[conspire] Web spam and yandex forms
Ivan Sergio Borgonovo
mail at webthatworks.it
Thu Dec 9 03:47:27 PST 2021
On 12/9/21 04:31, Rick Moen wrote:
> Here, the problem was described as "a variety of remote public IPs do
> bad things using a Web form", and the remedy (fail2ban) amounts to
> "punish each observed-guilty IP with an automated timeout of no
> connections to our 80/tcp & 443/tcp allowed". But did you address the
> problem? The page remains abusable in the same way as before. Any of
> millions of other IPs can do the same dirty deed at any time.
> Meanwhile, the IP wasn't actually bad, and its ability to make a socket
> wasn't the cause of badness.
> An appropriate solution would be to fix the _page_ so that the bad
Appropriate solution and places to apply them are hard to find.
Theory says you fix all the SQL, XSS, whateva... practice says you
increase the effort to find them and buy time.
fail2ban has the advantage of being "general", so whatever you put
behind it it will offer some kind of extra effort to break in.
The set of optimal solution has no intersection with the space of
solution you can't implement.
SBL aren't that different from fail2ban.
As for VPN you've to know which problem you'd like to solve[*]... so
you'd be aware that fail2ban has its limitations.
Known vulnerabilities don't require brute forcing.
Then you've to be sure you're not closing yourself out. That was sort of
a problem 20 years ago, when web sites didn't offer a management CLI but
just a web interface for example.
[*] the majority of people using a VPN are doing so to access
geographically blocked content, in the hope to avoid tracking and for
copyright infringement. That's how they are advertised after all.
While a VPN may make a bit harder to track you, it's nearly worthless
unless you take a lot of extra effort configuring properly your browser,
blocking script etc... and even then you may still be traceable.
If they want to find you for copyright infringement, they will have to
involve government agencies... I bet Disney has a subsidiary in Switzerland.
Most of these copyright infringement are just tolerated if not seen as
free advertising.
People that really need a VPN do have to know better, for the rest of
them it is a glorified proxy and in fact most, not all, the people
offering VPNs don't even try too hard not to be just a glorified proxy.
Somehow the git critic to VPN helps to chose better... if I worked for
AirVPN marketing I'd write it and then I'd write the rebuttal ;)
--
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net
More information about the conspire
mailing list