Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
We had an internal website that would log every access to the site. We also had a widget on the site that would get weather info using ajax once per second. I was wondering why the website was having issues. I found this stupid log file and it was 6GB or so on a small drive. It was interfering with the computer working correctly. I don't know how long it took to build up to that size, but someone else maintains it now...
-
Root797674yReminds me of a CSS keylogger:
You set a hidden element’s background image to a url including the text of an input box (using attr()) so the url contains the user input. The server then gets a new request for every change in the text box. Optionally add an advertising ID for uniqueness, and you’re done. Remote keylogger!
Being a GET, it’s obv snoopable, but if you’re doing this you don’t care about user privacy anyway. -
@Root I'll add this to my collection of evil tricks composed to break and abuse websites in hard-to-detect ways when opportunity comes.
It can also be attached to a hidden pseudo element for added confusion. -
Root797674y@ZeldaFan69-2 Cloudflare, browser history.
Honestly, I don’t like the idea of relying solely on transport level security. Single point of failure, can’t trust users to not install spyware certificates, other entities trying to spy, etc.
Also, cloudflare is specifically designed to circumvent TLS via certificates, meaning they can and do intercept all HTTPS requests and responses in cleartext. Anything sent/received between a user and a “cloudflare-protected” website should therefore be treated as leaked / non-private.
Plus, GET requests are stored in browser history, which JavaScript can get access to, meaning it should be treated as public information. Though requests made via CSS and other browser internals aren’t, so you’re right here. The above points stand, though. -
jaylord4514y
Related Rants
-
sladuled11Fuckin hell!! Code works everywhere except at one client. Ok, I check logs & see something missing.. I go che...
-
DarekGreenly3Quantum bugs. Code starts working when the only thing you do is examine it with console logs.
-
UltimateZero2I had a weird dream last night where people communicated by using log statements. Like if I wanted to say som...
So apparently due to an extremely talkative x input driver and an error in a certain app, I've been running an emergent keylogger on my computer for half a year. On every keypress event, the driver would call the app, the app would segfault, the driver would log the incident including the event to /var/log and then crash, and the app would restart the worker. I noticed this when I started wondering why /var/log is over 100GB in size.
rant
xinput
logs
weak code
emergent keylogger