#Whitelisting tool | Explore Tumblr posts and blogs

techdirectarchive · 11 months ago

Text

Harden your Veeam Backup Server with Microsoft AppLocker

In this article, we shall be leveraging Zero Trust to harden the Veeam Backup Server with Microsoft AppLocker. Zero Trust principles include explicit verification, minimal privilege access, and assuming breach. Please see how to Configure Multiple IP Addresses on a Single or Multiple NICs, and “Demystifying Zero Trust with Veeam: Design your Architecture“. AppLocker enables System Administrators…

0 notes

ravenlly · 12 days ago

Text

How I Fully 100% Blacklist Tags From My Feed! (A Guide For DESKTOP ONLY!!!)

I promised I'd make this post at some point, and here it is! I decided it'd be helpful for Tumblr users to know how to really blacklist tags.

Tumblr is pretty bad for blacklisting tags you don't want to see. If you add them to your blacklist, you'll still see them show up in your feed like this:

If you're like me, you don't quite like that very much, since it doesn't actually get rid of the posts you don't want to see. It just censors it a bit rather than getting rid of it as a whole. This can be super annoying when it comes to fandoms, as sometimes fandoms will have your blacklisted tags show up and flood the pages with these censored posts. Plus, it's not good if you're compulsively curious and can't deny the urge to click even if it's detrimental lmao.

This is where Tumblr Saviour comes in! Tumblr Saviour actually hides your blacklisted tags from you and wipes them from your existence. If you're using a desktop and not a phone, at least. (YES IT'S FREE)

First, you go to the Chrome Web Store. Search for "Tumblr Saviour" and you should find this:

Once you install it, it gives you an option to type in things you want blacklisted or whitelisted! (As you can see, I blacklisted the hell out of an old fandom I was in...for mental health reasons hahahaha maybe it was overkill)

Next, to optimize this setting and be sure you do not see them on your feed anymore, go to the "settings" area. This allows you to control your filtered content and hide it for good! It also lets you do a few other things.

(The Save/Load tab is basically just a copy/pasteable code version of this page, which you can use as well to toggle these options)

And, finally, here's the about tab! It's not really part of the guide or anything, but I'm gonna just put it here anyway!

Aaaand there you have it! That is how I blacklist myself from seeing things I don't really want on my feed without it showing up at all whatsoever! I hope someone finds this useful. I sure as hell do! I love open-source things!!

0 notes

yuma-mukami-garden-god · 8 days ago

Note

Kino Minecraft headcanons

Kino Mukami Minecraft Headcanons

🧱 "This world belongs to me. Literally."

Kino absolutely plays on a private server he built himself, and if you’re his S/O? You’re whitelisted with full permissions… kind of.

He says you’re equal, but you mysteriously don’t have /gamemode or /tp rights… suspicious 😏

His base? Oh, it’s dramatic. Think obsidian towers, gilded thrones, lava moats, enchanted banners flying with his crest.

If it doesn’t scream “worship me,” he’s not interested.

🧠 “I’m ten steps ahead of you.”

Kino’s a redstone genius. His farms are automated. His traps are evil.

His base has secret doors, TNT rigs that only he can disarm, and a pressure plate that plays a note block melody of “God Save the King.”

If you prank him? He lets it slide once.

But the next time you log in… your house is upside down, your cows are wearing jack-o-lanterns, and he left a sign that says:

“An adorable attempt, peasant. Try again. 💋 – Lord Kino”

💎 “I built you a throne. Sit.”

Kino spoils you digitally. Think: a custom castle just for you, matching armor sets with cute pet names, enchanted tools with names like “Royal Shovel of [Your Name]” or “Prince(ss) of My Heart.”

He LOVES building you little “gifts” you didn’t ask for:

A giant pixel art of your Minecraft skin

An entire stable of named horses

A bookshelf room with custom signs like

“Reasons Why You’re Beautiful Vol. I”

🧍‍♂️🧍 “We are not playing with them.”

Kino hates public servers. He says they’re full of “commoners who don’t understand etiquette.”

If you play with other people without him? He gets so pouty.

“So… you had time to mine diamonds with them, but not with me?”

If he does join a public server for you, he becomes an OP menace.

He griefs people who annoy you.

He always gets top kills in PvP.

Then he logs off dramatically:

“I grow bored. Entertain me again later.”

🛏️ Minecraft Date Ideas (Kino Style)

Castle sleepovers in matching skins. He builds a giant bed of red wool and makes a “canopy” with trapdoors and nether brick.

Riding horses off cliffs for fun (“It’s romantic, come on!”)

Getting very competitive in mini-games and sulking if you win. He accuses you of cheating while building you a heart-shaped cake farm anyway.

Finding an End City and naming an Elytra after you.

🩸 Bonus Vamp-Minecraft Crossovers:

Keeps bottles of “blood” (red dye or nether wart) in item frames around his throne room.

Calls villagers “mortals” and “snacks.”

Uses command blocks to summon bats when he enters the room. Yes, he coded that.

💬 In Summary:

Kino treats Minecraft like a digital kingdom and you’re his crowned partner. Expect over-the-top affection, sly pranks, obsessive control over the world—and deep, possessive love through every enchanted diamond he drops at your feet.

Want a Minecraft date night drabble or spicy NSFW voice chat headcanons too? 😏💻

#asks open #anon asks #anime and manga #diabolik boys #diabolik lovers #diaboys #dialovers #kino sakamaki

14 notes · View notes

rabbithaver · 16 days ago

Note

Hiiii I'm rlly interested in vintage story from ur posts (have been for a while now!!) but thought I wouldn't be able to play on my weak shit laptop, but u say it actually runs better than Minecraft?? 👀 I definitely want to check it out then!! Any... Words of advice or tips??

OHOHO YES IVE INFECTED YOU WITH MY SPORES!!! yeah Vintage Story's lead dev, Tyron, is a fucking optimization wizard. like, i've seen this game run smoothly on laptops from like, 2013. of course you'll wanna check the minimum requirements for the game, but there's a good chance your computer will meet them. also if you buy the game lmk what your username is so i can add you to my server whitelist !

okay so tips:

you'll want to mark waypoints on your map ALL THE TIME. if you find loose copper on the ground, you'll wanna mark that before you collect it because once you have a copper pickaxe, you can come back and mine the ore underneath. if you find traders, mark them on your map and specify what they trade in the name of the waypoint (or color of the marker you choose)

IMPROVISED WOOD ARMOR WILL SAVE YOUR ASS IN THE EARLY GAME. it doesn't last very long and it kind of sucks, but it's enough to help you survive a hit long enough to bail. in the early game, you'll be doing a LOT of running from enemies and predators.

COLLECT RESIN WHEN YOU SEE IT LEAKING OUT OF PINE TREES!!! three pieces of resin and three pelts will allow you to craft Lamellar Wood armor, which doesn't break entirely at zero durability the way improvised armor does and can be repaired with firewood. it also offers more protection!

if you're playing in the regular game mode, KEEP AN EYE ON THE TEMPORAL STABILITY OF YOUR LOCATION. settling in a place where the cyan gear in your HUD is going counter-clockwise is a really really bad idea in the long term; choose somewhere it either isn't moving, or it's moving clockwise.

HEALING ITEMS: in the early game, cattails and 4 horsetail will help you recover health!

when you encounter wild-growing crops, COLLECT THEM EVEN IF THEY AREN'T DONE GROWING. you want the seeds they may drop for your farm!

speaking of farming, one of the first things you make out of clay should be a water can (after a cooking pot and a bowl, of course) because farmland with 100% moisture will grow crops faster. FLAX IS SUPER IMPORTANT BY THE WAY! it's used to make twine, which makes linen, which is used in SO many recipes.

oh, and COOKING MEALS IN THE POT IS SUPER EFFICIENT! eating cooked meals will prevent your satiety from dropping for a little bit, meaning you'll be eating less food overall!

SOME TOOLS HAVE MULTIPLE MODES: press F while holding a tool to bring up options. for example, scythes can either destroy grass entirely or just cut it to harvest dry grass.

PROSPECTING PICKS ARE SOOOOOO IMPORTANT FOR FINDING ORE. once you get the hang of using it, it's going to become your best friend when it comes to ore collection.

nothing else is coming to mind at this point but if you have specific questions lemme know!

#rabbit.asks #i love this game so much i spent two hours htis morning lying in bed trying to remember things i wish i'd known when i first started playin

5 notes · View notes

pentesttestingcorp · 29 days ago

Text

Prevent Command Injection in Symfony: Secure Your Code

Symfony is a powerful PHP framework trusted by thousands of developers, but like any framework, it's not immune to security threats. One of the most dangerous—and often overlooked—threats is a Command Injection Attack.

In this blog post, we’ll break down what a command injection attack is, how it can be exploited in a Symfony application, and—most importantly—how to prevent it. We’ll also include code examples and offer you a Website Vulnerability Scanner online free to scan your website for vulnerabilities like this one.

➡️ Visit Our Blog for More Cybersecurity Posts: 🔗 https://www.pentesttesting.com/blog/

🧨 What is Command Injection?

Command Injection is a type of security vulnerability that allows attackers to execute arbitrary system commands on your server. If user input is improperly sanitized, attackers can exploit functions like exec(), system(), or shell_exec() in PHP.

This can lead to:

Data breaches

Server hijacking

Total application compromise

🐘 Symfony Command Injection Example

Let’s start with a naive Symfony controller that might fall victim to command injection.

❌ Vulnerable Symfony Code

// src/Controller/BackupController.php namespace App\Controller; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; class BackupController extends AbstractController { public function backupDatabase(Request $request): Response { $filename = $request->query->get('filename'); // ⚠️ Dangerous input $output = shell_exec("mysqldump -u root -psecret mydb > /backups/{$filename}"); return new Response("Backup created: $filename"); } }

If an attacker sets filename=backup.sql;rm -rf /, this code could delete your entire server. Yikes!

🔐 Secure It With Escaping & Whitelisting

Let’s see how we can secure this.

✅ Safe Symfony Version

public function backupDatabase(Request $request): Response { $filename = $request->query->get('filename'); // Sanitize the filename using a whitelist or regex if (!preg_match('/^[\w\-\.]+$/', $filename)) { return new Response("Invalid filename", 400); } $safePath = escapeshellarg("/backups/" . $filename); $output = shell_exec("mysqldump -u root - psecret mydb > $safePath"); return new Response("Backup created: $filename"); }

By using escapeshellarg() and validating the input, we reduce the risk significantly.

🛠️ Automate Detection with Our Free Tool

Want to check if your website is vulnerable to command injection and other critical flaws?

🎯 We’ve built a Free Website Vulnerability Scanner that checks for command injection, XSS, SQLi, and dozens of other issues—all in seconds.

🖼️ Screenshot of our Website Vulnerability Scanner:

Screenshot of the free tools webpage where you can access security assessment tools.

👉 Try it now: https://free.pentesttesting.com/

📋 Sample Output Report

Our scanner doesn’t just find issues—it gives you a detailed, developer-friendly report you can act on.

🖼️ Screenshot of a sample scan report from our tool to check Website Vulnerability:

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

💼 Need Help Fixing It? We've Got You Covered

🔐 Web App Penetration Testing Services If you're looking for expert-level help to secure your Symfony or PHP application, our team is ready to assist.

➡️ Learn more: https://www.pentesttesting.com/web-app-penetration-testing-services/

🤝 Are You a Tech Company or Agency?

We offer white-label cybersecurity services so you can resell pentesting to your clients without hiring a full team.

📦 Get the full service suite here: 🔗 https://www.pentesttesting.com/offer-cybersecurity-service-to-your-client/

💌 Stay Ahead of Threats—Subscribe Now!

Don’t miss future posts, case studies, and cybersecurity tips.

📬 Subscribe to our LinkedIn Newsletter

🔁 Final Thoughts

Command injection remains one of the most dangerous web application vulnerabilities. Symfony gives you the tools to secure your app—but only if you use them correctly.

Don’t wait until you’re hacked. Take 2 minutes to scan your website with our free Website Security Scanner tool.

📝 Originally written by the Pentest Testing Corp. team 📌 Visit our blog for more: https://www.pentesttesting.com/blog/

#cyber security #cybersecurity #data security #pentesting #security #php #coding #symfony

2 notes · View notes

sugarprlz · 4 months ago

Text

welcome loves~ this is a list of what you can request from sugar and how to do so ❤︎

coining ~

for reclaiming, simply let sugar know what she is reclaiming, and either provide an explanation of the term or a link to the original coining post sugar will be reclaiming from ❤︎

for coining, describe what term you would like coined, if it is exclusive to any groups, etc! sugar will create a name if none is provided, a pretty flag, and a concise description of the term!

npt packs ~

sugar will come up with names, pronouns, titles, usernames, and/or comforts/hobbies for you! simply tell sugar what kind of feeling you want or what sort of person you are and she will do her best to help!

typing quirk ~

sugar will give you ideas for a typing quirk! please specify a theme/character/etc! these will include things such as: character replacements (ex: e->3), word replacements (ex: go->swim), phrase replacements (ex: not the sharpest tool in the shed->not the purest pearl in the oyster), prefixes/suffixes (ex: hi->< hi >), and maybe some other ideas sugar had!

graphics ~

sugar will usually take longer to get to these, so please be patient with her! sugar offers a few types of graphics! examples at the bottom of this list!

if you wish to request an icon please specify what you want the icon to be of and any sort of preferences for colors/aesthetics ❤︎

tumblr or discord banners can be done as well! please specify what you want it to be of!

sugar can make dividers as well, just tell sugar themes/characters for them! for dividers sugar will make a top divider, a bottom divider, and middle dividers ❤︎

the last thing sugar can do is make transparents! sugar will cut out the character from the background by hand to make sure there are no extra pixels or artifacts left over!!

you can ask for multiple of these at once in a bundle so everything is themed the same ❤︎

examples ~

in order ; middle divider, icon, transparent, banner, bottom divider

BLACKLIST ; genshin impact/hoyoverse stuff, hazbin hotel/helluva boss/vivziepop stuff, incest, pedo/MAP stuff, zoo stuff, etc.

WHITELIST ; inuyasha, signalis, deltarune, sky cotl, tbhk, dandadan, sonic, mlp, lmk, httyd, godzilla, apothecary diaries, etc ❤︎

that’s all loves ~ if you wish to request anything else but are unsure, please feel free to ask sugar ❤︎

#ᯓᡣ𐭩 sugar speaking!

4 notes · View notes

rosieathearthside · 5 months ago

Text

I Finally Did The Concept Art!! (Rosie + Ichabod)

(Wattpad link here!)

(YouTube link here!)

I’ve put little tidbits regarding his character design below the cut, if you’d like to read on!! (Potential spoiler warning; if you haven’t read my last story before reading this, please do so-)

Those who have read the last story that I did about these idiots will remember that Ichabod’s actually a failed prototype. Due to a lot of structural mishaps, his style of robot was whitelisted in favour of a more hardy model. Here’s a few of said “mishaps” here-

- The reason he’s wearing a hat is because his right eye is utterly nonexistent! Let’s just say that Rosie was a little silly during transportation. She didn’t see that he was missing an eye when she was in the warehouse, and was so excited to get him assembled that she didn’t notice until almost a day later. XD

- He’s got freckle-like blemishes here and there (notice where the lighter metal is) due to a chemical mishap. You see, one of the main reasons he was whitelisted was due to the limited strength of his metal. And when the warehouse employees tried to strengthen the metal with chemicals…it failed. Miserably. But hey, he’s got cute lil’ freckles now! XD

- The open circles on his upper head/waist are few and far between, meaning that he has a tendency to overheat. (Murder Drones music intensifies-)

- Speaking of his waist, instead of sealing off the metal that’s below there to create a smooth, strong surface, the warehouse employees left it open…for some reason. And though that makes sitting down rather difficult for poor Ichabod, he makes do by using it as storage. Everything from tools for Rosie’s father to robbed kitchen sandwiches can be found in this seemingly tiny expanse. (Robot pockets. Because y e s . ) But despite this menagerie of problems with his design and functionality, Rosie holds onto him anyway. Who wouldn’t, after all? Just look at him!! (The employees over at the estate seem to be especially excited about his arrival…wonder why that could be? It definitely couldn’t have anything to do with a certain…threat Rosie made. Right?)

AnYwAys, hope you enjoy!! Remember to never put popsicles in ya coffee, peeps. <33

With Platonic <3,

Ros!e

#writeblr #writers on tumblr #writing #ros!e's having a stroke again #oh no #ichabod *is* capable of closing his eyes by the way #promise #he looks a lot more human when he does so #right now his eyes are just gears #but don’t worry #there’s a lil’ something called creative license that can make that a *whole* lot more cool #and he has nothing to do with murder drones either #we do not condone killing sprees in this household chat

3 notes · View notes

vetinarihavelock · 6 months ago

Text

Okay while I'm glad to see that xkit does have a tool that allows you to block everything except original posts, I don't like that the whitelist system involves having to type out every individual blog username. One, could you not make a button to whitelist a blog's reblogs faster? But two - and a little more importantly - I don't wanna have to keep renewing the list every goddamn time a blog decides to change its URL, and the types of blogs that I would only wanna follow with a reblog-block tool functioning are the types that most often change their names on a dime.

...Yes this is about gif editing blogs; I'm sorry, I love y'all - but not enough to tolerate looking at some of the ass sets that you're under obligation to share. And I mean really bad.

#personal #Incidentally that's one reason why my quality edits blog won't have a tracking tag whenever it really starts showing itself #Anyway I'm currently going through my entire following list and suffering from all the manual whitelisting #so this shit's likely just gonna get turned off quickly anyway #On a complete side note: Still mad at tumblr for breaking asterisks in tags. Like cmon. user[name] is so much uglier of a track tag trend.#EDIT: A SAVING GRACE: If I turn it off then on again it still saves my list. Small miracles.

2 notes · View notes

dfgfdhs-blog · 1 month ago

Text

How to Evaluate a Crypto Presale Before You Invest

Every week, dozens of new crypto presale token appear. Some promise the next decentralized revolution; others are simply vehicles for quick money grabs. With the explosive potential of presale tokens comes the responsibility to evaluate each project thoroughly before committing your capital.

In this article, we’ll provide a step-by-step guide to evaluating any crypto presale, so you can avoid scams, spot real value, and invest with confidence.

Step 1: Research the Team Behind the Project

The first sign of a legitimate crypto project is a transparent and experienced team.

Questions to ask:

Are team members publicly listed?

Do they have LinkedIn profiles or prior blockchain experience?

Have they worked on other successful crypto or tech ventures?

Are advisors credible and actively involved?

🚨 Red Flag: Anonymous teams with no public profiles or vague experience.

Step 2: Read and Understand the Whitepaper

The whitepaper is the blueprint of the project. Look for:

Problem Statement: What issue is the project solving?

Solution: How does their tech address the problem?

Technology Stack: Blockchain used, consensus, scalability.

Tokenomics: Total supply, allocation, use cases.

Roadmap: Realistic and actionable steps?

A solid whitepaper is clear, detailed, and logically structured.

🚨 Red Flag: Buzzword-heavy documents with no concrete roadmap.

Step 3: Assess the Tokenomics

Understanding tokenomics is vital to know how a token will behave after launch.

Key elements:

Total Supply and Distribution

Vesting Schedules

Staking and Utility

Liquidity Locks

Burn Mechanisms (if any)

🚨 Red Flag: Large allocation to the team or early investors with short lock-up periods.

Step 4: Analyze Community and Hype vs. Substance

Projects that succeed often have strong, organic communities.

Checklist:

Active Discord and Telegram channels

Engaged Twitter/X followers

Participation in AMAs or public events

Developer interactions on GitHub

Use tools like:

LunarCrush for social analytics

DappRadar for platform traction

TwitterAudit to check for fake followers

🚨 Red Flag: Inflated social media numbers with little genuine interaction.

Step 5: Check for Smart Contract Audits

Reliable projects often undergo smart contract audits by third-party security firms like:

Certik

Hacken

PeckShield

SlowMist

Audits highlight vulnerabilities and enhance investor confidence.

🚨 Red Flag: No audit, or a self-audit with no verifiable report.

Step 6: Study the Market and Competitors

Is the project entering a growing market or a saturated one?

Do a competitive analysis:

Who are the existing leaders?

What makes this project different?

Can it scale and sustain users?

🚨 Red Flag: No clear competitive advantage or differentiation.

Step 7: Evaluate the Launch Strategy

Is the presale happening via a reputable launchpad?

Is there a fair whitelist process?

Are there clear contribution limits?

Look at previous project launches on the same platform for performance benchmarks.

Step 8: Review Legal Compliance

A growing number of jurisdictions require:

KYC (Know Your Customer)

AML (Anti-Money Laundering) checks

Utility token classification

Registration with financial authorities

🚨 Red Flag: Avoid projects promoting anonymous investment or skirting regulations.

Step 9: Use Token Tracking Tools

TokenUnlocks.app – See token release schedules.

Etherscan/BscScan – Check contract activity.

CoinGecko/CoinMarketCap Presales – Monitor upcoming sales.

These tools help you verify data independently.

Step 10: Diversify and Invest Responsibly

Never go all-in on a single presale. Spread your risk across vetted projects and keep some funds liquid for safer bets.

Consider:

Allocation caps per project

Holding stablecoins or BTC/ETH as anchors

Exiting strategies if projects underperform

Conclusion: Presale Success Starts with Research

In the fast-moving world of crypto presale token, due diligence is the ultimate weapon. While the potential for outsized returns is real, so is the chance of loss — especially in a space where hype can outweigh substance.

1 note · View note

bigvee1 · 7 months ago

Text

How to Add Your Own Token to STON.fi – A Step-by-Step Guide

If you’ve ever wanted to trade a token that isn’t on STON.fi’s official list, don’t worry—it’s not as complicated as it might sound. Whether it’s a unique project token or one from your favorite community, STON.fi allows you to add your own tokens. Here’s how you can do it effortlessly and safely.

Step 1: Understanding the Contract Address

Before we dive in, let’s talk about what a contract address is. Think of it like an ID number for your token—it’s unique, specific, and ensures the token is recognized on the blockchain.

You can find the contract address on the token’s official website or a trusted blockchain explorer like Etherscan. But remember, double-check it! Copying the wrong address is like entering the wrong bank account number—everything goes astray.

Step 2: Importing Your Token on STON.fi

Once you have the contract address ready, follow these steps:

1. Open STON.fi and locate the search bar.

2. Paste the contract address into the bar and hit search.

STON.fi will automatically pull up the token details—name, symbol, decimals, and all. It’s like scanning a barcode at the grocery store and seeing all the product details pop up.

Take a moment here to verify everything. It’s always better to spend an extra minute now than to fix a mistake later.

Step 3: Agree and Proceed

Once the token details appear, and you’re satisfied they’re correct, click "Agree and Proceed."

Congratulations! You’ve successfully added the token. From now on, it will show up in your token list on the current device. It will be tagged as "Imported," letting you know it’s a custom addition.

For other users, your token will appear under the "Community" category, provided they have enabled the Community assets feature or added the token themselves.

Community Tokens: The Good, The Bad, and The Risks

Community Tokens are exactly what they sound like—tokens added by users, not officially verified by STON.fi.

Think of it like shopping at a local market versus a big chain store. The local market has unique finds, but you need to be cautious because not everything comes with a guarantee.

Before trading any Community Token, do your homework. Check its legitimacy, understand its use case, and assess the risks. If it looks too good to be true, trust your instincts—it probably is.

Enabling Community and Deprecated Assets

Want to see what other users have added? Turn on the Community assets feature in your settings. This is like opening the door to a hidden marketplace with endless options.

You can also enable Deprecated assets, which are tokens that were once on the STON.fi whitelist but have since been removed. It’s like digging into an old catalog to rediscover gems that might still be valuable.

Why Import Your Own Token

Importing your own token isn’t just a feature—it’s an empowering tool. It gives you the freedom to explore beyond the standard token list and trade assets that align with your goals.

It’s like customizing a playlist—while the default options are great, sometimes you want that one specific song that makes your experience complete.

Final Thoughts: Take Charge of Your Trading Experience

Adding a token to STON.fi is straightforward and opens up a world of possibilities. It’s about taking control, exploring new opportunities, and making the platform work for you.

But with freedom comes responsibility. Always double-check your token details, trade cautiously, and stay informed. The crypto space is exciting but requires a keen eye and careful steps.

So go ahead, try it out, and take your trading journey to the next level! You’ve got this.

3 notes · View notes

kais-radwan · 2 years ago

Text

My open-source decentralized core

I asked before if people would love to hear about my open-source projects, and I got a lot of really great responses, so here we go...

About the project

I've been working on a NodeJS project lately, it's a decentralized real-time data network integrated with AI policies and other cool security features, It's only been a few weeks under development and in its early stages, but I hope we get somewhere with it.

The project is called ddeep-core, and it's supposed to be a tool under the ddeep ecosystem we are building in Multi Neon (my startup).

This core is supposed to be a more secure way to sync, save, and process decentralized graph data in real time based on data subscriptions and policies.

link to the project

How it works

First of all, a peer (device or browser) would subscribe to some data (a node in the graph database) by opening a connection with the core and sending a get message, and if the policies applied to that node are satisfied, it will add a real-time listener to that node and send back the current node's data, otherwise, it just ignores it.

Now every time someone updates that node's data by sending a put message, that peer will receive a real-time update.

well, these policies can be AI-powered... so for example, if you want to prevent any angry inputs from being added to the network under the 'posts' node, you can do so in 3 lines of code easily.

ddeep-core can be a fully decentralized solution, and if you want to save data to storage, you can do that too with features like recovery checkpoints...

It supports IP whitelisting to prevent cross-site attacks and that kind of stuff, It manages the data well by resetting the graph and listeners every while, and with each peer connection close.

There is no API for this yet, but it works perfectly with Gun.js or just by sending requests to it, we are currently working on an interface API to communicate with the core in a more efficient way.

So, is it good ??

So far the results are pretty good, if we are talking about stability we still have a long road to go with more testing, and if we are talking about performance, It's good so far.

ddeep-core is good when it comes to performance, as it ignores a lot of things when processing connections and messages, for example, if the core has to deal with a put request, and has to save data to storage too, it won't wait for the saving process to finish, it will just ignore if it's done or not and send the updated data to all peers listening to it (after processing the policies for sure).

I focused a lot on the data structure of listeners and peers, and I hope I got it well as it really affects the performance a lot.

#technology #software engineering #coding #decentralization #software #open source #programming #artificial intelligence #backend

4 notes · View notes

fantastictheoristdonut · 2 years ago

Text

How does Amazon prevent association? Use virtual fingerprint browser

much larger than other platforms, and it should occupy a major position in the cross-border industry.However, many people are deterred and choose to build some smaller platforms. In fact, the main reason is that Amazon's risk management is very strict, and many sellers have had their accounts banned due to account association issues. But the emergence of virtual fingerprint browsers in the past two years is enough to change this situation.

How does Amazon prevent association?

The overall logic of preventing Amazon association is essentially the same, but the specific implementation and effects vary slightly by product. The following uses Bit Virtual Fingerprint Browser as an example.

Bit Virtual Fingerprint Browser prevents account association through browser fingerprint emulation and IP allocation proxies.

By simulating the software and hardware information of a computer or mobile phone device, it prevents accounts from being associated. Multiple fingerprint-resistant browsers can be generated on the same computer that are physically separate and prevented from association. These browser cookies, local storage and other browser fingerprinting information are completely separate, independent and distinct from each other, preventing accounts from being linked.

In addition, the Bit Virtual Fingerprint Browser can be combined with a proxy to configure an independent IP for each generated browser, allowing you to simulate device logins from different regions and further improve the security of multiple accounts.

Can using a virtual fingerprint browser ensure that there will be no association?

Generally speaking, the correct use of virtual fingerprint browsers can greatly reduce the risk of account association, and can almost guarantee that your account will not be associated again. However, Amazon's account association elements are not limited to these. There are also many detection dimensions such as registration information, product and store information, and the correlation between users and reviews.

The virtual fingerprint browser can ensure that the registered virtual environments are independent of each other from the beginning of account registration, but sellers need to be more careful because the registration information is provided by people, and during the subsequent sales process, Amazon will also check the products and their descriptions in various stores . Therefore, it’s best to differentiate your products by store and write out as many differences as possible in your copy.

Product reviews are also very important. Many sellers use reviews to maintain product reviews, but repeated buyer accounts and review behavior can also cause two accounts to fall into anomalies. In this regard, the multi-account of the virtual fingerprint browser supports the operation of multiple buyer accounts and social media platforms. By increasing the number of evaluation whitelist accounts, subsequent operations will become simpler.

Virtual fingerprint browser tools are crucial in preventing Amazon association, but by the same token, these human factors cannot be ignored. Only by paying enough attention can we gain something from Amazon's huge market.

#linux #indiedev

3 notes · View notes

gladiolidiaries · 2 years ago

Note

also sapnap helped gia set up the mod on his hardcore btw on kick he sat through it all with her but when sylvee joined when she was begging for help bless her and tools he just left the call to go play valo with punz

then later on he angry at her because she made his game lag ( bc he had to open mc to whitelist her) and said ‘my game is lagging because i had to whitelist dumbass sylvee and i swear down if she isn’t even playing on that server’ 😭 nobody told anyone about that bc it was on kick but as a sylvnapper/sapnap kick watcher i was like damnnn

🙁

1 note · View note

pentesttestingcorp · 5 months ago

Text

How to Prevent Unvalidated Redirects and Forwards in Laravel

Introduction

When developing a Laravel application, security should be a top priority. One of the most common vulnerabilities that can put your users at risk is unvalidated redirects and forwards. These vulnerabilities occur when a user is redirected or forwarded to an untrusted URL without proper validation, which can be exploited by attackers to conduct phishing, session fixation, or other malicious activities.

In this blog post, we'll discuss how to identify and prevent unvalidated redirects and forwards in your Laravel applications, including practical coding examples and tips to enhance the security of your website.

What Are Unvalidated Redirects and Forwards?

An unvalidated redirect occurs when a user is sent to a URL that isn't properly checked for trustworthiness. For example, an attacker may trick a user into clicking a link that redirects them to a malicious site.

Similarly, unvalidated forwards happen when the application forwards a user to another resource without proper validation. Attackers can exploit this to bypass security checks or perform unauthorized actions.

Why Are They Dangerous?

Both unvalidated redirects and forwards can be exploited by attackers for various malicious purposes, including:

Phishing attacks: Redirecting users to fake websites to steal their personal information.

Session hijacking: Redirecting users to a page that steals their session data.

Malicious data exposure: Forwards to unauthorized resources.

How to Prevent Unvalidated Redirects and Forwards in Laravel

1. Use Laravel's Built-in Validation for Redirects

One of the simplest ways to avoid these vulnerabilities is to validate URLs before redirecting users. Laravel has a built-in url() method to ensure that the redirect URL is valid and within the allowed domain.

Here’s how you can implement a secure redirect:

use Illuminate\Support\Facades\Redirect; public function redirectToInternalPage($path) { $validPaths = ['/home', '/dashboard', '/profile']; // Allowed paths if (in_array($path, $validPaths)) { return Redirect::to($path); } else { return abort(403, 'Unauthorized redirect.'); } }

This approach ensures that users can only be redirected to predefined paths within your application.

2. Validate External Redirects

If your application needs to redirect users to external URLs, ensure that the redirect destination is trusted. A basic way to achieve this is by checking if the destination URL belongs to a trusted domain:

use Illuminate\Support\Facades\Redirect; use Illuminate\Support\Str; public function redirectToExternalSite($url) { $trustedDomains = ['trustedsite.com', 'anothertrusted.com']; $host = parse_url($url, PHP_URL_HOST); if (in_array($host, $trustedDomains)) { return Redirect::to($url); } else { return abort(403, 'Untrusted redirect destination.'); } }

This will prevent users from being redirected to malicious websites, as the app only allows URLs from trusted domains.

3. Implement URL Whitelisting

Another preventive measure is to implement URL whitelisting. This approach limits the URLs that users can be redirected to, ensuring that they are only sent to trusted destinations.

public function validateRedirect($url) { $whitelistedUrls = ['https://example.com', 'https://secure.com']; if (in_array($url, $whitelistedUrls)) { return Redirect::to($url); } else { return redirect('/home')->with('error', 'Invalid redirect attempt.'); } }

4. Use Redirect::secure() for HTTPS Redirects

To avoid redirection to unsecure HTTP links, always use secure redirects. You can ensure that the user is redirected to a secure HTTPS URL by using Redirect::secure():

return Redirect::secure('/dashboard');

This method forces the redirect to be on an HTTPS connection, enhancing the security of your application.

Preventing Vulnerabilities with Tools

It’s essential to regularly assess your website’s security. For that, you can use our Free Website Security Scanner tool to identify vulnerabilities like unvalidated redirects and forwards.

Visit our tool to get started. Below is a screenshot of the tool's homepage for your reference.

Additionally, after running a scan, you will receive a detailed vulnerability assessment report to check Website Vulnerability, helping you pinpoint areas that need attention.

Conclusion

Unvalidated redirects and forwards are serious security vulnerabilities that can jeopardize your Laravel application. By following the methods outlined in this post, you can secure your application and protect your users from phishing, session fixation, and other malicious activities.

Remember to keep your Laravel application up to date and utilize our free tool for Website Security tests to conduct regular assessments and stay ahead of potential threats.

For more tips and tutorials on securing your Laravel application, visit our blog at Pentest Testing Corp Blog.

#cyber security #cybersecurity #data security #pentesting #security #laravel #php #redirects

2 notes · View notes

empyrasofytwaresolution · 3 days ago

Text

Implementing Role-Based Access Control Using Atlassian Guard in the Teamwork Collection

1 . Enforcing Security Across Atlassian Cloud

Atlassian Teamwork Collection unites tools like Jira, Confluence, Loom, and Rovo AI to streamline collaboration—but with multiple users, projects, and workflows, security becomes critical.

Role-Based Access Control (RBAC) helps organizations maintain compliance and reduce risk by ensuring that only authorized users access sensitive areas. With Atlassian Guard, enterprises can implement centralized access policies across the Atlassian ecosystem.

This guide explores how to set up RBAC effectively using Guard to protect your data while enabling your teams to move fast with confidence.

2 . Introduction to Atlassian Guard Capabilities

Atlassian Guard provides centralized user management and enterprise-grade security controls. It integrates seamlessly with Atlassian Cloud tools, enforcing consistent access governance.

User provisioning and de-provisioning: Automate user access with lifecycle management.

Unified access controls: Apply global policies across Jira, Confluence, and other Atlassian apps.

Security insights dashboard: Monitor access patterns and receive alerts for anomalies.

Authentication flexibility: Support SAML, SCIM, and OAuth2 protocols.

Advanced threat detection: Identify suspicious behavior in real-time.

3 . Mapping Roles and Permissions

A successful RBAC model starts with clearly defined roles aligned to job functions and responsibilities. Guard helps administrators assign permissions based on these roles.

Role templates: Use predefined templates or create custom roles.

Least privilege access: Restrict permissions to only what is needed.

Granular project access: Control which teams can view/edit specific projects.

Read-only roles: Useful for compliance officers or executive stakeholders.

Admin-level delegation: Grant elevated access without full admin rights.

4 . Configuring SAML SSO for Central Access

Single Sign-On (SSO) enhances security and simplifies user login. Guard enables SAML SSO configuration for centralized identity and access management.

Federated login: Integrate with identity providers like Okta, Azure AD, or Google Workspace.

Secure credentials: Users authenticate with one set of credentials.

Automatic session timeout: Enforce inactivity logout policies.

Access control by domain: Limit logins to corporate domains only.

Multi-org authentication: Support SSO across subsidiaries or business units.

5 . Guarding Sensitive Data in Jira Projects

Not all users need full access to all data. Guard allows sensitive project and issue-level data in Jira to remain protected from unauthorized access.

Confidential issue types: Restrict access to HR, legal, or financial issues.

Private projects: Make select projects visible only to designated roles.

Custom field visibility: Show or hide fields based on user role.

Restrict attachments: Prevent downloading or editing of sensitive files.

Dynamic permissions: Adjust visibility as roles or teams evolve.

6 . Logging & Monitoring Access Events

Proactive logging is vital for security audits and real-time incident response. Guard provides deep visibility into access activities across your Atlassian tools.

Audit trails: Record who accessed what, when, and from where.

IP whitelisting: Allow access only from approved networks.

Geo-location tracking: Flag access attempts from unusual locations.

Access reports: Generate weekly/monthly summaries for compliance.

Real-time alerts: Notify security teams of unauthorized access.

7 . Applying Policies for Multiple Teams

Managing access across departments requires flexible policies. Guard enables team-based policy application, ensuring the right people have the right access.

Policy groups: Assign rules by department, location, or role.

Project-level segmentation: Customize controls per team or use case.

Time-based access: Temporary access for contractors or seasonal staff.

Nested teams: Support complex org structures with multiple access layers.

Cross-functional collaboration: Enable secure access across product, dev, and support teams.

8 . Compliance Considerations for Enterprise Teams

RBAC is essential to meet security and regulatory standards like SOC 2, ISO 27001, and GDPR. Guard helps enterprises stay audit-ready.

Automated compliance checks: Track policy adherence continuously.

Data residency controls: Manage where your user data is stored.

Permission recertification: Conduct periodic role/access reviews.

Retention policies: Control how long logs and data are stored.

Incident response logs: Export evidence during audits or investigations.

Conclusion

Project management across large organizations demands more than just collaboration—it requires confidence in your system’s security. With Atlassian Guard, RBAC becomes scalable, flexible, and audit-ready across the Atlassian TWC.

From managing access to enforcing compliance, Guard ensures every user sees only what they’re meant to, and nothing more. For teams using Jira, Confluence, and other tools in the Teamwork Collection, this is your path to operational security and streamlined IT governance. Strengthen your Atlassian setup today with the right access controls for your growing team.

#software development #software #software product engineering company #technology #software services #Atlassian teamwork collection #atlassian twc #teamwork collections #team work collection #atlassian team work collection #teamwork collections atlassian #atlassian twc pricing

0 notes

smscompanyinntanzania · 5 days ago

Text

SMPP Connectivity in Tanzania: Powering Reliable Bulk SMS Delivery

In the fast-growing digital ecosystem of Tanzania, businesses and organizations are increasingly relying on SMPP Connectivity in Tanzania to streamline and scale their communications. With the demand for instant, secure, and high-volume messaging growing rapidly, Sprint, a leading bulk SMS provider, is at the forefront of delivering cutting-edge SMPP SMS in Tanzania.

What is SMPP?

Short Message Peer-to-Peer (SMPP) is an open, industry-standard protocol designed to enable high-speed exchange of SMS messages between applications and mobile network operators (MNOs). It’s the backbone of most high-performance bulk SMS platforms globally, including those operating in Tanzania.

Why SMPP Matters in Tanzania

As mobile penetration deepens across the country, companies are seeking faster and more reliable messaging solutions. This is where SMPP Connectivity in Tanzania becomes essential. With SMPP in Tanzania, businesses can send thousands of messages per second, making it the ideal choice for:

Banks sending OTPs and transaction alerts

E-commerce platforms sending order updates

Educational institutions delivering notices

Healthcare providers sending appointment reminders

Sprint understands these unique needs and offers a powerful SMPP Service in Tanzania tailored to meet high-volume communication requirements.

Sprint’s SMPP SMS Gateway in Tanzania

Sprint provides a robust SMPP Service in Tanzania that ensures message delivery at lightning speed and maximum reliability. Here's what makes Sprint a preferred partner for SMPP Connectivity in Tanzania:

High Throughput: Capable of handling thousands of messages per second

Secure Connection: Supports SSL encryption and IP whitelisting

24/7 Monitoring & Support: Dedicated technical team to ensure uptime and troubleshoot issues

Real-Time Delivery Reports: Track every SMS with precision

Flexible APIs: Seamlessly integrate with your CRM, ERP, or custom apps

With Sprint’s SMPP SMS in Tanzania, businesses no longer need to worry about message delays, delivery failures, or system bottlenecks.

Who Can Benefit from SMPP in Tanzania?

The advantages of SMPP in Tanzania extend across industries:

Telecom Operators: For routing A2P traffic

Financial Institutions: For instant and secure transactional messaging

Government Agencies: For mass alerts and updates

Marketing Agencies: For running SMS campaigns at scale

Sprint’s SMPP Service in Tanzania allows all these sectors to connect with audiences in real-time, securely and reliably.

The Future of Bulk Messaging in Tanzania

With growing digital transformation, SMPP Connectivity in Tanzania is no longer optional—it’s a necessity. As businesses scale and customer expectations evolve, platforms like Sprint are ensuring that SMPP SMS in Tanzania remains fast, secure, and scalable.

Whether you're a startup looking to grow or an enterprise aiming to optimize communication, Sprint’s SMPP Service in Tanzania gives you the tools you need to succeed.

0 notes