tech-team
RocketChat ID: 4xBSWiLiQjEDjp5Gp
2,194 total messages. Viewing 100 per page.
Prev |
Page 14/22
| Next
And then if it doesn't, we'll just ask if it was him on the mumble or not.
If it is the same IP we can just ask him why he is using tor and on linux and see if he freaks out or just gives a quick, reasonable response.
The victory server is 206.81.15.30
Yes. Will go for it now.
Deployed. Now images won't load?
No idea if that was the goal.
(ip.src ne 206.81.15.30 and http.request.uri contains "/api")
You can undo it
Just turned the rule off.
Let's see if images send.
Yes.
So it was definitely the rule that blocked images somehow.
what images?
everything worked for me, but when I refreshed the page it wouldn't load
Any images. Both me and Mason tried to upload an image while the rule was in effect and they would not load past 0%.
so maybe the web version of rocketchat does use API calls
do we know what user agent the mobile app uses?
we can write a rule to just block that user agent
Very suspicious guy applying right now and he says Logan CA is his friend
Yes we do
Logan CA read my messages but his status says offline.
Vincent, is Logan CA set to "invisible" right now? Idek if you can check.
No way to check
Talk to brandon about him
I'm curious if Logan will only reply to me when we make a decision on this guy.
Don't let him in until he does then. If he is using Logan as a reference and Logan is unreliable...
Do you think we should tell him he's accepted as a lie to see how Logan reacts?
Actually, we'll put him on hold and wait for Logan to respond.
I'll tell him he's on hold until Logan responds as well.
Just put him on hold. Remember we don't need to jump through hoops for guys. We have a whole extra PF org just sitting waiting for us to contact them. Take your time and make sure to get the good guys.
We still need to enable DM pruning as well
I believe Jake was supposed to work with Thomas earlier this evening?
I think that was on blocking the DMs
DMs being pruned now
King
Based Jake
Does anyone remember if we figured out how to look at nginx logs and identify the app user agent?
blocking all API calls seems to break the browser
I think Michael did it once a while back
Can cloudflare block by a regex for a user agent?
not sure if regex
Best approach is to do that in the authorization endpoint
patch the server on the login api to reject new sessions for invalid user agents
Cloudflare WAF can probably do this too
cloudflare is ideal since its first contact
but I dont know what user agents we are blocking
does anyone know how to look at nginx logs?
Check the cron jobs. I believe there is something in there to clear them every so often.
You're right
So we are purging the nginx docker container logs every hour, and it does contain IP addresses and user agents and the GET url
So there should be something with the words mobile in there from what I remember
I will try to identify the user agent
it also looks like rocketchat might be saving IP addresses somewhere, looking into that now
So idek if this interviewee is an infiltrator because he completely failed the violence question.
probably legitimately a sperg or a bad actor trying to get us to do something compromising
Either way doesn't reflect well on Logan CA
So the sessions db has lots of IPs and client info
sessions should be purged if older than 7 days perhaps
The oldest one being 8/31/2021
We could do a cronjob that does something like that
if you delete a session does it force a relogin
was just gonna try
I think there is a separate collection for tokens
That might be under the users collection
A downtime project, perhaps.
Someone with a wikipedia account can simply revert the libtard's changes. He removed like 15,000 words with the reasoning "Wikipedia is not propaganda!"
He's not a wikipedia admin or anything
I had 150 instances, I deleted them all and nothing changed with me using RC. When I refreshed the page it did not make a new instance, but when I closed the tab and opened it again, it did.
So it may be good to regularly purge instances to minimize how many IP addresses we are keeping. Should we purge daily?
Nevermind, the wiki page "requires autoconfirmed or confirmed access" to edit. Whatever tf that means.
I would say hourly is good
Also it might be worth doing some housecleaning on the vetting server of named accounts I see some inactive folks on there.
@Vincent TX register me on mumble senpai
@Vincent TX these both are completed
Tested, and now IPs are not found on server after the hourly nginx logs purge and rc sessions puge
While you're in that db can you tell me if Logan CA is using a VPN?
i can find his IP, let me check
well since I purged it, I have to wait for him to log in again
Gotcha
test
also we could hide teh invisibl status option
I think I'd rather have it logged
okay, I am looking to where that is tored
I think i can derive who is using "invisible" status as long as they are currently online
currently, David WA and @Matthew MN
is that accurate @Matthew MN
I use that status
"we got em!"
Want to see my Antifa tats
2,194 total messages. Viewing 100 per page.
Prev |
Page 14/22
| Next