New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Not interested in your personal ephiphanies of how the Internet and World Wide Web works. You're creating a mess that does not need to exist. What you need to accept is that your software causes more harm than good, certainly in the cases I have witnessed.
Why the hell did you have to bring me into this!?
Not this shit again
Blocking the IP has a set of disadvantages.
If you block an IP, you block it for a specific time. Attacker can, and already do abuse this behaviour and simply return after the timeout.
If it was a false positive, then the visitor is banned, gets frustrated and leave the site.
Our greylisting helps to mitigate both.
The problem in this case was after an initial greylisting (which was probably not a false positive, but I can't tell more since @ricardo doesn't reveal the IP) So after the initial incident there were other requests. The requests were too slow for the internal flood protection to ban the IP, but they were coming constantly, so the IP reached a threshold when we trigger to send out a report.
Every day we get tons of email appreciating our reports and saying how helpful they were for investigating server infections or asking for help to clean their systems. We are happy to help, and proud to be a helpful free data provider for server owners. In case of a false positive we always try to find the root cause.
I dont entirely understand how this business plan is supposed to work over the long term. If, as a security company, you send out massive amounts of false positives to providers the confidence in you as a company will plummet over time (which we can already see here). Without confidence youre rather useless as a security company that relies on others believing your word.
No You don't.
No your not.
Only because you use it to spam your service and make people pay to 'really' use it, you rarely respond to emails.
No you don't, you continue to work in your echo chamber despite being proven to have a flawed method over and over again.
I double checked, and just realised we actually do use 403 status code for the CAPTCHA page since 12 Jan 2017. We had a bug with the first implementation, but then it has been fixed and released. So the the CAPTCHA page has status code 403.
We secure almost 2 000 servers. Process 1 500 000 incidents a day and send out 15 000 reports. On this forum there are some users who suffered a server suspend because of our reports. I'm so sorry about it, and we do everything to avoid it in the future. Still I think this rate of false positive is very low and our reports helps a lot.
Thanks to this forum thread we have made our process better by:
- sending the reports less frequently
- changed the CAPTCHA page status code form 200 to 403
- decided to implement a self service IP removal (which we will implement in Q2)
so thank you all for the feedback, and I hope we can keep up the conversation.
notice how many people are backing you up?
Not 1 person here, WHT, reddit, or literally anywhere else, apart from these mythical thank you emails you apparently get.
Maybe there is a reason for that?
Ever googled bitninja? any potential customer that ever does will never decide to use you.
If you are not already Bitninja's customer, sending requests to your own server is probably meaningless. They couldn't see it. They could only monitor requests to their customers' servers.
Would you like to share the incident detail section of those "you are attacking other servers" email? Maybe we can find some clues of what happened in them.
Have you provided the ip blocks to the companies who do crawling like MJ12 and requested it?
I'm pretty sure they not spread the list.
+1
Hopeless.
Sounds about right.
EDIT: I just realized that's over 200$ worth of mailgun emails...
Or 15 bucks of SES
Wow this shit is still going? Lol!
Yep, because 'this shit' is still going! lol!
I have to bump this thread as I received a "Your server x.x.x.x has been registered as an attack source" email to abuse@ address from Bitninja regarding emails supposedly sent over 6 months ago (in January) from an IP address not in anyway related to my company (not even on any of the continents we have hosted servers at).
Despicable.
Got one of those today, replied reminding them they are just as shit as they always were.
What I find amusing about this too is every time bitninja comes here to post they create a new account, 5 and counting.
No surprise, they only superficially admit their failings and refuse to acknowledge that their model only hurts the industry,
let's just say they are proven scum, that about sums it up, commercial blacklists... I guess I don't need to explain anymore.
TLDR for anyone who thinks BitNinja is remotely helpful:
https://en.wiktionary.org/wiki/a_stopped_clock_is_right_twice_a_day
Tomorrow my colleagues will investigate this and get back to you with the answer.
My account is the same since the beginning of this post.
Maybe change the topic title to "bitninja abuses reports" or "bitninja abusive reports" or "reporting bitninja abuse"
Piss off.
Tomorrow my colleagues will investigate this and get back to you with the answer.
lol I remember this debacle.
Well yeah, I'd hope you would remember your account details for that long. I obviously meant every time you come here to post, on separate occasions.