Monday, 31 August 2020
New top story on Hacker News: Ask HN: Captcha Alternatives?
Ask HN: Captcha Alternatives?
53 by ev1 | 43 comments on Hacker News.
TLDR: I help with a gaming community-related site that is being targetted by a script kiddie, they are registering hundreds of thousands of accounts on our forums to 'protest' a cheating (aimbot) ban. They then post large ASCII art spam, giant shock images (the first one started after we blocked new accounts from posting [img]), the usual. Currently we use a simple question/answer addon at registration time - it works against all untargeted bots and is just a little "what is 4 plus six" or "what is the abbreviation for this website" type of question. It's worked fine for years and we don't really get general untargeted spam. I am somewhat ethically disinclined to use reCAPTCHA, and there are some older members that can't reasonably solve hcaptcha easily. Same for using heavy fingerprinting or other privacy invading methods. It's also donation-run, so enterprise services that would block something like this (such as Distil) are both out of budget and out of ethics. Is there a way I can possibly solve this? Negotiation is not really an option on the table, the last time one of the other volunteers responded at all we got a ~150Gbps volumetric attack. I've tried some basic things, like requiring cookie and JS support via middleware; they moved from a Java HTTP-library script to some kind of Selenium equivalent afterward. They also use a massive amount of proxies, largely compromised machines being sold for abuse.
53 by ev1 | 43 comments on Hacker News.
TLDR: I help with a gaming community-related site that is being targetted by a script kiddie, they are registering hundreds of thousands of accounts on our forums to 'protest' a cheating (aimbot) ban. They then post large ASCII art spam, giant shock images (the first one started after we blocked new accounts from posting [img]), the usual. Currently we use a simple question/answer addon at registration time - it works against all untargeted bots and is just a little "what is 4 plus six" or "what is the abbreviation for this website" type of question. It's worked fine for years and we don't really get general untargeted spam. I am somewhat ethically disinclined to use reCAPTCHA, and there are some older members that can't reasonably solve hcaptcha easily. Same for using heavy fingerprinting or other privacy invading methods. It's also donation-run, so enterprise services that would block something like this (such as Distil) are both out of budget and out of ethics. Is there a way I can possibly solve this? Negotiation is not really an option on the table, the last time one of the other volunteers responded at all we got a ~150Gbps volumetric attack. I've tried some basic things, like requiring cookie and JS support via middleware; they moved from a Java HTTP-library script to some kind of Selenium equivalent afterward. They also use a massive amount of proxies, largely compromised machines being sold for abuse.
Wikipedia article of the day for September 1, 2020
Wikipedia article of the day is Vespro della Beata Vergine. Check it out: https://ift.tt/2lsTyX1
Sunday, 30 August 2020
Wikipedia article of the day for August 31, 2020
Wikipedia article of the day is New York State Route 175. Check it out: https://ift.tt/3hJhjSG
Government paid influencers to promote Test and Trace
Taxpayer money was used to pay influencers to promote Test and Trace.
from BBC News - Technology https://ift.tt/3bdp94k
>
from BBC News - Technology https://ift.tt/3bdp94k
>
The search engine boss who wants to help us all plant trees
Christian Kroll is the boss of Ecosia, which donates 80% of its profits to tree-planting projects.
from BBC News - Technology https://ift.tt/2YPoIZg
>
from BBC News - Technology https://ift.tt/2YPoIZg
>
Saturday, 29 August 2020
Wikipedia article of the day for August 30, 2020
Wikipedia article of the day is House of Music. Check it out: https://ift.tt/3hJKxAI
Friday, 28 August 2020
New top story on Hacker News: Tell HN: Check medium's localstorage if you use adblock
Tell HN: Check medium's localstorage if you use adblock
38 by ev1 | 2 comments on Hacker News.
If you have uBlock or similar, it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them). I had tens of thousands of entries in localStorage, wasting quite a bit of space, all of them at least 400-600 characters or more. Each time I scrolled it'd add a few dozen more in, to the point where devtools was freezing. Ridiculous. Example: https://ift.tt/2QAyqu0
38 by ev1 | 2 comments on Hacker News.
If you have uBlock or similar, it appears medium logs all analytics pings into HTML5 LocalStorage and will keep retrying to send them (and apparently periodically change domains and subdomains to try and send them). I had tens of thousands of entries in localStorage, wasting quite a bit of space, all of them at least 400-600 characters or more. Each time I scrolled it'd add a few dozen more in, to the point where devtools was freezing. Ridiculous. Example: https://ift.tt/2QAyqu0
Subscribe to:
Posts (Atom)