Mastodawn

#Development #Challenges
Webspace invaders · Let’s level up our anti-AI scraping game! https://ilo.im/16ahl8

_____
#AI #Crawlers #RobotsTxt #RateLimiting #WAFs #Cloudflare #IndieWeb #WebDev #Frontend #Backend

Webspace Invaders · Matthias Ott

There’s something happening on the Web at the moment that almost feels like watching that old arcade game Space Invaders play out across our servers. Bots and scrapers marching in formation, attacking our servers wave after wave, systematically requesting page after page, relentlessly filling their data stores while we watch our access logs fill up.

Matthias Ott – Web Design Engineer

Show thread

Kevin Karhan

Jun 19, 2024

@fennix personally, I think that #WAFs are a scam on-par with 3rd party #Antivirus on #Windows and #Mobile OSes like #Android akd #iOS!

Fennix Jun 18, 2024

Defeat all #WAFs with this one simple trick!

Cloudflare/AWS/GCP/Azure hate him...

Append to all response bodies:

<script>zzzzzz=alert</script>

Change all xss detection payloads from
alert() to zzzzzz()

Laugh.

*Note: may require additional inclusion of nonce but don't worry everyone uses a CDN these days and their vetting process is terrible, except in cases where they have no vetting and they just straight hot load from github...

#infosec #pentest

Andrew Howe Feb 15, 2023

Currently at #OWASP Global AppSec Dublin and having a great time! Come say hi if any fellow Mastodonians are also here 🥳 Let's talk #WAFs, #ModSecurity, OWASP Core Rule Set, and load balancing 😄