Oh fuck me! I had basically turned off the route to git.mills.io last night and went ot bed at ~2AM after unsuccessfully trying to control the attacks (bad bots) that were behaving like a DDoS attack. Tried to re-enable the route this monring and *BOOM, they’re back! As-if they never stopped?! what da actual fuq?! 
Anyone have any clever ideas of what I can do here to allows normal users, like you nice folk and block ths obnoxious traffic?!
Mikasa and Eren (Hanpetos) [Attack on Titan] ⌘ Read more
Mikasa X Eren (Hanpetos) [Attack on Titan] ⌘ Read more
A single unsanitized parameter is all an attacker needs
My goodness, a new level of stupidity.
The bots are now doing things like this:
GET http://uninformativ.de/projects/lariza/feednotify/datenstrahler/slinp/countty HTTP/1.1
- That URL does not exist.
- By including
http://uninformativ.dein that request, this instructs the webserver to do an HTTP proxy request. Of course, this isn’t allowed on my webserver (and shouldn’t by allowed on any normal webserver), resulting in HTTP 400. And even if it were, the target would be the exact same server, making a proxy request unnecessary.
And of course, it’s not just 50 hits like this or 100 or 1’000 or 10’000. No, it’s over 150’000 in the last 2 days. All from vastly different IP ranges of different cloud hosters.
This almost looks like a DDoS attack, but it’s just completely stupid. This feels more like some idiot vibe coded a crawler.
DHH Talks to Lunduke
David Heinemeier Hansson (aka “DHH”, the creator of Ruby on Rails & Omarchy Linux), talks with Lunduke about Linux “selling out”, what a “distro” is, & the attacks from activists within Open Source. ⌘ Read more
Bangladesh bomb attacks on Catholic churches, school leave Christian community alarmed, police confirm terror angle | Today News ⌘ Read more
Japan Prime Minister: Military attack on Taiwan would justify Japan Self-Defense Forces support ⌘ Read more
Ukrainian attacks in Russia’s Belgorod Oblast leave over 20,000 without power, governor claims ⌘ Read more
Russian missile attacks on Ukrainian energy facilities kill at least four ⌘ Read more
New York: 19-year-olds were planning attacks on Christians and Jews — They declared allegiance to ISIS and wanted to behead the unbelievers ⌘ Read more
Third-Largest Russian Power Plant, Kostroma GRES, Damaged in Overnight Drone Attack ⌘ Read more
Trump Weighs Options, and Risks, for Attacks on Venezuela - President Trump has yet to make a decision, but his advisers are pressing a range of objectives — from attacking drug cartels to seizing oil fields — to try to justify ousting Nicolás Maduro. ⌘ Read more
Ukraine gets more US-made air defense systems to counter deadly Russian attacks ⌘ Read more
Massive drone attack hits Russia, causing fires in Tuapse and explosions in Kursk and Alchevsk ⌘ Read more
Ukraine strikes Russian oil depot, retaliation for power grid attacks ⌘ Read more
Ukrainian drone attack damages Russia’s Tuapse port, sparks fire, Russia says ⌘ Read more
Trump Admin Has Decided To Strike Inside Venezuela; Attacks Could Come At Any Time: Report ⌘ Read more
Web Cache Deception Attack – A Hidden Threat in Today’s Web Applications ⌘ Read more
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…
[Continue reading on InfoSec Write-ups »](https://infosecwrit … ⌘ Read more
British man arrested in Kyiv for ‘preparing to commit terrorist attacks,’ Ukraine says ⌘ Read more
Belgian defence minister says Moscow will be wiped off the map if NATO is attacked, Russia responds ⌘ Read more
Belgian defence minister: If Putin attacks NATO, Moscow will be wiped off the map ⌘ Read more
Moscow under drone attack for third consecutive night ⌘ Read more
Moscow hit by drone attacks for second consecutive night ⌘ Read more
Venezuela claims capture of CIA group, accuses U.S. of plotting ‘false flag’ attack ⌘ Read more
Russia suffers attack on key power substation supplying military facilities ⌘ Read more
Russia claims Ukraine peace deal ‘close’ — as it rejects ceasefire and escalates attacks ⌘ Read more
Blackouts hit Russia’s Belgorod as Ukrainian drone attacks surge ⌘ Read more
US expands target area in new ‘war on drugs’, attacking boats in Pacific ⌘ Read more
Trump puts Putin talks on hold as Kremlin rejects ceasefire, attacks Ukraine ⌘ Read more
A massive Russian drone and missile attack on Kyiv kills at least 2, Ukrainian officials say ⌘ Read more
US Warns of ‘Imminent’ Attack by Hamas Against Palestinians ⌘ Read more
Rashid Khan reacts to late-night attack on civilians: ‘Absolutely immoral and barbaric…must not go unnoticed’ ⌘ Read more
Massive fire engulfs ATAN oil depot in occupied Crimea after night attack, power substations also hit ⌘ Read more
Japan bear attacks hit record high with seven people killed this year ⌘ Read more
U.S. Military Killed Venezuelan Fisherman in Suspected Drug Boat Attack, Family Says ⌘ Read more
Mastering Host Header Injection: Techniques, Payloads and Real-World Scenarios
Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against It
[Continue re … ⌘ Read more
Putin’s FSB accuses NATO ally of direct attacks on Russia ⌘ Read more
Internal Password Spraying from Linux: Attacking Active Directory
[Continue rea … ⌘ Read more
Asylum seeker laughed after killing woman, jury told
The jury in the trial of Deng Majek is shown CCTV and told he carried out a “vicious and frenzied attack”. ⌘ Read more
Asylum seeker laughed after killing woman, jury told
Deng Majek murdered Rhiannon Whyte in a “vicious and frenzied attack”, a court hears. ⌘ Read more
Cyber attack contingency plans should be put on paper, firms told
Prepare to switch to offline systems in the event of a cyber-attack, firms are being advised. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
Two charged with murder of Lostprophets singer Ian Watkins who died in prison attack
The disgraced Lostprophets frontman was fatally injured at HMP Wakefield on Saturday. ⌘ Read more
NSA and IETF: Can an attacker simply purchase standardization of weakened cryptography?
Comments ⌘ Read more
Paedophile singer Ian Watkins dies in prison attack as two men arrested
Watkins, 48, was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
‘I thought it was a heart attack’ - how collapse changed Kirby’s life
Former Lioness Fran Kirby reflects on the health scare that sidelined her for 10 months and her journey back to the top of the game. ⌘ Read more
Missile attack and warning of power cuts reported in Russia’s Belgorod ⌘ Read more
Afghan Taliban confirm ‘retaliatory’ border attacks on Pakistan
The escalation comes days after Pakistan was accused of bombing a market inside Afghanistan. ⌘ Read more
Gunmen attack house of worship of minority sect in Pakistan, wounding 6 worshippers ⌘ Read more
Paedophile singer Ian Watkins dies in prison attack as two men arrested ⌘ Read more
Paedophile singer Ian Watkins dies in prison attack as two men arrested
Watkins, 48, was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Watkins, 48, was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Lostprophets singer Ian Watkins dies in prison attack ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Ian Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Ian Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Ian Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Ian Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Lostprophets singer Ian Watkins dies in prison attack ⌘ Read more
Paedophile singer Ian Watkins dies after prison attack
Ian Watkins was serving a 29-year sentence imposed in 2013 after admitting 13 child sex offences. ⌘ Read more
Venezuela asks U.N. for emergency meeting over U.S. military actions, saying it expects “armed attack” soon ⌘ Read more
[$] Enhancing FineIBT
At the Linux\
Security Summit Europe (LSS EU), Scott Constable and Sebastian
Österlund gave a talk on an enhancement to a control-flow integrity (CFI)
protection that was added to the kernel several years ago. The “ FineIBT: Fine-grain Control-flow\
Enforcement with Indirect Branch Tracking” mechanism was merged for
Linux 6.2 in early 2023 to harden the kernel against CFI attacks of various
sorts, but needed [ … ⌘ Read more
↳
In-reply-to
»
Intranets have been around since Jesus times (well, not quite 😂, but you get the idea). They are fun to play with, but that's about it. I mean, the "fun" of the Internet comes from its variety.
⤋ Read More
@bender@twtxt.net Is dealing with spam fun though? DDoS attacks? DoS attacks? Scans for all kinds of stupid shit™? Malware? Advertising? Tracking? Spying? ..
Ukraine says ‘massive’ Russian attack targeted energy infrastructure ⌘ Read more
Man re-arrested at airport over Manchester synagogue attack
A 30-year-old man was re-arrested at Manchester Airport earlier, Counter Terrorism Policing said. ⌘ Read more
Man re-arrested at airport over Manchester synagogue attack
A 30-year-old man was re-arrested at Manchester Airport earlier, Counter Terrorism Policing said. ⌘ Read more
Man re-arrested at airport over Manchester synagogue attack
A 30-year-old man was re-arrested at Manchester Airport earlier, Counter Terrorism Policing said. ⌘ Read more
Man re-arrested over Manchester synagogue attack
A 30-year-old man was re-arrested at Manchester Airport earlier. ⌘ Read more
Jeremy Bowen: There’s now a realistic chance of ending the war - but it’s not over yet
For the first time since the Hamas attacks on Israel two years ago, there is a realistic chance of ending the horrors ⌘ Read more
Security updates for Thursday
Security updates have been issued by AlmaLinux (gnutls, kernel, kernel-rt, and open-vm-tools), Debian (chromium, python-django, and redis), Fedora (chromium, insight, mirrorlist-server, oci-seccomp-bpf-hook, rust-maxminddb, rust-prometheus, rust-prometheus_exporter, rust-protobuf, rust-protobuf-codegen, rust-protobuf-parse, rust-protobuf-support, turbo-attack, and yarnpkg), Oracle (iputils, kernel, open-vm-tools, redis, and valkey), Red Hat (perl-File-Find-Rule and perl-File-Find-Rul … ⌘ Read more
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.
Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics ⌘ Read more
Synagogue attacker pledged allegiance to ‘Islamic State’ in 999 call
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Synagogue attacker pledged allegiance to ‘Islamic State’ in 999 call
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Baroness Lawrence calls for new investigation after killer admits attack
She said it was ‘shocking’ that police had known about David Norris’s admission that he took part in the racist attack. ⌘ Read more
Baroness Lawrence calls for new investigation after killer admits attack
She said it was ‘shocking’ that police had known about David Norris’s admission that he took part in the racist attack. ⌘ Read more
Synagogue attacker pledged allegiance to ‘Islamic State’ in 999 call
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call after attack
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call after attack
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call after attack
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Jihad Al-Shamie pledged allegiance to ‘Islamic State’ in 999 call after attack
Police confirm the attacker made the call after he crashed his car into a brick wall. ⌘ Read more
Three killed in latest Ukrainian strike on Russia’s Belgorod region
Wednesday’s attack comes days after a similar strike caused mass power cuts. ⌘ Read more
At least 24 killed as army paraglider bombs Myanmar Buddhist festival
Locals tell the BBC the carnage has made it hard to identify victims of the military attack. ⌘ Read more
At least 24 killed as army paraglider bombs Myanmar Buddhist festival
Locals tell the BBC the carnage has made it hard to identify victims of the military attack. ⌘ Read more
At least 24 killed as army paraglider bombs Myanmar Buddhist festival
Locals tell the BBC the carnage has made it hard to identify victims of the military attack. ⌘ Read more
Stealing Part of a Production Language Model (2024)
We introduce the first model-stealing attack that extracts precise, nontrivial information from black-box production language models like OpenAI’s ChatGPT or Google’s PaLM-2. Specifically, our attack recovers the embedding projection layer (up to symmetries) of a transformer model, given typical API access. For under $20 USD, our attack extracts the entire projection matrix of OpenAI’s ada and babbage language models. We thereby confirm, for the first time, that these black-box … ⌘ Read more
Dog attacks are still rising - even after the XL bully ban
With close to 32,000 dog attacks recorded in England and Wales last year, is there a better solution? ⌘ Read more
High security a fact of life for UK Jewish community living in fear of attack
Leaders in the UK’s tight-knit Jewish population are asking what more can be done to keep their institutions safe. ⌘ Read more
Surge in shark-tracking app downloads following fatal Sydney attack
There has been a surge in downloads of the SharkSmart app following the fatal attack of a Northern Beaches surfer — in a sign the incident has left some nervous to get back into the water. ⌘ Read more
Two arrested over nursery cyber-attack
Pair held by police investigating a hack on a chain of London-based nurseries. ⌘ Read more
Two arrested over nursery cyber-attack
Pair held by police investigating reports of attack on a chain of London-based nurseries. ⌘ Read more
Two arrested over nursery cyber-attack
Pair held by police investigating reports of attack on a chain of London-based nurseries. ⌘ Read more