Messages

16

Programmers corner / Re: Server Side Scripts [request] - Nesting

« on: June 04, 2013, 11:25:02 AM »

Hi Mars,
You should close those examples
[+request]
{.if not|
      {.or
            |{.pos|one|{.header|one.}.}
            |{.pos|two|{.header|two.}.}
            |{.pos|three|{.header|three.}.} 
            |{.pos|four|{.header|four.}.}
       /or.}
|{:{.disconnect.}:}
.}

17

Programmers corner / Re: Server Side Scripts [request] - Nesting

« on: June 04, 2013, 06:26:34 AM »

Thanks for the replies 
I have it all worked out now.

18

Beta / Re: Testing build #284

« on: June 03, 2013, 06:14:09 AM »

Master Tee,
Have you heard of Wine ?
 

19

Beta / Re: Testing build #284

« on: May 31, 2013, 08:26:16 AM »

Thanks rejetto,
Yes, I have been studying hard to understand everything the best I can..
Windows CMD, is no stranger to me, so I am trying to adapt what I know from that to macro

If you read this before my other post,
I want to send a proper server response for {.disconnect.} like {.disconnect|403.}
I want to stop a download manager.

{.disconnect.} is leaving the Download Manager in a "File Temporarily Not Available" state
As a result the Download Manager tries again & again !
Tested on a file which has been flagged "No Download" 403=Deny, the Download Manager actually stops !!
[Solved] 100%

Thank you
Oxyandy

20

Programmers corner / Server Side Scripts [request] - Nesting

« on: May 30, 2013, 11:59:33 PM »

[+request]
{.if not|{.pos|one|{.header|one.}.}|
{.if not|{.pos|two|{.header|two.}.}|
{.if not|{.pos|three|{.header|three.}.}|
{.if not|{.pos|four|{.header|four.}.}|
{:{.disconnect.}:}
.}.}.}.}

Any combination of 2 of the above works, but not 3 or 4 of them, limitation or am I doing it wrong ?

In windows batch, would be something like this

If %%a NEQ Google (
If %%b NEQ 192.168.1.1 (
If %%c NEQ rejetto (
If %%d NEQ patch (
echo Sorry if you made it here, you do not belong !
))))

21

Programmers corner / Re: introducing {.var domain.}

« on: May 29, 2013, 02:34:06 PM »

Hi rejetto,
I am making use of this, it really helps me identify Users timezones, locations etc..
But hey, it is a 3 year old post 
Do you have any news ?
You mention making changes, but have seen nothing posted elsewhere. ?
So in that time has the technique evolved ?

The database, does seems very incomplete - could I use something else a Geo-IP offline database for example..
I have been reading & soaking up heaps of info across the forums.
I will look deeper into how this works 'as is' as my knowledge grows, just thought I would ask first.

Thanks

[SOLVED]
Working very nicely to create a structured custom log, using different database
Server scripts working great, combined with local scripts create a clean log, with only what I want
even making use of {.if not| to exclude g-bot

DATE - TIME - IP - COUNTRY - STATE - CITY - LOCAL_TIME - FILE - REFERER

22

HFS ~ HTTP File Server / Re: Can I run HFS without a web page? (file url's only)

« on: May 29, 2013, 01:53:03 AM »

Other option is to have a html page set to Root, which just displays an image or few words
a robots.txt which blocks all user agents bots like Google etc

As the main page has no links, all the pages subfiles you added from "Right Click" add to hfs
will not be found unless someone has been given a direct link..
So a subpage could be the one served from hfs, controlled by the hfs template
and showing a list of files / uploads

Index looking like this

23

HFS ~ HTTP File Server / Re: Cant bind root to real folder

« on: May 29, 2013, 01:28:38 AM »

Where is hfs.exe placed on your system..
Where is the real folder you are trying to bind located ?

I suggest having both of those as close as possible to the root of a drive

C:\_HFS\hfs.exe
C:\_HFS\hfs.ini
C:\_HFS\Files\data in here.htm

24

HFS ~ HTTP File Server / Re: Events [request]

« on: May 29, 2013, 01:21:38 AM »

To get DTA to stop trying to Download the files - I need HFS to send a proper server code.
It seems {.disconnect.} leaves the download requested in DTA in a "Temporarily Not Available" state.
So DTA tries over & over again to get the file/s

I downloaded the file DTA_STOP.htm directly with DTA, with "No Download" set for the file in HFS
DTA sees the server response 403 and stops the download. Good

I have tried making the download (for the files I want to block) redirect to the "No Download" flagged file with .redirect|DTA_STOP.htm.
But DTA just doesn't give up = DTA tries over & over again

How can I send a server response ? {.server response|403.} would be awesome
Or {.disconnect|403.}


EDIT: Best solution I have now, redirect the request to " download_them_all_is_banned.htm "
1. It gets the point across, all the files they requested change name to download_them_all_is_banned.htm
2. It stops them using DTA on my site.
3. It makes for a much cleaner server log !!!!!!
4. It simplifies the rules.



But as you see above the downloads, will try again, but I give this fix 90%
(Still love it if someone can answer my questions, please)

FINAL EDIT: I found 'alone' there is a 100% way to send a 403 server response, but I like my msg method better

25

HFS ~ HTTP File Server / Re: Events [request]

« on: May 28, 2013, 11:16:51 AM »

I have edited the post above, to include some detail on what works..

Ok, well it seems I have solved "Task One 80%" & "Task Two - very easy" 
Very happy with the results. Opens up what I do already to some fantastic opportunities !

1. Can I redirect to a page ? DTA_STOP.htm ?
Oh yes, I can but if sends DTA into a frenzy almost like a DDoS attack !!
But, it seems to do one good thing, it changes the names of the requested file to DTA_STOP.htm
(Which could be named Download Them All is Banned.htm) They get the Msg that way

If I add dupe [+request] rules, one first for .redirect|DTA_BAN.htm. the second for .disconnect.
No more DDoS attack, but the logs don't show a request for DTA_BAN.htm anymore,
but because DTA never gets a file downloaded, it doesn't give up, a solution, but not a complete one.
I want it download SOMETHING, so it does stop trying. Ideas ?
Well maybe not DOWNLOAD anything, but .disconnect. only leaves DTA in an unknown state.
Can I send a server Response so it stops ? Like 403 - Deny ?

2. So, what can be substituted for {.disconnect.} ?
I know .exec, .redirect - anyway, is there a complete list somewhere ?
There are 'some' on the Wiki

3. Can some of you please share some "real" script examples please ?

4. How can I make use of "Debug - Run Script" ?

5. Can I use [request] to save whole Header to a .txt file ?
? ? ? ? ? ? ? ? ? ? ? ? ? ??

6. I have tried adding comments to hfs.events with //  . The rules are still working, so it is ignoring them
Is there anything I can use ?
Yes, answering my own question again.

{.comment|###############.}
{.comment|# My Text Goes Here #.}
{.comment|###############.}
Or
{.comment|
###############
# My Text Goes Here #
###############
.}

Thanks again !

26

HFS ~ HTTP File Server / Events [request]

« on: May 28, 2013, 02:03:17 AM »

Hi all,
I have been doing some reading and learnt a lot, but now need a bit of advise..

I want to make use of scripts as much as possible, but have a little way to go on syntax etc
Oh, plus what available options I can make use of..

Task One  {SOLVED 80%} No need to BAN, DTA for FF now gets nothing -see next post
I want to BAN, yes BAN -
I do have a warning and polite request, not to use DownloadThemAll (DTA) for FireFox (FF) on my files page.
So if my request is denied then BAN is appropriate
I will try clear those bans every 24 hrs (manually but an auto way would be nice)

Ok so what I have worked out DTA for FF sends the same > User-Agent: as FF, so that wont work.
But we have this in the get request

Code: [Select]

> Want-Digest: SHA512;q=0.9, SHA256;q=0.7, SHA, SHA1;q=0.5, MD5;q=0.3
So,

Code: [Select]

[request]
{.if|{.{.header|Want-Digest.}=SHA512;q=0.9, SHA256;q=0.7, SHA, SHA1;q=0.5, MD5;q=0.3.}|{:{.{.disconnect.}:}.}.}
Seems to work, but the files are small and testing from my own PC through proxy to HFS (to reduce speed) between .disconnect. and DTA's " > Range: bytes=606227- " request, I can still download everything

These don't work

Code: [Select]

{.if|{.{.header|Want-Digest.}=SHA512.}|{:{.ban.}:}.}

{.if|{.pos|SHA512|{.header|Want-Digest.}.}|{:{.ban.}:}.}

{.if|{.{.header|Want-Digest.}=SHA512;q=0.9, SHA256;q=0.7, SHA, SHA1;q=0.5, MD5;q=0.3.}|{:{.redirect|DTA_BAN.htm.}:}.}.}

{.if|{.pos|bytes=|{.header|Range.}.}|{:{.redirect|DTA_BAN.htm.}:}.}

This works (no need for BAN - nobody, nothing will load) of course, just as an example.
:including for others that stumble upon this post.

Code: [Select]

[connected]
{.disconnect.}
Questions
1. Can I have multiple rules under [request] ?

Code: [Select]

[request]
rule 1
rule 2
rule 3No, I guess not, add new rule under [request] like so

Code: [Select]

[request]
rule 1
[+request]
rule 2
[+request]
rule 3
I tried {.ban.} but according to macros-log.html that isn't working

2. Can I use [request] to run a local batch file ?
Yes, I can, and doing this was a great way to actually SEE the events triggered !

Code: [Select]

.exec|G:\Desktop\you_are_here_3.bat.
Task Two (to do) {SOLVED}
Execute a local batch file (which I currently run through window scheduled tasks) upon upload event
(yes, I know read, read, read)
to be continued....

This works, file will be moved after upload.
Beware if file already exists in C:\_INCOMING, it will be replaced.

Code: [Select]

[upload completed]
{.move|%item-resource%|C:\_INCOMING\%item-name%.}
Execute a local batch file, too easy.

Code: [Select]

[+upload completed]
{.exec|G:\Desktop\you_are_here_4.bat.}

Thanks !
PS. now using current #284

27

Beta / Re: Testing build #284

« on: May 27, 2013, 10:20:22 AM »

Hi rejetto
First post, thanks for producing this wonderful bit of software !
Sorry to hear what AV companies think of your .exe

A suggestion though, before public (say a week ?) if you submitted a copy to a site like www.virustotal.com
is likely that many of the "positives" would drop off after a week, cause many companies will actually test it

Now, I'm pissed off too, I am very happy to share files to the world.
But, my server is not online to be raped


So what I want to do is block requests from: Want-Digest

> Want-Digest: SHA512;q=0.9, SHA256;q=0.7, SHA, SHA1;q=0.5, MD5;q=0.3

I already have an idea how it can be done, with a script watching the log, but internal to HFS would be great..

Suggestions ?
I am using 2.2f, is there a change-log somewhere which lists all changes to current beta ??
EDIT: Found nice change log in source code !
Thanks very much
Oxyandy

EDIT only 2 AV companies show a positive as of today
http://r.virscan.org/report/8cf458105f2b3041bea3edc05e18a55b.html
a-squared & ClamAV

EDIT 2
www.virustotal.com 2 reports
Emsisoft    Trojan.Win32.Server-Web.HFS.AMN (A) <---  I contacted them and asked to review
ESET-NOD32    a variant of Win32/Server-Web.HFS.A <anyone ?