Shodan — bu internetga ulangan qurilmalarni qidiruvchi maxsus qidiruv tizimi. Google veb-sahifalarni ko‘rsa, Shodan serverlar, routerlar, kameralar va boshqa qurilmalarning ochiq portlari va xizmatlarini ko‘radi. Shodan orqali serverda qaysi portlar ochiq ekanini, qaysi xizmatlar ishlayotganini, operatsion tizim va dastur versiyalarini bilish mumkin. Ko‘p hollarda noto‘g‘ri sozlangan yoki eskirgan xizmatlar ham aniqlanadi. Kiberxavfsizlikda Shodan asosan recon bosqichida, infratuzilmani tez tahlil qilish va xavfli konfiguratsiyalarni oldindan ko‘rish uchun ishlatiladi
Asosiy qidiruv kalitlari:
product:nginx
dastur yoki servis nomi bo‘yicha qidiruv
hostname:ozodbekdev.uz
domain yoki hostname orqali
net:192.168.1.0/24
IP diapazon bo‘yicha qidiruv
country:UZ
mamlakat bo‘yicha qidirish
@uzcodingblog
🔥3👍1
Forwarded from Pavel Durov (Pavel Durov)
Pedro Sánchez’s government is pushing dangerous new regulations that threaten your internet freedoms. Announced just yesterday, these measures could turn Spain into a surveillance state under the guise of “protection.” Here’s why they’re a red flag for free speech and privacy:
1. Ban on social media for under-16s with mandatory age verification: This isn’t just about kids—it requires platforms to use strict checks, like needing IDs or biometrics.
⚠️ Danger: It sets a precedent for tracking EVERY user’s identity, eroding anonymity and opening doors to mass data collection. What starts with minors could expand to all, stifling open discourse.
2. Personal and criminal liability for platform executives: If “illegal, hateful, or harmful” content isn’t removed fast enough, bosses face jail.
⚠️ Danger: This will force over-censorship—platforms will delete anything remotely controversial to avoid risks, silencing political dissent, journalism, and everyday opinions. Your voice could be next if it challenges the status quo.
3. Criminalizing algorithm amplification: Amplifying “harmful” content via algorithms becomes a crime.
⚠️ Danger: Governments will dictate what you see, burying opposing views and creating echo chambers controlled by the state. Free exploration of ideas? Gone—replaced by curated propaganda.
4. “Hate and polarization footprint” tracking: Platforms must monitor and report how they “fuel division.”
⚠️ Danger: Vague definitions of “hate” could label criticism of the government as divisive, leading to shutdowns or fines. This can be a tool for suppressing opposition.
These aren’t safeguards; they’re steps toward total control. We’ve seen this playbook before—governments weaponizing “safety” to censor critics. On Telegram, we prioritize your privacy and freedom: strong encryption, no backdoors, and resistance to overreach.
✊ Stay vigilant, Spain. Demand transparency and fight for your rights. Share this widely—before it’s too late.
Please open Telegram to view this post
VIEW IN TELEGRAM
<?php
header('Content-Type: application/json; charset=utf-8');
if (empty($_GET['url'])) {
http_response_code(400);
echo json_encode([
'status' => 'error',
'message' => 'Instagram URL berilmadi'
]);
exit;
}
$instaUrl = $_GET['url'];
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => 'https://api.instasave.website/media',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query([
'url' => $instaUrl,
'lang' => 'en'
]),
CURLOPT_HTTPHEADER => [
'User-Agent: Mozilla/5.0 (Linux; Android 14)',
'Content-Type: application/x-www-form-urlencoded',
'origin: https://instasave.website',
'referer: https://instasave.website/',
'x-requested-with: XMLHttpRequest'
],
]);
$response = curl_exec($ch);
curl_close($ch);
if (!$response) {
http_response_code(500);
echo json_encode([
'status' => 'error',
'message' => 'Video olinmadi'
]);
exit;
}
preg_match_all('/href=\\\\?"(https?:\/\/[^"\\\\]+)\\\\?"/', $response, $matches);
if (empty($matches[1])) {
http_response_code(404);
echo json_encode([
'status' => 'error',
'message' => 'Media topilmadi'
]);
exit;
}
$media = [];
foreach ($matches[1] as $u) {
$cleanUrl = rtrim($u, '\\');
$type = 'file';
if (str_contains($cleanUrl, '.mp4')) {
$type = 'video';
} elseif (preg_match('/\.(jpg|jpeg|png|webp)/i', $cleanUrl)) {
$type = 'image';
}
$media[] = [
'type' => $type,
'url' => $cleanUrl
];
}
echo json_encode([
'status' => 'ok',
'count' => count($media),
'media' => $media
], JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT);
exit;
Instagram Downloader API kodi
@uzcodingblog
❤4
Forwarded from UzCERT Live
Hurmatli axborot tizimlari va resurslariga mas’ul mutaxassislar DIQQATIGA!
O‘rganishlar shuni ko‘rsatdiki, noqonuniy buzib kirish holatlarida quyidagi CVE identifikatoriga ega zaifliklardan faol foydalanilmoqda:
1️⃣ CVE-2015-10141 — Xdebug (PHP debugging extension)2⃣ CVE-2018-2893 — Oracle WebLogic Server3⃣ CVE-2019-0708 — Microsoft Windows (RDP xizmati orqali)4⃣ CVE-2021-44228 — Apache Log4j5⃣ CVE-2022-1386 — F5 BIG-IP6⃣ CVE-2022-41352 — Zimbra Collaboration Suite7⃣ CVE-2023-28771 — Zyxel Firewall8⃣ CVE-2024-36401 — GeoServer9⃣ CVE-2026-21962 — Server yoki tarmoq qurilmalarining ma’lum versiyalarida aniqlangan zaiflik
Xususan, CVE-2021-44228 zaifligi Apache Log4j kutubxonasidagi jiddiy xatolik bo‘lib, masofadan turib kod ishga tushirish (RCE) imkonini beradi.
Shuningdek, CVE-2019-0708 (“BlueKeep”) zaifligi masofaviy ish stoli protokoli (RDP) orqali tizimga kirish imkonini yaratishi bilan xavflidir.
Mazkur zaifliklarning aksariyati yangilanish (patch) o‘rnatilmagan yoki eskirgan dasturiy ta’minot ishlatilayotgan tizimlarda uchramoqda.
Axborot infratuzilmasida kiberxavfsizlikni ta’minlash maqsadida quyidagi choralarni ko‘rish tavsiya etiladi:
Dasturiy ta’minotni yangilab borish
1⃣ Operatsion tizimlar va dasturiy mahsulotlarni o‘z vaqtida yangilash (Patch management);2⃣ Zaiflik aniqlangan, ammo ishlab chiquvchi tomonidan hali tuzatilmagan mahsulotlardan vaqtincha foydalanishni to‘xtatish;
Tarmoq xavfsizligini kuchaytirish
1⃣ Ishlatilmaydigan port va xizmatlarni o‘chirib qo‘yish;2⃣ Tashqi internet uchun ochiq portlarni minimallashtirish;3⃣ Portlarni faqat TAS-IX tarmog‘i yoki ishonchli IP-manzillar uchun cheklash;4⃣ Firewall va IDS/IPS tizimlarini sozlash.
Masofaviy ulanishni himoyalash
1⃣ VPN tunnellarini faqat litsenziyalangan va sertifikatlangan vositalar orqali tashkil etish;2⃣ Masofaviy ulanishda ko‘p faktorli autentifikatsiyani (MFA) joriy qilish;3⃣ RDP xizmatini o‘chirib qo‘yish yoki faqat ishonchli IP-manzillar uchun ochish;4⃣ RDP uchun Network Level Authentication (NLA) funksiyasini yoqish.
Doimiy monitoring va audit
1⃣ Server va tarmoq loglarini muntazam tahlil qilish;2⃣ Shubhali faollikni aniqlash uchun SIEM tizimlaridan foydalanish;3⃣ Zaxira (backup) nusxalarini muntazam yaratish va alohida muhitda saqlash.
Bugungi kunda kiberhujumlar asosan yangi emas, balki uzoq vaqtdan beri ma’lum bo‘lgan, ammo bartaraf etilmagan zaifliklar orqali amalga oshirilmoqda. Bu esa tashkilotlarda axborot xavfsizligi siyosati va texnik nazorat mexanizmlarini yanada kuchaytirishni talab etadi.
Har bir axborot tizimi mas’ul xodimi:
#Respublika #Kiberxavfsizlik #UZCERT #CVE #zaiflik
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2
Keylogger nima ?
@uzcodingblog
Keylogger — bu kompyuter yoki smartfonda klaviaturada bosilgan tugmalarni yashirin qayd etadigan dastur yoki qurilma bo‘lib, u orqali login, parol, yozishmalar va boshqa kiritilgan ma’lumotlar yig‘ilishi mumkin. U dasturiy ko‘rinishda zararli fayl sifatida tizimga o‘rnatilishi yoki kamroq hollarda klaviatura bilan qurilma orasiga ulanadigan fizik moslama bo‘lishi mumkin. Keyloggerlar ko‘pincha phishing fayllar, pirat dasturlar va zararli havolalar orqali tarqaladi hamda foydalanuvchi sezmasdan fon rejimida ishlaydi. Ular nafaqat kiberjinoyatlarda, balki penetratsiya testlari, ota-ona nazorati va tashkilot xavfsizlik monitoringida ham qo‘llanadi. Asosiy xavfi — maxfiy ma’lumotlar sizib chiqishi va akkauntlar egallanishi. Himoyalanish uchun tizim va dasturlarni yangilab borish, antivirusdan foydalanish, ikki bosqichli autentifikatsiyani yoqish va faqat ishonchli manbalardan fayl yuklash tavsiya etiladi.
@uzcodingblog
1
Please open Telegram to view this post
VIEW IN TELEGRAM
2😁8❤🔥1🔥1