←back to thread

A New Future for Icanhazip

(major.io)
980 points nkcmr | 4 comments | 06 Jun 21 19:21 UTC | HN request time: 0.451s | source
Show context
Ayesh ◴[06 Jun 21 20:01 UTC] No.27415818[source]
I was using icanhazip to check if my Tor circuit was complete, and probably made 50-100 requests per week. The site was getting slow, and I thought it is just a random site that the author didn't really care too much.

I dropped my jaw when I read it was getting 30B req/day.

Thank you for running this site for so long, and thank you for keeping it up for free, and deciding to not monetize it.

replies(1): >>27416146 #
tyingq ◴[06 Jun 21 20:43 UTC] No.27416146[source]
I got a lot of mileage out of neverssl.com before somebody fixed the process to log into various "guest wifi" setups...ones that would intercept/redirect any http request.

I'm somewhat curious what fixed things, as I've not had to use neverssl.com for some time.

replies(4): >>27416335 #>>27417005 #>>27417246 #>>27417473 #
nerdponx ◴[06 Jun 21 22:40 UTC] No.27417005[source]
I set up my own version of both neverssl and icanhazip, with nothing but Nginx on a cheap VPS. I already had the server up for other purposes, and I feel better knowing that I'm not mooching off of other people's effort (and money).
replies(1): >>27417211 #
1. Ayesh ◴[06 Jun 21 23:08 UTC] No.27417211[source]
Neverssl has done some pretty nifty work to avoid caching. It redirects you to a random subdomain over plain HTTP just to make sure the browser has a cold cache. Maintaining a domain, the redirects, and making sure to _not_ accidentally obtain a certificate is a burden I wouldn't want to do, although it is not that difficult to do.

I was reading from neverssl maintainer that they get a _lot_ of traffic, questionable ones more than it is not. Its DNS runs on AWS IIRC, and we all know Route53 isn't the cheapest.

replies(3): >>27417308 #>>27417388 #>>27417898 #
2. GormanFletcher ◴[06 Jun 21 23:23 UTC] No.27417308[source]
Having lived through the debut of Firesheep, which prompted the industry to get serious about using TLS, its an amusing triumph of cybersecurity that today a site has to be careful to not accidentally get issued a certificate. Back in 2010, when certificates cost substantial sums and needed some expertise to apply for and install, I wouldn't have guessed we'd ever get to this point.
3. nerdponx ◴[06 Jun 21 23:35 UTC] No.27417388[source]
Interesting, I haven't encountered either of these issues, but I serve about 1 request a month (to myself) and have Certbot running automatically.
4. EE84M3i ◴[07 Jun 21 01:04 UTC] No.27417898[source]
IIRC the neverssl maintainer _works_ at AWS.