(github.com)

545 points mmh0000 | 1 comments | 03 Apr 25 15:24 UTC | HN request time: 0.001s | source

Show context

VladVladikoff ◴[03 Apr 25 17:46 UTC] No.43573068[source]▶

Wait a sec… if the TLS handshakes look different, would it be possible to have an nginx level filter for traffic that claims to be a web browser (eg chrome user agent), yet really is a python/php script? Because this would account for the vast majority of malicious bot traffic, and I would love to just block it.

replies(4): >>43573098 #>>43573360 #>>43574581 #>>43574731 #

immibis ◴[03 Apr 25 19:54 UTC] No.43574581[source]▶

>>43573068 #

Yes, and sites are doing this and it absolutely sucks because it's not reliable and blocks everyone who isn't using the latest Chrome on the latest Windows. Please don't whitelist TLS fingerprints unless you're actually under attack right now.

replies(2): >>43576197 #>>43584025 #

1. RKFADU_UOFCCLEL ◴[04 Apr 25 15:41 UTC] No.43584025[source]▶

>>43574581 #

Blocking a hacking attack is not even a thing, they just change IP address each time they learn a new fact about how your system works and progress smoothly without interruption until they exfiltrate your data. Same goes for scrapers the only difference being there is no vulnerability to fix that will stop them.

↑

Curl-impersonate: Special build of curl that can impersonate the major browsers