←back to thread

The internet is no longer a safe haven

(brainbaking.com)
253 points akyuu | 1 comments | 16 Nov 25 13:12 UTC | HN request time: 0.203s | source
Show context
embedding-shape ◴[16 Nov 25 15:56 UTC] No.45945999[source]
> The internet is no longer a safe haven for software hobbyists

Maybe I've just had bad luck, but since I started hosting my own websites back around 2005 or so, my servers have always been attacked basically from the moment they come online. Even more so when you attach any sort of DNS name to it, especially when you use TLS and the certificates, guessing because they end up in a big index that is easily accessible (the "transparency logs"). Once you start sharing your website, it again triggers an avalanche of bad traffic, and the final boss is when you piss of some organization and (I'm assuming) they hire some bad actor to try to make you offline.

Dealing with crawlers, bot nets, automation gone wrong, pissed of humans and so on have been almost a yearly thing for me since I started deploying stuff to the public internet. But again, maybe I've had bad luck? Hosted stuff across wide range of providers, and seems to happen across all of them.

replies(13): >>45946074 #>>45946178 #>>45946504 #>>45946700 #>>45946715 #>>45946870 #>>45946927 #>>45947354 #>>45947815 #>>45950210 #>>45950360 #>>45951545 #>>45955317 #
NoboruWataya ◴[16 Nov 25 17:40 UTC] No.45946870[source]
I have a personal domain that I have no reason to believe any other human visits. I selfhost a few services that only I use but that I expose to the internet so I can access them from anywhere conveniently and without having to expose my home network. Still I get a constant torrent of malicious traffic, just bots trying to exploit known vulnerabilities (loads of them are clearly targeting WordPress, for example, even though I have never used WordPress). And it has been that way for years. I remember the first time I read my access logs I had a heart attack, but it's just the way it is.
replies(4): >>45947135 #>>45947452 #>>45947801 #>>45949802 #
mbreese ◴[16 Nov 25 18:59 UTC] No.45947452[source]
I’ve often thought about writing a script to use those bot attacks as a bit of a honey pot. The idea would be if someone is viewing a site with a brand new SSL certificate, that it can’t be legitimate traffic, so just block that ip/subnet outright at the firewall. Especially if they are looking for specific URLs like Wordpress installations. There are a few good actors that also hit sites quickly (ex: I’ve seen Bing indexing in that first wave of hits), but those are the exception.

Sadly, like many people, I just deal with the traffic as opposed to getting around to actually writing a tool to block it.

replies(1): >>45948772 #
1. esseph ◴[16 Nov 25 21:54 UTC] No.45948772[source]
You'd end up blocking a bunch of cloud provider IP ranges and one day in the near future, there's a good chance some SaaS or provider service doesn't work.