counter.dev icon indicating copy to clipboard operation
counter.dev copied to clipboard

Published 20 hours ago verified publisher icon ihucos

counter.dev shows .local and local IP addresses

Open hello-smile6 opened this issue 3 years ago • 5 comments

I have counter.dev analytics on neofetch-js, and I saw @webdev03 's phone loading a site from their computer in counter.dev . I think analytics requests from .lan, .local, 10.*.*.*, and 192.168.*.*, and domain names without a . (and maybe others) need to be discarded and hidden from users by default, because I should not see their computer's hostname or the port their web server was running on. Please fix this.

hello-smile6 avatar Feb 27 '22 03:02 hello-smile6

Oh well I guess you know I use a MacBook LOL

webdev03 avatar Feb 27 '22 03:02 webdev03

Oh well I guess you know I use a MacBook LOL

I even know the hostname... Now I can make a web implementation of nmap using websockets... (It wouldn't be that hard anyways, and it'd be fun. You'd just have to open a websocket on each port and see what sockets take noticeably longer before failing. Of course, I wouldn't log the data using analytics. )

hello-smile6 avatar Feb 27 '22 03:02 hello-smile6

@webdev03 No longer logging data from dev servers, see https://github.com/hello-smile6/neofetch-js/commit/942b7ed437a0047ad00d7b5dd8416a868cc29aee

hello-smile6 avatar Feb 27 '22 03:02 hello-smile6

@webdev03 No longer logging data from dev servers, see https://github.com/hello-smile6/neofetch-js/commit/942b7ed437a0047ad00d7b5dd8416a868cc29aee

Nice, would be nice to have your client side code:

        if(
            location.hostname.endsWith(".local") || 
            (
                location.port !== 80 &&
                location.port !== 433
            ) || 
            location.hostname.endsWith(".lan") || 
            !(location.hostname.includes("."))
        ) {
            throw new Error("Refusing to log data from non-public webserver, see https://github.com/ihucos/counter.dev/issues/59");
        }

In the backend (golang) in the appropriate location here: https://github.com/ihucos/counter.dev/blob/master/backend/endpoints/track.go#L78

ihucos avatar Mar 07 '22 10:03 ihucos

@webdev03 No longer logging data from dev servers, see hello-smile6/neofetch-js@942b7ed

Nice, would be nice to have your client side code:

        if(
            location.hostname.endsWith(".local") || 
            (
                location.port !== 80 &&
                location.port !== 433
            ) || 
            location.hostname.endsWith(".lan") || 
            !(location.hostname.includes("."))
        ) {
            throw new Error("Refusing to log data from non-public webserver, see https://github.com/ihucos/counter.dev/issues/59");
        }

In the backend (golang) in the appropriate location here: https://github.com/ihucos/counter.dev/blob/master/backend/endpoints/track.go#L78

Okay.

hello-smile6 avatar Mar 08 '22 23:03 hello-smile6