Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

counter.dev shows .local and local IP addresses #59

Open
hello-smile6 opened this issue Feb 27, 2022 · 5 comments
Open

counter.dev shows .local and local IP addresses #59

hello-smile6 opened this issue Feb 27, 2022 · 5 comments
Labels
easy

Comments

@hello-smile6
Copy link
Contributor

I have counter.dev analytics on neofetch-js, and I saw @webdev03 's phone loading a site from their computer in counter.dev . I think analytics requests from .lan, .local, 10.*.*.*, and 192.168.*.*, and domain names without a . (and maybe others) need to be discarded and hidden from users by default, because I should not see their computer's hostname or the port their web server was running on. Please fix this.
@hello-smile6 hello-smile6 mentioned this issue Feb 27, 2022
Merged
@webdev03
Copy link

Oh well I guess you know I use a MacBook LOL

@hello-smile6
Copy link
Contributor Author

Oh well I guess you know I use a MacBook LOL

I even know the hostname... Now I can make a web implementation of nmap using websockets... (It wouldn't be that hard anyways, and it'd be fun. You'd just have to open a websocket on each port and see what sockets take noticeably longer before failing. Of course, I wouldn't log the data using analytics. )

@hello-smile6
Copy link
Contributor Author

hello-smile6 commented Feb 27, 2022
edited
Loading

@webdev03 No longer logging data from dev servers, see hello-smile6/neofetch-js@942b7ed

@ihucos
Copy link
Owner

ihucos commented Mar 7, 2022

@webdev03 No longer logging data from dev servers, see hello-smile6/neofetch-js@942b7ed

Nice, would be nice to have your client side code:

        if(
            location.hostname.endsWith(".local") || 
            (
                location.port !== 80 &&
                location.port !== 433
            ) || 
            location.hostname.endsWith(".lan") || 
            !(location.hostname.includes("."))
        ) {
            throw new Error("Refusing to log data from non-public webserver, see https://github.com/ihucos/counter.dev/issues/59");
        }

In the backend (golang) in the appropriate location here: https://github.com/ihucos/counter.dev/blob/master/backend/endpoints/track.go#L78

@hello-smile6
Copy link
Contributor Author

@webdev03 No longer logging data from dev servers, see hello-smile6/neofetch-js@942b7ed

Nice, would be nice to have your client side code:

        if(
            location.hostname.endsWith(".local") || 
            (
                location.port !== 80 &&
                location.port !== 433
            ) || 
            location.hostname.endsWith(".lan") || 
            !(location.hostname.includes("."))
        ) {
            throw new Error("Refusing to log data from non-public webserver, see https://github.com/ihucos/counter.dev/issues/59");
        }

In the backend (golang) in the appropriate location here: https://github.com/ihucos/counter.dev/blob/master/backend/endpoints/track.go#L78

Okay.

@ihucos ihucos added the easy label Aug 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
easy
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ihucos @hello-smile6 @webdev03