Jump to content











Photo
- - - - -

Temporary space & new Pips


  • Please log in to reply
51 replies to this topic

#26 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 13 April 2012 - 08:21 PM

We have clamwin installed on the system. However, php exec was removed.

So an option is calling the virustotal to ask their opinion about a given file: https://www.virustot...ion/public-api/

The API allows to do that from PHP.

Sorry, in this area I'm really a fool.
Does your answer imply that h.s's concerns are covered?
Would be nice!

Peter

OFFTOPIC: The highest German court is currently examinating the question, whether the "owner" of a WEB access is responsible for everything done using his address (unrecognized hacked WLAN, unrecognized physical host access by a family member, etc.)

#27 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 08:22 PM

Sherlock, it is not the same. Rest assured that we will not be chased, whenever in doubt apply common good sense.

We can discuss this in another topic if you wish to explore the matter.

#28 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 13 April 2012 - 08:23 PM

We can discuss this in another topic if you wish to explore the matter.

Ok. If you have already thought of that, I have nothing more to say.

#29 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 08:25 PM

Sorry, in this area I'm really a fool.
Does your answer imply that h.s's concerns are covered?
Would be nice!
...

My apologies for not being clear: your concerns are covered (but require coding).

- Virustotal provides an API to fetch information about files
- you calculate the sha1 hash of the file
- query virustotal
- get the results from their site
- interpret the results

If I'm not mistaken, it is possible to trigger an event in javascript when elFinder uploads a file (you need to look into the docs).

Another possibility (not involving javascript and my favorite) is to add a cron job that will process all files publicly available and evaluate if anything suspicious is found or not and then react accordingly (remove the file for example).
  • pscEx likes this

#30 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 13 April 2012 - 08:35 PM

My apologies for not being clear: your concerns are covered (but require coding).

- Virustotal provides an API to fetch information about files
- you calculate the sha1 hash of the file
- query virustotal
- get the results from their site
- interpret the results

If I'm not mistaken, it is possible to trigger an even in javascript when elFinder uploads a file (you need to look into the docs).

Another possibility (not involving javascript) is to add a cron job that will process all files publicly available and evaluate if anything suspicious is found or not and then react accordingly (remove the file for example).


A bit "Like Shakespeare": A lot of noise about nothing!

When the temp upload area is (as I understood) for "trusted people" (.script developers, developers, Tutorial Writers, ...) only: That's oky. We all trust these members.
If we do not trust,not, let's stop any activity in this forum.

Peter

#31 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 08:39 PM

Please read my first post.

We always the problem of pointing winbuilder users to a place where they can place their logs. This is a service that allows that exactly.

A user posts log, we see it and then it is deleted after a while.

I don't trust about what is placed there, reason why it is deleted after two days.

#32 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 13 April 2012 - 08:48 PM

Please read my first post.
We always the problem of pointing winbuilder users to a place where they can place their logs. This is a service that allows that exactly.

Maybe I misunderstood:

This service can be used for developers to quickly exchange files between themselves and/or users to upload their log files for developers take a quick look.

I understood "developers" as the "trusted people" I mentioned above.

Brainstorming again: Maybe NON-Developers can only upload <their alias>_log.html?

Peter

#33 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 08:51 PM

Brainstormimg again: Maybe NON-Developers can only upload <their alias>_log.html?

I thought about that, however this is not just meant for winbuilder usage. Other developers should also have access to this resource.

For me, the only thing that I would change is adding a timer on the header that would do a countdown of time before the next clean up will begin.
  • pscEx likes this

#34 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 13 April 2012 - 08:58 PM

... adding a timer on the header that would do a countdown of time before the next clean up will begin.

Depending on "trusted member" ? :dubbio:

But seems that we are working with theory. Start your change as intended, and if there is something wrong, we will be able to repair.

Peter :clap:

#35 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 08:59 PM

@Nuno
The Temporary File Host service has hopefully just come in very handy - thats assuming the recipient gets to it within the next two days! A welcome addition. Thanks.

I would second TheHive's suggestion to add it to the forum's tab menu thingy - that's if the feature is kept.

This feature was added. We have a new addon called "Fusion menu" that allows customizing the navigation bar. The link to the temporary hosting is placed as a submenu in "Others".

I also placed some other links and rearranged a bit the navigation.

:cheers:

#36 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 13 April 2012 - 09:01 PM

But seems that we are working with theory. Start your change as intended, and if there is something wrong, we will be able to repair.

For me it was just a suggesting of what I would change. For the moment there is not enough time. Still many other things need to get done before, would be nice if someone volunteered to implement changes/improvements.
  • pscEx and TheHive like this

#37 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4138 posts

Posted 17 April 2012 - 07:10 AM

Hello,

To upload files, just drag and drop them inside the window. It is a fully featured explorer window made in Ajax. Bandwidth is restricted to 5Gb a month and disk space to 100Mb.

Whats the limit on file size. Im trying to upload a temp video and the temp service says data exceeds maximum allowed size. I was thinking it was 100MB.

#38 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 April 2012 - 07:27 AM

What is the video file size?

#39 TheHive

TheHive

    Platinum Member

  • .script developer
  • 4138 posts

Posted 17 April 2012 - 08:56 AM

At first 30+ then after reducing it around 15-20MB depending on quality.
Ended uploading to another temp site. It was for the Naughty PE test.

#40 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 17 April 2012 - 02:07 PM

Is the up-loader using PHP's upload functions? then we have the same limit as the download center.

Is there an api available for uploading files? I would like to make a WB script that the user could press a button or enable an option to automatically upload a log file to the temp area.
Ex. .Win7Pe_SELogssomelogfile.html

#41 Nuno Brito

Nuno Brito

    Platinum Member

  • Team Reboot
  • 10452 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 17 April 2012 - 02:32 PM

That is a good idea.

We don't have an API for uploading files, however I can create an FTP user with permissions to upload files.

Then you can use FTP from windows (FTP comes included on Windows 7, presumably on previous editions as well) with an automated script such as: http://www.howtogeek...s-command-line/

I can automate the creation of a file on the temporary host whenever all contents are clean. This way you (and others) can download this file and check the time stamp to know how long it is missing before the next folder clean up, perhaps we can increase the limit to 4 days.

#42 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 17 April 2012 - 03:20 PM

That would work. I'll most likely use AutoIT to automate the process, so that should also provide a layer of defense against abuse, as the FTP account details can be compiled in the EXE. using autoit I can also read HTTP requests so if you have a script I can query that will return a timestamp until the next purge the user can be notified on upload how long the log will be available. that might work better than having a file in the temp server that could accidentally get deleted or modified.

#43 florin91

florin91

    Frequent Member

  • Team Reboot
  • 197 posts
  •  
    European Union

Posted 17 May 2012 - 11:48 AM

Does this service still works or had been shutted down?

#44 homes32

homes32

    Gold Member

  • .script developer
  • 1021 posts
  • Location:Minnesota
  •  
    United States

Posted 17 May 2012 - 03:17 PM

still there but I get

Unable to upload xxx.xxx

error trying to upload anything

#45 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 17 May 2012 - 04:10 PM

Does this service still works or had been shutted down?

I think it is shutted down (or the board software decided not to offer it any more).
When I click on one of my "purchases" I get a server error that the site cannot be loaded.

Peter

#46 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 17 May 2012 - 04:11 PM

I think it is shutted down (or the board software decided not to offer it any more).
When I click on one of my "purchases" I get a server error that the site cannot be loaded.

Peter


So, what color is it, red, yellow or green? : :chair:

#47 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 17 May 2012 - 04:21 PM

So, what color is it, red, yellow or green? : :chair:


Done!

Peter :cheers:

#48 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 17 May 2012 - 04:27 PM

Done!

Peter :cheers:


Nope, either you have to redefine the meaning of the colors or have to introduce a new color. As "RED", by definition means, "We are working on fixing an issue", I just want to remind you that nobody has yet assured that any work is going on or will go on in future to get this fixed.

#49 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12688 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 17 May 2012 - 04:29 PM

OOPS! You nerve me! :cheers:

I'm thinking about to define Pink, but tomorrow.

Peter

#50 Holmes.Sherlock

Holmes.Sherlock

    Gold Member

  • Team Reboot
  • 1444 posts
  • Location:Santa Barbara, California
  •  
    United States

Posted 17 May 2012 - 04:33 PM

OOPS! You nerve me! :cheers:

I'm thinking about to define Pink, but tomorrow.

Peter


:loleverybody: Don't worry, I will make you define all the colors of the rainbow gradually :P




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users