HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lucastech

no profile record

Submissions

The bots that keep on giving

wxp.io
2 points·by lucastech·last year·1 comments

comments

lucastech
·21 days ago·discuss
Looks cool, how do you integrate it into your agent to keep the context in sync?
lucastech
·8 months ago·discuss
pretty crazy to see these sorts of worms, I think it's probably a good thing that we start to examine the "supply chain" of open source software and figure out ways to prevent this sort of attack.

Timing was definitely smart on the part of the attacker, heading into Thanksgiving in the US means a lot of people in vacation mode, probably not even realizing this is happening right now.

This should really be front page here
lucastech
·8 months ago·discuss
This is awesome, I've used offload media for years, but they've been getting more and more annoying about their plugin trying to convert to using their cdns and upgrading to their premium plugin.

I've wanted to explore R2 (I use S3/Cloudfront today) and this looks like a great way to do so!
lucastech
·9 months ago·discuss
I wrote about this back in July when this "gang" first started hitting some sites I host: https://wxp.io/blog/the-bots-that-keep-on-giving

they use a mixture of colo (M247, Datacamp, HostRoyale, Oxylabs, etc) and international residential. I suspect the latter are where those residential app proxies come into play (bright SDK, etc). Oxylabs is also a well known proxy provider, which makes me think they're the gateway into all of these IPs.

Definitely interesting times to try and host a web server!
lucastech
·9 months ago·discuss
Yeah, there are some botnets I've been seeing that are much more stealthy, using 900-3000 IP's with rotating user agents to send enormous amounts of traffic.

I've resorted to blocking entire AS routes to prevent it (fortunately I am mostly hosting US sites with US only residential audiences). I'm not sure who's behind it, but one of the later data centers is oxylabs, so they're probably involved somehow.

https://wxp.io/blog/the-bots-that-keep-on-giving
lucastech
·9 months ago·discuss
Meta Ireland is just as bad, I've noticed a lot of Tencent from SG.
lucastech
·9 months ago·discuss
I wrote about this a few weeks ago, because it really is quite insane.

I wish AWS would curtail abuse from their networks. My hope is to build some tools to automate detection and reporting of this sort of abuse, so we can force it into AWS's court.

https://wxp.io/blog/abuse-from-amazon-ip-networks-never-end
lucastech
·9 months ago·discuss
I remember dealing with a large credential stuffing attack at a marketplace right after we announced our series B ~2018. We developed some tools to keep them out through pattern matching, but it was not easy and it took some time to develop those tools.

Best companies to work with were spycloud.com and sift.com.

spycloud actually specializes in identifying leaked credentials, which are what attackers use in the credential stuffing list they go through, so you could identify "stuffable" credentials prior to the attack happening, which is nice.

sift was great at helping to just identify fraud in general, so if an account did quietly get compromised, we could identify it before the transaction was finalized.
lucastech
·last year·discuss
I've been trying to track down the source of 500+ IPs that routinely hit websites that I'm hosting. Definitely interested in hearing if anyone else has experience this as well. Cloudflare does not appear to block this type of attack