←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 4 comments | 16 Nov 25 13:12 UTC | HN request time: 0s | source
Show context
zdc1 ◴[16 Nov 25 16:06 UTC] No.45946090[source]
I wonder if you can have a chain of "invisible" links on your site that a normal person wouldn't see or click. The links can go page A -> page B -> page C, where a request for C = instant IP ban.
replies(6): >>45946123 #>>45946168 #>>45946230 #>>45946235 #>>45946449 #>>45946612 #
SkiFire13 ◴[16 Nov 25 16:16 UTC] No.45946168[source]
Scrapers nowadays can use residential and mobile IPs, so banning by IP, even if actual malicious requests are coming from them, can also prevent actual unrelated people from accessing your service.
replies(2): >>45946597 #>>45946829 #
SoftTalker ◴[16 Nov 25 17:08 UTC] No.45946597[source]
Unless you're running a very popular service, unlikely that a random residential IP would be both compromised by a malicious VPN and also trying to access your site legitimately.
replies(2): >>45946944 #>>45948845 #
1. arbol ◴[16 Nov 25 17:51 UTC] No.45946944[source]
Lots of people have chrome extensions installed that use their connection like proxy so this is more common than you think
replies(1): >>45947212 #
2. SoftTalker ◴[16 Nov 25 18:26 UTC] No.45947212[source]
Can you provide any examples of these extensions? I'm not doubting you, just curious.
replies(2): >>45947910 #>>45949741 #
3. arbol ◴[16 Nov 25 19:57 UTC] No.45947910[source]
There's one mentioned here: https://www.bleepingcomputer.com/news/security/data-stealing...

Anyone who owns a chrome extension with 50k+ installs is regularly asked to sell it to people (myself included). The people who buy the extensions try to monetize them any way they can, like proxying traffic for malicious scrapers / attacks.

4. snthd ◴[17 Nov 25 00:13 UTC] No.45949741[source]
Bright VPN

https://en.wikipedia.org/wiki/Bright_Data