←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 10 comments | 25 Aug 25 04:23 UTC | HN request time: 1.284s | source | bottom
Show context
bob1029 ◴[25 Aug 25 08:35 UTC] No.45011628[source]
I think a lot of really smart people are letting themselves get taken for a ride by the web scraping thing. Unless the bot activity is legitimately hammering your site and causing issues (not saying this isn't happening in some cases), then this mostly amounts to an ideological game of capture the flag. The difference being that you'll never find their flag. The only thing you win by playing is lost time.

The best way to mitigate the load from diffuse, unidentifiable, grey area participants is to have a fast and well engineered web product. This is good news, because your actual human customers would really enjoy this too.

replies(7): >>45011652 #>>45011830 #>>45011850 #>>45012424 #>>45012462 #>>45015038 #>>45015451 #
phito ◴[25 Aug 25 08:40 UTC] No.45011652[source]
My friend has a small public gitea instance, only use by him a a few friends. He's getting thousounds of requests an hour from bots. I'm sorry but even if it does not impact his service, at the very least it feels like harassment
replies(7): >>45011694 #>>45011816 #>>45011999 #>>45013533 #>>45013955 #>>45014807 #>>45025114 #
dmesg ◴[25 Aug 25 08:46 UTC] No.45011694[source]
Yes and it makes reading your logs needlessly harder. Sometimes I find an odd password being probed, search for it on the web and find an interesting story, that a new backdoor was discovered in a commercial appliance.

In that regard reading my logs led me sometimes to interesting articles about cyber security. Also log flooding may result in your journaling service truncating the log and you miss something important.

replies(3): >>45011747 #>>45011811 #>>45012470 #
1. wvbdmp ◴[25 Aug 25 08:53 UTC] No.45011747[source]
You log passwords?
replies(4): >>45013224 #>>45014657 #>>45014868 #>>45018054 #
2. ◴[25 Aug 25 12:43 UTC] No.45013224[source]
3. zeta0134 ◴[25 Aug 25 15:04 UTC] No.45014657[source]
Just about nobody logs passwords on purpose. But really stupid IoT devices accept credentials as like query strings, or part of the path or something, and it's common to log those. The attacker is sending you passwords meant for a much less secure system.
replies(1): >>45015432 #
4. stronglikedan ◴[25 Aug 25 15:24 UTC] No.45014868[source]
Sure, why not. Log every secret you come across (or that comes across you). Just don't log your own secrets. Like OP said, it lead down some interesting trails.
5. SoftTalker ◴[25 Aug 25 16:12 UTC] No.45015432[source]
You probably shouldn't log usernames then, or really any form fields, as users might accidentally enter a password into one of them. Kind of defeats the point of web forms, but safety is important!
replies(2): >>45018570 #>>45019660 #
6. dpkirchner ◴[25 Aug 25 19:39 UTC] No.45018054[source]
I remember back before ssh was a thing folks would log login attempts -- it was easy to get some people's passwords because it was common for them to accidentally use them as the username (which are always safe to log, amirite?). All you had to do was watch for a failed login followed by a successful login from the same IP.
7. Dylan16807 ◴[25 Aug 25 20:25 UTC] No.45018570{3}[source]
Are you using a very weird definition of "logging" to make a joke? Web forms don't need any logging to work.
replies(1): >>45034446 #
8. hinkley ◴[25 Aug 25 22:04 UTC] No.45019660{3}[source]
So no access logs at all then? That sounds effective.
9. SoftTalker ◴[27 Aug 25 01:32 UTC] No.45034446{4}[source]
You save them in a database. Probably in clear text. Six of one, half-dozen of the other.
replies(1): >>45035077 #
10. Dylan16807 ◴[27 Aug 25 03:13 UTC] No.45035077{5}[source]
A password being put into a normal text field in a properly submitted form is a lot less likely than getting into some query or path. And a database is more likely to be handled properly than some random log file.

Six of one, .008 of a dozen of the other.