←back to thread

Ban me at the IP level if you don't like me

(boston.conman.org)
597 points classichasclass | 1 comments | 25 Aug 25 04:23 UTC | HN request time: 0.258s | source
Show context
bob1029 ◴[25 Aug 25 08:35 UTC] No.45011628[source]
I think a lot of really smart people are letting themselves get taken for a ride by the web scraping thing. Unless the bot activity is legitimately hammering your site and causing issues (not saying this isn't happening in some cases), then this mostly amounts to an ideological game of capture the flag. The difference being that you'll never find their flag. The only thing you win by playing is lost time.

The best way to mitigate the load from diffuse, unidentifiable, grey area participants is to have a fast and well engineered web product. This is good news, because your actual human customers would really enjoy this too.

replies(7): >>45011652 #>>45011830 #>>45011850 #>>45012424 #>>45012462 #>>45015038 #>>45015451 #
phito ◴[25 Aug 25 08:40 UTC] No.45011652[source]
My friend has a small public gitea instance, only use by him a a few friends. He's getting thousounds of requests an hour from bots. I'm sorry but even if it does not impact his service, at the very least it feels like harassment
replies(7): >>45011694 #>>45011816 #>>45011999 #>>45013533 #>>45013955 #>>45014807 #>>45025114 #
dmesg ◴[25 Aug 25 08:46 UTC] No.45011694[source]
Yes and it makes reading your logs needlessly harder. Sometimes I find an odd password being probed, search for it on the web and find an interesting story, that a new backdoor was discovered in a commercial appliance.

In that regard reading my logs led me sometimes to interesting articles about cyber security. Also log flooding may result in your journaling service truncating the log and you miss something important.

replies(3): >>45011747 #>>45011811 #>>45012470 #
rollcat ◴[25 Aug 25 10:51 UTC] No.45012470[source]
> Sometimes I find an odd password being probed, search for it on the web and find an interesting story [...].

Yeah, this is beyond irresponsible. You know the moment you're pwned, __you__ become the new interesting story?

For everyone else, use a password manager to pick a random password for everything.

replies(1): >>45012625 #
Thorrez ◴[25 Aug 25 11:21 UTC] No.45012625[source]
What is beyond irresponsible? Monitoring logs and researching odd things found there?
replies(2): >>45013099 #>>45013232 #
JohnFen ◴[25 Aug 25 12:26 UTC] No.45013099[source]
How are passwords ending up in your logs? Something is very, very wrong there.
replies(2): >>45013284 #>>45014850 #
1. hvb2 ◴[25 Aug 25 15:22 UTC] No.45014850[source]
If the caller puts it in the query string and you log that? It doesn't have to be valid in your application to make an attacker pass it in.

So unless you're not logging your request path/query string you're doing something very very wrong by your own logic :). I can't imagine diagnosing issues with web requests and not be given the path + query string. You can diagnose without but you're sure not making things easier