The following product release is planned for November 27th, 2024
We’ve now created a custom feature called OU-reporting on the AO platform. If your company is reporting numbers to OU or will start reporting numbers in the future, contact us for configuration.
Some users experienced an endless loading screen when they tried to visit some course pages through their course link. This problem has been resolved now.
Some users experienced an error message when they went to the registration page for a course. This error is fixed now.
We have been working with improving the back-office. Specifically, we’ve worked on improving the speed within multiple areas in the back-office.
Recently we have had some hacking attempts on our platform.
Quick overview of the hacking attempts: hacker mainly tries to exploit publicly available endpoints by querying them with a moderate number of requests. Typically, from a couple of minutes to an hour.
We have created an action plan to mitigate these attempts:
Change the request signature algorithm
Explore the possibility to obfuscate the request signature algorithm
Review hacking attempts logs to assess the impact
Implement a rate limiter (per IP per endpoint per API key) to prevent brute force attacks
Implement a WAF (Web Application Firewall) to filter out malicious requests – ModSecurity for nginx is a good choice
Revise a Content Security Policy (CSP) to prevent XSS attacks
Revise a public endpoints code to prevent SQL injection
Make the input validation for elastic search queries more strict to prevent garbage input
Add ModSecurity metrics to the monitoring system and setup alerts
Explore the possibility to implement a honeypot to distract hackers
Discuss the possibility to block / grey-list IPs that show suspicious activity
