Comment by bflesch

Comment by bflesch 2 days ago

I assume it'll be hard for them to notice because it's all coming from Azure IP ranges. OpenAI has very big credit card behind this Azure account so this vulnerability might only be limited by Azure capacity.

I noticed they switched their crawler to new IP ranges several times, but unfortunately Microsoft CERT / Azure security team didn't answer to my reports.

If this vulnerability is exploited, it hits your server with MANY requests per second, right from the hearts of Azure cloud.

grahamj 2 days ago

Note I said outgoing, as in the crawlers should be throttling themselves

Reply View 3 replies

bflesch 2 days ago

Sorry for misunderstanding your point.
I agree it should be throttled. Maybe they don't need to throttle because they don't care about cost.
Funny thing is that servers from AWS were trying to connect to my system when I played around with this - I assume OpenAI has not moved away from AWS yet.
Also many different security scanners hitting my IP after every burst of incoming requests from the ChatGPT crawler Azure IP ranges. Quite interesting to see that there are some proper network admins out there.

Reply View | 2 replies
- jillyboel 2 days ago
  
  They need to throttle because otherwise they're simply a DDoS service. It's clear they don't give a fuck though, like any bigtech company. They'll spend millions on prosecuting anyone who dares to do what they perceive as a DoS attack against them, but they'll spit in your face and laugh at you if you even dare to claim they are DDoSing you.
  
  Reply View | 0 replies
- grahamj 2 days ago
  
  yeah it’s fun out on the wild internet! Thankfully I don’t manage something thing crawlable anymore but even so the endpoint traffic is pretty entertaining sometimes.
  What would keep me up at night if I was still more on the ops side is “computer use” AI that’s virtually indistinguishable from a human with a browser. How do you keep the junk away then?
  
  Reply View | 0 replies