![]() This means only ‘new’ requests that haven’t been cached yet will hit my server I only get unique requests that pass by all of these filters.īecause CloudFlare is pretty good at blocking all the automated scanning tools I usually only see the tools that get rate-limited really badly (any frequent hitting of anything but 200 OK gets you a CloudFlare captcha) or manual testing. Another way I reduced the amount of request on the backend server is by enabling a ‘Cache-everything’ page rule on the whole website. ![]() All the internet-noise and normal (known) scanners are blocked by CloudFlare’s automatic filtering of possible ‘harmfull’ requests. Another advantage of having CloudFlare in this situation is the reduction of requests that actually hit my server. ![]() One of the features I’ve enabled on the website is ‘Always Online’ which means that CloudFlare will always cache a latest version of the website even when the real server hosting it goes offline (it will tell the user this occured when serving a cached version). This does mean I give away some ‘control’ over the website itself but on the other hand it also means the website is always online. The webserver serving the static content runs behind ( ) to filter out the internet noise (various automated scans), serve the website over SSL and reduce traffic by allowing CloudFlare to cache everything. The website isn’t a constantly updating website with lots of interaction happening so I feel a lot safer making it completely static it doesn’t impede my ability to work on it or visitors to view and/or use it. The reason for making the website completely static is mostly because of security. All pages are rendered on my personal device and uploaded to the server using SCP. The website itself (the content) is 100% static, there is nothing dynamic on the website anywhere. To make sure this story makes some sense I want to explain how the website is setup. Some weeks ago I noticed someone started to poke the CryptoWall tracker website, this article describes the fun I had messing with the attacker (I’m assuming it was one person, more on that later). Most of the scans (pentests) are automated for all kinds of reasons be it compromising websites to abuse it for CryptoWall proxies (as described ]( )), or simply defacing it for Zone-H ‘credits’. When running a publicly accessible website you can expect to get ‘free security advise’ from the internet in the form of web pentesting and whatnot. I structured all the information about CryptoWall on a website and made it public in the form of a website known as the ‘CryptoWall Tracker’: ( ) On February 10th I released a wealth of information on the CryptoWall ransomware. La utilización es facilísima, solo abres el miniprograma y el solo te genera el archivo.*The game I played with an attacker described in this blog was inspired by a TED talk where someone played games with a 419 scammer: ( )* La miniaplicación, se llama TerrApple - AppLister, y la podeis descargar desde mi web ( xD) o desde AQUÍ Īge of Empires III - The Asian Dynasties.appįinal Cut Pro Additional Easy Setups.localizedĮlordenatres escribió:Bueno, para ayudar y revivir un poco el post, os dejo una aplicación creada por mi, que nos genera un archivo de texto en el escritorio con TODAS nuestras aplicaciones instaladas. Sí solo es un "ls" pero automatiza mucho el trabajo.īuen programa, aunque te salen hasta los propios del so.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |