature Request]: Request Store Limit
- [Bug]: Expose renaming project folder
- [Bug]: Connection to tls://sharedwithexpose.com:443 failed during TLS handshake HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from expose.