SVR.JS - a web server running on Node.JS now has an official Docker image! You can visit the repository page at https://hub.docker.com/r/svrjs/svrjs.

To install SVR.JS via Docker, run these commands:

1
2

docker pull svrjs/svrjs
docker run --name mysvrjs -d -p 80:80 --restart=always svrjs/svrjs

Replace mysvrjs with desired Docker container name.

Read More

Cross-site scripting (XSS) attacks may cause redirects to malicious websites. These attacks are one of the most common attacks on website (it is in the OWASP Top Ten). This attack relies on injecting JavaScript code into websites through user input.

WARNING: We’re not responsible for damage caused by cross-site scripting! Malicious hacking is a computer crime and you may face legal consequences! This post is meant to gain awareness about cross-site scripting and give a way to prevent those vulnerabilities.

The impact of cross-site scripting

Cross-site scripting attacks may cause:

• Redirects to malicious websites.
• Stealing of data, such as cookies and user form input.
• Unauthorized modification of data or website content.

Read More

Node.JS by default doesn’t utilize all CPU cores, only one. You can optimize your Node.JS server for CPU-intensive operations using the cluster module.

In this post, we will compare building a web application without clustering, using cluster module, using PM2 process manager, and with SVR.JS web server (which has clustering; web applications only).

Building an application without clustering

Let’s imagine we build our Fibonacci number computing API (a CPU-intensive operation).

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

var http = require("http");
var port = 3000;

function cBigInt(n) {
  if(BigInt) return BigInt(n);
  else return Number(n);
}

function fibonacci(n) {
  n = Math.round(n);
  if(n <= 0) {
    return cBigInt(0);
  } else if(n == 1) {
    return cBigInt(1);
  } else {
    var n1 = cBigInt(0);
    var n2 = cBigInt(1);
    for(var i = cBigInt(1); i < cBigInt(n); i++) {
      var n3 = n2 + n1;
      n1 = n2;
      n2 = n3;
    }
    return n2;
  }
}

var server = http.createServer(function (req, res) {
  var uobj = new URL(req.url, "https://example.com");
  if(uobj.pathname == "/fibonacci") {
    var n = parseInt(uobj.searchParams.get("n"));
    if (isNaN(n) || n === null) {
      res.writeHead(400, "Bad Request", {
        "Content-Type": "text/plain"
      });
      res.end("400 Bad Request");
    } else {
      if (n > 100000) n = 100000;  // Prevent denial of service
      res.writeHead(200, "OK", {
        "Content-Type": "text/plain"
      });
      res.end(fibonacci(n).toString());
    }
  } else {
    res.writeHead(404, "Not Found", {
      "Content-Type": "text/plain"
    });
    res.end("404 Not Found");
  }
}).listen(port, function() {
  console.log("Server is listening at port " + server.address().port);
});

Read More

A mirror of self-hosted repository is helpful, in case if your self-hosted Git server goes down. GitHub is one of the many Git hosting services, and it also has an issue tracker, and supports pull requests.

This post will guide you through setting up a GitHub mirror of you self-hosted Git repository.

As an example, we will be using our Git repository at “https://git.svrjs.org/easywaf-integration.git“ and our GitHub mirror at “https://github.com/svr-js/easywaf-integration“

Importing a Git repository to GitHub

First off, you need to import a Git repository to GitHub. You can visit the import page, in order to import the Git repository. First, in your GitHub dashboard click “New”, then click the “Import a repository” link.

Read More

Choosing a right domain name is essential, when you want to create your own website. When you choose a wrong domain name, then your website will not be effective and you’ll just waste money.

Fortunately, picking a right domain name doesn’t have to be hard. This post will guide you through choosing your perfect domain name.

1. Choose a right TLD

A top-level domain (TLD) is the rightmost part of your domain name, like “.com”, “.co.uk”, “.pl” or “.info”

Here’s a brief overview of three most well-established extensions:

Read More

SVR.JS is now on Odysee! You can visit our Odysee channel.

Read More

Regular expression Denial of Service (ReDoS) attacks may cause your web application to be slow and unresponsive. This attack relies on catastrophic backtracking caused by specially constructed input for unoptimized regular expressions.

WARNING: We’re not responsible for damage caused by ReDoS attacks! Malicious hacking is a computer crime and you may face legal consequences! This post is meant to gain awareness about ReDoS attacks and give a way to prevent those vulnerabilities.

“Evil Regex”

Let’s take /^(a|a)*$/ as an example. The visualization looks like this:

Read More

SVR.JS - a web server running on Node.JS now has a mod for forward proxy functionality! This mod is called “forward-proxy-mod” and can be downloaded from SVR.JS mods page.

Download forward-proxy-mod on SVR.JS mods page
See the notes

Read More

SVR.JS has set up its GitHub mirror for SVR.JS itself and SVR.JS installer.

Visit SVR.JS organization on GitHub

Read More

Path traversal attacks may cause your sensitive data to be leaked. This attack relies on adding “../“ or similar sequences, so the application accesses files outside their specified root.

WARNING: We’re not responsible for damage caused by path traversal attacks! Malicious hacking is a computer crime and you may face legal consequences! This post is meant to gain awareness about path traversal attacks and give a way to prevent those vulnerabilities.

The impact of path traversal attacks

Path traversal attacks may cause leakage of:

• Application code and data
• Credentials for the application
• Sensitive operating system files
• Other sensitive data

Read More