Lite mode. Switch to Full
invert_colors
NeoNeo LightDefaultLow SaturationWashed OutKrautchanHamstakillaMintboardBronnenFutaba
logout
/b/
/b/
/int/ - Son of KC/map/ - Map Board/h3d/ - 3d Board/gpt/ - Bernd GPT/o/ - About/ban/ - Ban appeals/b/ - Random/c/ - Court/d/ - Images/de/ - Deutsch/fit/ - Fitness/kb/ - Dating Apps & Related/ml/ - Military/mu/ - Music/oc/ - Original Content/out/ - Outdoor/pol/ - Política/ru/ - Русскоязычная/s/ - Sports/sci/ - Science/sht/ - Shit Talk/stalin/ - Capitalism Bashing/t/ - Torrents/tech/ - Technology/tv/ - Movies and Television/v/ - Video Games/war/ - War/z/ - Anime/bog/ - Bog/igor/ - Igor Blog
Post a Replyarrow_backarrow_downward
BrazilBernd2020-01-30 00:00:54 · 6yNo. 90855reply
1nWABPz.jpg
1nWABPz
image/jpeg 53.17 KB
After the incident on moonchan, some people defended vichan's anti-spam method of using random hidden inputs. So I wrote a proof of concept automated method of picking up these inputs for posting.
 
http://paste.debian.net/1128272/
 
This is script is not for spam, it makes a single post on a thread and it even requires a file. If you send none, vichan thinks it was automated. So there's some room for improvement over there.
×
BerndBernd2020-01-30 00:07:27 · 6yNo. 90856reply
Yes, parsing form fields from html is pretty simple indeed.
Moonchan is already down after i tested my vichan spamming client for 10 minutes on it.
×
BerndBernd2020-01-30 00:13:52 · 6yNo. 90857reply
Also i can confirm that LynxChan has better protection compared to ViChan(which is just a pile of shitcode nobody ever bothered to refactor).
Picrel, Left is what it takes to spam LynxChan, right is ViChan
×
BerndBernd2020-01-30 00:18:40 · 6yNo. 90858reply
Also nice shilling against your competitiors Stephen
×
BrazilBernd2020-01-30 00:20:49 · 6yNo. 90859reply
I'm just playing the role of a gray hat. I didn't say a single fucking word against the guy spreading a script to spam lynxchan around. If people are going to trust a broken protection, I won't hesitate in showing it's cracks.
 
If a system can be automatically spammed, the fault is on the system.
×
BerndBernd2020-01-30 00:41:50 · 6yNo. 90860reply
Wait is there a a public script to spam lynxchan?
>If a system can be automatically spammed, the fault is on the system.
Right.
×
BrazilBernd2020-01-30 00:44:54 · 6yNo. 90861reply
Yeah, but there's nothing special to it. LynxChan is not meant to be obfuscated.
×
BerndBernd2020-01-30 00:50:52 · 6yNo. 90862reply
No-js policy makes it harder to implement good anti-bot protection without cloudflare(which kinda defeats the purpose of no-js anyway)
×
BrazilBernd2020-01-30 00:53:28 · 6yNo. 90863reply
You can't do much that isn't just obfuscation with js, tho.
×
BerndBernd2020-01-30 00:59:11 · 6yNo. 90864reply
You can make complicated evolving handshake and confirmation sequences apply it to js fingerprinting capabilities with some machine learning and it makes it pretty hard to crack.
Distil network is a commercial example of such techniques. As well as cf but cf is not that advanced.
×
BerndBernd2020-01-30 01:00:09 · 6yNo. 90865reply
But as an open source project i dont think its an option, maybe if you make closed source module for it or something, but its entirely different story.
×
BrazilBernd2020-01-30 01:00:23 · 6yNo. 90866reply
So you either make the code proprietary or people can easily replicate the handshake. Am I missing something here?
×
BerndBernd2020-01-30 01:15:53 · 6yNo. 90867reply
Yeah almost, see >>90865
But at least you can stack layers of protection to make it harder to crack, even being open source.
×
BrazilBernd2020-01-30 01:18:10 · 6yNo. 90868reply
I follow the maze mentality.
If all you are building is a maze that is perfectly traversable, you might as well not build anything at all. You are just stacking your time building it against the attacker traversing it. And once the attacker figures it out, your time was simply wasted.
×
BerndBernd2020-01-30 01:20:38 · 6yNo. 90869reply
You just raising entry level. And once its high enough people will only be able to solve it after dedicating time and money. And even if they do they wont share their work with public. But overall i think you right, let cloudflare do its thing and better spend time improving end user experience.
×
BrazilBernd2020-02-01 16:19:52 · 6yNo. 92434reply
Test
×
×
/b/Post a Replyarrow_backarrow_upward