It woRks. Even I did a video on it.https://youtu.be/jzSwu_Ft6OI
But i can’t.
Try using a VpN
It will be one of a few reasons
- Your IP address has been blocked (This could be due to an ISP wide block, or a country wide block)
- Your internet times our before it finishes the request.
- You have a country wide firewall, Preventing access.
Because your account might got banned by freenom.
Register a new account and then register domain from that account.
I though you already ask about it.
Have you tried my tips?
Regarding twitter hackers, bitcoin is a very bad choice as it records are public. Next hackers that are smart would have used a VPN.
You can’t really hide,
and all pretty much depends on the type and size of the offense (how much resources a government service will spend to find you).
Maybe if you had a van with tinted windows, a good antenna and parked somewhere
and hacked someone else’s WIFI and carried out an attack via his network, and in addition, also had a custom OS that does not give any fingerprint and a browser similar to TOR, and, and…and ultimately a lot of money for various equipment and services.
There are two truths
-
information regarding an investigation which is served to us publicly
-
and (probably) the real truth is actually that the secret services and special forces have tools and knowledge of holes in various systems, decryption keys, interception of communication on major internet hubs, eavesdropping, AI, etc., that no one knows about it…
And then they tell us a story like:
some admin stated that someone had hacked his forum - it was probably some rival hacker group
who just dump DB just like that, so the FBI luckily accidentally found it…
(because the investigators must not say or admit that the FBI or some other service probably hacked that forum and the rest of stuff…got the necessary information and in the end find the culprits in these ways)…
Yes
I was bothered by the result under the security section (score)
on sites like these https://www.webpagetest.org/ & https://securityheaders.com/
however with Cloudflare workers it is very easy to solve this problem
The example below is for those who know what they are doing and how to customize the code to fit their website - I am not responsible !
Cloudflare offers a free plan which contains
- go to CF and select the workers section from the top menu
- Create a worker
- name it here
4.1 copy/paste this code (modify if necessary)
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request));
})
async function handleRequest(request) {
const response = await fetch(request);
return getSecuredResponse(response);
}
const securityHeaderMap = {
"Strict-Transport-Security" : "max-age=2592000; includeSubDomains; preload",
"Content-Security-Policy" : "upgrade-insecure-requests",
"Feature-Policy" : "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'",
"Referrer-Policy" : "strict-origin-when-cross-origin",
"X-Content-Type-Options" : "nosniff",
"X-Frame-Options" : "SAMEORIGIN",
"X-Xss-Protection" : "1; mode=block"
};
const headerDeletionList = [
"X-Powered-By"
];
async function getSecuredResponse(response) {
let responseHeaders = new Headers(response.headers);
// Return immediately if response is not 'text/html'
if(isResponseContentTypeNotHtml(responseHeaders)) {
return response;
}
// Add security headers to response.
Object.entries(securityHeaderMap).map(([name, value]) => responseHeaders.set(name, value));
// Delete headers from response.
headerDeletionList.forEach(name => responseHeaders.delete(name));
// Return response with modified headers.
return new Response(response.body , {
status: response.status,
statusText: response.statusText,
headers: responseHeaders
});
}
function isResponseContentTypeNotHtml(headers) {
const contentType = headers.get('content-type');
return !contentType || !contentType.includes("text/html");
}
4.2 save
- now it is necessary to tell the worker when it will be activated (add route)
select the workers tab again from the top menu
6.1 domain or all subdomains, etc… - consult here (click me)
6.2 the name of our worker
6.3 I chose not to throw out the error
8. if it doesn’t work properly - edit the trigger or worker code
Good luck !
useful link OWASP Secure Headers Project | OWASP Foundation
Thanks Oxydac, I was thinking how to inject those headers while using GitHub Pages. thanks :)))
F yes this is a complete sentence.
Thanks @Oxy
yay!
"Permissions-Policy" : "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'",
Add this in too,
HI
if you do not write the protocol in the address (no https )
then time is wasted on redirecting to https (301)
that’s why you’ve already lost a few dozen MS
so your grade was lower
in addition you have a WP that takes some time to generate
look at the address in my picture
btw. look here (click me) all marked in yellow (it takes a lot of time for gmaps, etc. )
and such things that you do not use or do not work properly for who knows what reasons need to be corrected
you’re welcome - if you’re happy, so am I
Thanks for your advice. I’ll look to it
because I’m building an web app I’m not gonna do that ^^^
Due to various optimizations and compressions; HTML comments are often not displayed (in my case Cloudflare).
So if you want to send a message to some thief, hacker, or whatever, you can also send it via the browser console.
<script>
const OxyDacConsole='color:#ff680d;font-size:40px;font-weight:bold;';
const OxyDacTextConsole='color:#ff680d;font-size:14px;';
console.log('%c© Oxy Dac', OxyDacConsole);
console.log("%cAll rights reserved. If you alter, transform, build or republish this work you may distribute it only with copyright holder's explicit permission.",OxyDacTextConsole);
console.log('%cSee https://oxydac.cf/conditions.htm for more information.',OxyDacTextConsole);
</script>
%c
= directive to apply a CSS style to console output. The text before the directive will not be affected, but the text after the directive will be styled using the CSS declarations in the parameter
Of course you can also add background color, emojis, and so on.
Pay attention to choose the color of the text that is visible on a black or white background (depending on the user theme of the browser and OS).
It is best to minify the code and put it on the bottom in some external JS file ( all in one JS file ) which was always loaded on all pages anyway,
so that there are no additional calls in the HTML and that you don’t have to write code in every page you want it to appear on.
P.S. of course it can also be some funny message