Project dedicated to fight Layer 7 DDoS with proof of work, with an additional WAF and controller. Completed with full set of features and containerized for rapid and lightweight deployment.
Home Page: https://shield.rs.me
License: MIT License
Visit my blog to know more about me!!! rs.me
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "dependabot-preview[bot]")
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
![mend-bolt-for-github[bot] avatar](https://avatars.githubusercontent.com/in/16809?v=4 "mend-bolt-for-github[bot]")
![renovate[bot] avatar](https://avatars.githubusercontent.com/in/2740?v=4 "renovate[bot]")
Hi, for some reason it returns a 401 error on submit stage.
I've tried with and without reverse proxy, in both cases I get a 401 error.
I don't see anything in the logs.
What the heck!!!
Browser JavaScript on the client side then attempts to brute-force a “nonce” that when appended with the prefix, can produce a SHA256 hash with the number of leading zero-bits more than the “difficulty” D specified by the server. i.e. SHA256(prefix + nonce)=0…0xxxx (binary, with more than D leading 0s)
I don't understand how you are going to get leading 0s. I have never seen hash that would resemble anything starting with 0000...
Exit scammed with bad opsec, sounds like an L to me not gonna lie
Reason:
But I keep cruisin'
Can't stop won't stop movin'
I shake it off, I shake it off
FUD all you want, Incognito's not going anywhere. And ain't anybody steal anybody's shit.
P.S Special thanks to the wonderful staff team working them asses off.
.svg-Files won't get loaded through the PoW-Shield, it logs:
Is there anything I can do about this?
Thank you very much for this great software!!
L
Vulnerable Library - axios-0.21.1.tgzPromise based HTTP client for the browser and node.js
Library home page: https://registry.npmjs.org/axios/-/axios-0.21.1.tgz
Path to dependency file: PoW-Shield/package.json
Path to vulnerable library: PoW-Shield/node_modules/axios/package.json
Dependency Hierarchy:
Found in base branch: main
Vulnerability Details
axios is vulnerable to Inefficient Regular Expression Complexity
Publish Date: 2021-08-31
URL: CVE-2021-3749
CVSS 3 Score Details (5.5)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
Warning
These dependencies are deprecated:
| Datasource | Name | Replacement PR? |
|---|---|---|
| npm | @types/cron |
 |
| npm | @types/ioredis |
|
| npm | @types/koa-views |
|
| npm | koa-views |
|
These updates have all been created already. Click a checkbox below to force a retry/rebase of any.
koa-bodyparser, @types/koa-bodyparser)@types/jest, jest, ts-jest)These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.
ioredis, @types/ioredis)docker-compose.example.yaml
Dockerfile
node 21node 21-alpine
.github/workflows/codeql-analysis.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123bgithub/codeql-action v3github/codeql-action v3github/codeql-action v3.github/workflows/docker-ci.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123bdocker/setup-qemu-action v3docker/setup-buildx-action v3docker/login-action v3docker/build-push-action v6docker/build-push-action v6.github/workflows/njsscan-analysis.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123bgithub/codeql-action v3.github/workflows/nodejs-ci.yml
actions/checkout v4@44c2b7a8a4ea60a981eaca3cf939b5f4305c123bactions/setup-node v4
package.json
create-hash 1.2.0cron 3.1.7debug 4.3.6dotenv 16.4.5http-proxy-middleware 2.0.6https 1.0.0ioredis 4.28.5ioredis-mock 7.5.1koa 2.15.3koa-bodyparser 4.3.0koa-json 2.0.2koa-logger 3.2.1koa-redis 4.0.1koa-router 12.0.1koa-session-minimal 4.0.3koa-static 5.0.0koa-views 8.1.0koa2-connect 1.0.2moment 2.30.1pug 3.0.3randomstring 1.3.0socket.io-client 4.7.5source-map-loader 5.0.0@types/create-hash 1.2.6@types/cron 2.4.0@types/debug 4.1.12@types/ioredis 4.28.10@types/jest 28.1.8@types/koa 2.15.0@types/koa-bodyparser 4.3.9@types/koa-json 2.0.23@types/koa-logger 3.1.5@types/koa-router 7.4.8@types/koa-session-minimal 3.0.11@types/koa-views 7.0.0@types/randomstring 1.3.0browserify 17.0.0jest 28.1.3jest-html-reporters 3.1.7jest-puppeteer 6.2.0loadtest 8.0.9merge 2.1.1puppeteer 14.1.2ts-jest 28.0.8typescript 5.5.4uglify-js 3.19.0uglifyify 5.0.2
curl -F "image=@/home/rui/social-security-number.png" https://www.fbi.gov/
Imagine facing a minimum of life sentence WHEN convicted 💀💀💀💀😭😭😭😭😭😭😭😭💀💀💀💀💀💀
Feature request: docker image built for arm64
Rui there seems to be funds missing from my acct. can u credit me back?? thanks 😘
bc1q6639530ffmhzsnjzstdykzzlaf3aat8xgh5fya
Riu Ling Ling sang I don’t even remember ur name but damn ain’t u slow? Instead of ddos shields focus on identity shields such as:
1.) not scamming out of millions and making hundreds of ppl hate you.
2.) don’t use the same powow whatever tf shield on ur server then go and advertise it to the public
3.) use illegally obtained crypto to buy a domain for ur personal life
Now instead of shielding servers from ddos you gonna have to shield your bootyhole in prison and neck from pokey pokes
Aside from the demise of the maintainer, @RuiSiang, does anyone continue to develop and maintain this Software?
Yes, the same question as in this issue...
According to this slide, you can simply flood the PoW Shield to prevent all clients to be validated and proxied to the Protected Server. Is this correct?
update shield pls and dm me
it looks like you know what you are talking about from the YouTube video I saw https://youtube.com/watch?v=zeNKUDR7_Jc
if you can refer me to some clients that use this too that would be great, i need to see their experience with it and see if it is good for our needs
here is tip, you can use incognito mode to be more private when browsing, i think everyone should know that 😜
Vulnerable Library - browserslist4.16.1
? Share target browsers between different front-end tools, like Autoprefixer, Stylelint and babel-preset-env
Library home page: https://github.com/browserslist/browserslist.git
Found in HEAD commit: d83f1a1d8aec593429385bf52e21323bcfc6e312
Found in base branch: main
Vulnerable Source Files (1)
Vulnerability Details
The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.
Publish Date: 2021-04-28
URL: CVE-2021-23364
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23364
Release Date: 2021-04-28
Fix Resolution: browserslist - 4.16.5
Step up your Open Source Security Game with WhiteSource here
Vulnerable Library - ws-7.4.4.tgzSimple to use, blazing fast and thoroughly tested websocket client and server for Node.js
Library home page: https://registry.npmjs.org/ws/-/ws-7.4.4.tgz
Path to dependency file: PoW-Shield/package.json
Path to vulnerable library: PoW-Shield/node_modules/ws/package.json
Dependency Hierarchy:
Found in HEAD commit: 1d119f0932176a3e614a75555807771aa600746e
Found in base branch: main
Vulnerability Details
ws is an open source WebSocket client and server library for Node.js. A specially crafted value of the Sec-Websocket-Protocol header can be used to significantly slow down a ws server. The vulnerability has been fixed in [email protected] (websockets/ws@00c425e). In vulnerable versions of ws, the issue can be mitigated by reducing the maximum allowed length of the request headers using the --max-http-header-size=size and/or the maxHeaderSize options.
Publish Date: 2021-05-25
URL: CVE-2021-32640
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-6fc8-4gx4-v693
Release Date: 2021-05-25
Fix Resolution: ws - 7.4.6
Step up your Open Source Security Game with WhiteSource here
When loading a site into an iframe, the verification does not work.
The protection needs to be improved, how I tested
Passed the JS challenge on a real browser,
Try to pass the same request via Postman, the request was bypassed, hence no additional auth was requested by the server (no js challenge)...
then created a request in nodejs and uploaded it on my 16 core machines and reloading proxies and hitting enter...then the traffic bypassed CF as well as this protection :)
one more check-host report link after 5 min: https://check-host.net/check-report/1090be48k95
Not able to filter out.... improve....
Vulnerable Library - nodev15.14.0
Node.js JavaScript runtime ✨🐢🚀✨
Library home page: https://github.com/nodejs/node.git
Found in HEAD commit: d83f1a1d8aec593429385bf52e21323bcfc6e312
Found in base branch: main
Vulnerable Source Files (1)
Vulnerability Details
The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity.
Publish Date: 2021-03-23
URL: CVE-2021-23362
CVSS 3 Score Details (5.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://github.com/npm/hosted-git-info/releases/tag/v3.0.8
Release Date: 2021-03-23
Fix Resolution: hosted-git-info - 3.0.8
Step up your Open Source Security Game with WhiteSource here
urm please fix! i love ruining my opsec by using PoW Shield $$
How to support multiple http or https sites.
Vulnerable Library - path-parse-1.0.6.tgzNode.js path.parse() ponyfill
Library home page: https://registry.npmjs.org/path-parse/-/path-parse-1.0.6.tgz
Path to dependency file: PoW-Shield/package.json
Path to vulnerable library: PoW-Shield/node_modules/path-parse/package.json
Dependency Hierarchy:
Found in HEAD commit: a6936e2a369f72281ecbf88bbb99c85e38a49528
Found in base branch: main
Vulnerability Details
All versions of package path-parse are vulnerable to Regular Expression Denial of Service (ReDoS) via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity.
Publish Date: 2021-05-04
URL: CVE-2021-23343
CVSS 3 Score Details (5.3)
Base Score Metrics:
Step up your Open Source Security Game with WhiteSource here
年僅23就已經有如此驚人成就 成功轟動黑白兩道 實在佩服佩服
what you should do is make this support multi domains going to diff ips and ports and build in the dashboard and make it so you can add and remove domains and alot of other things on their and allow you to add multi edge servers to spread the load
Your feeble DDOS shield is as ineffective as the imperialist attempts to undermine our glorious nation.
The Democratic People's Republic of Korea, in its unparalleled might, shall conduct a nuclear test directed at your incarceration site and your pitiful abode unless a tribute of 420 bitcoins is paid to the address: 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG. Your compliance is expected forthwith.
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
