Jump to content

The fuck is this supposed to do?

Zikama

By Zikama
in Archive

 Share

Recommended Posts

Zikama Adamantite Poster

Zikama

Posted
  • Author
Posted

CloudFlare is designed to accelerate and secure any website. The system works somewhat like a content delivery network (CDN), but is designed to be much easier to setup and configure. A lot of sites use it to protect their sites from any threats.

 

I know that the site has been hosted on Cloudflare for a while, but It's only from today I've noticed that page when I access OSbot, never before.

 

  • Like 1
Link to comment
Share on other sites
bellic Black Poster

bellic

Posted
Posted

CloudFlare is designed to accelerate and secure any website. The system works somewhat like a content delivery network (CDN), but is designed to be much easier to setup and configure. A lot of sites use it to protect their sites from any threats.

You mean like against a ddos? Then how come they were able to take osbot down with a layer 7 ddos.
Link to comment
Share on other sites
Bobrocket Adamantite Poster

Bobrocket

Posted
Posted

Other bots have this system implemented too. It seems this optional addon was added within the last couple of days

 

This check ensures that you're not part of a botnet, and in order to pass the check you need to have javascript enabled on your browser

 

apa

 

It's not necessarily JavaScript that they check for, as some legitimate users do indeed have JS disabled. It's moreso checking for footprints, eg if you're under a HTTP flood you may see a lot of requests like this:

GET /forum/ HTTP/1.1
Host: osbot.org
User-Agent: Opera 9.0
Accept: */*;text/plain;text/html;application/json

Now, if you see 1000 requests similar to this every second (with different IPs), you know they are all there for the same intent which is to take the site down.

There is also another type of flood, called Slowloris, which utilises open HTTP POST connections to flood the server.

A request for that may look like this:

POST /forum/ HTTP/1.1
Host: osbot.org
User-Agent: Opera 9.0
Content-Length: 999999999999999999

(at this point, the request is open and the server is receiving all the data until it reaches length 999999999999999999, which the end user exploits)

If a request like that happens, then it's likely an attacker.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...