Code Monkey home page Code Monkey logo

Comments (8)

zhengkunwang223 avatar zhengkunwang223 commented on May 18, 2024

您好 感谢反馈 我们后续处理这个问题

from 1panel.

maninhill avatar maninhill commented on May 18, 2024

1Panel 版本

1.0.2

请描述您的需求或者改进建议

望icon图标可以自定义或关闭显示,fofa一类资产收集工具可以通过icon图标来查找相关联的网站从而获取ip、端口、域名等信息 ↓,icon图标已经在fofa数据库里了 image

请描述你建议的实现方案

No response

附加信息

No response

老哥专业。

from 1panel.

bddjr avatar bddjr commented on May 18, 2024

不如把https跨域拒绝握手也做了

我搜到的其中第一页里大多数都是给IP自签证书,并且证书的ca名称写了“1Panel”

有一个不是给IP签,但是暴露了域名

然后还有安全入口页面的命令也暴露是1Panel

from 1panel.

wanghe-fit2cloud avatar wanghe-fit2cloud commented on May 18, 2024

不如把https跨域拒绝握手也做了

我搜到的其中第一页里大多数都是给IP自签证书,并且证书的ca名称写了“1Panel”

有一个不是给IP签,但是暴露了域名

然后还有安全入口页面的命令也暴露是1Panel

感谢反馈。
1、预计 5 月份推出的专业版会支持自定义 icon 功能;
2、自定义安全入口页面也会在近期支持。

from 1panel.

bddjr avatar bddjr commented on May 18, 2024

我建议图标favicon.ico以及所有网页资源都挂载在安全入口目录下,防止非安全入口意外加载这些可能带有特征的东西

非安全入口的页面可以直接返回404

跨域https握手直接拒绝连接,防止证书暴露特征,除非证书包含IP

from 1panel.

bddjr avatar bddjr commented on May 18, 2024

还有,这个issue给的关键词是“1Panel”,而不是确切的1Panel面板,这导致fofa把openresty搭建的网站也识别到里面了,然后就看到大量的其它图标

我不知道说楼主专业的人怎么想的

from 1panel.

bddjr avatar bddjr commented on May 18, 2024

总之这个issue有点无厘头,fofa识别1Panel不只是靠图标,还会靠自签证书、响应头。

甚至,使用像issue里示范的模糊搜索,任何可以用1Panel轻松搭建的东西都有可能被识别成1Panel

from 1panel.

wanghe-fit2cloud avatar wanghe-fit2cloud commented on May 18, 2024

v1.10.3-lts 版本已发布。

from 1panel.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.