HackerTrans
TopNewTrendsCommentsPastAskShowJobs

lenovouser

no profile record

Submissions

Spam Package "Attack" on NPM

npmjs.com
2 points·by lenovouser·há 2 anos·1 comments

Ask HN: Articles, references and best practices of DDoS defense

1 points·by lenovouser·há 4 anos·0 comments

comments

lenovouser
·há 6 meses·discuss
Enjoyed this, super readable. Would love more "postmortems" like it, and it’s neat that Telegram runs contests like this.
lenovouser
·há 2 anos·discuss
I have just seen this in their Slack, it is kind of crazy that no-one seems to really care. I thought they were really big, but apparently nobody was using them? If you for example search "Equinix Metal" on Google and then click on news nothing shows up.
lenovouser
·há 2 anos·discuss
This account is creating weird spam packages on npm. I can't figure out the reason for it, but it seems fairly elaborate. A lot of the packages depend on each other and the packages get updated over months with bullshit commits like here: https://github.com/erboladaiorg/et-itaque/commits/main/

Not sure what to make of it, I first thought it might be related to the Tea project which previously had the creation of spam packages associated with it, but I haven't found any reference to that in the package sources I looked at.
lenovouser
·há 4 anos·discuss
Why does it matter who he is at the company? I actually like the touch of not making a difference between "regular" employees and being Founder or CEO. On me this made a positive impression. In my opinion what matters is what is being said, not who is saying it.
lenovouser
·há 4 anos·discuss
This seems like a really stupid idea, reminds me a little bit of the Google auto-account-closing thing where no-one knows the real logic or algorithm behind it. And that doesn't work great at all either, as one can see by the countless HN threads of people getting their whole businesses destroyed due to that. Is one even going to get notified when someone gets auto-blocked by Twitter for them?
lenovouser
·há 5 anos·discuss
Yeah, we’re currently thinking about using a third provider with BGP and DDoS protection for the announced blocks and only tunneling it through there when we are being DDoSed but said provider only offers servers in three locations (Luxembourg, New York and Las Vegas) and has no API for automated server ordering etc., so we’ll have to see. Looking forward to reading the follow-up blog post!
lenovouser
·há 5 anos·discuss
How were you handling DDoS attacks at Vultr/EquinixMetal? As far as I understand it they offer zero protection at all
lenovouser
·há 5 anos·discuss
I had exactly the same issue in one of my deploy scripts about 6-7 hours ago and fixed it with the fuser solution you mentioned in the askubuntu thread. What a coincidence haha, I’ll try this out tomorrow, thanks so much :)
lenovouser
·há 5 anos·discuss
Do you know of any other providers with at least the same quality that Vultr offers that offer BGP?