Comment by rhaps0dy

Comment by rhaps0dy 4 days ago

latest update from Xe:

> After further investigation and communication. This is not a bug. The threat actor group in question installed headless chrome and simply computed the proof of work. I'm just going to submit a default rule that blocks huawei.

scratchyone 4 days ago

this kinda proves the entire project doesn't work if they have to resort to manual IP blocking lol

Reply View 4 replies

troyvit 4 days ago

It doesn't work for headless chrome, sure. The thing is that often, for threats like this to work they need lots scale, and they need it cheaply because the actors are just throwing a wide net and hoping to catch it. Headless chrome doesn't scale cheaply so by forcing script kiddies to use it you're pricing them out of their own game. For now.

Reply View | 0 replies
Aachen 3 days ago

Doesn't have to be black or white. You can have a much easier challenge for regular visitors if you block the only (and giant) party that has implemented a solver so far. We can work on both fronts at once...

Reply View | 2 replies
- 1gn15 3 days ago
  
  The point is that it isn't "implementing a solver", it's just using a browser and waiting a few seconds.
  
  Reply View | 1 reply
  
  Aachen 2 days ago
  
  That counts as something that can solve it, yes. Apparently there's now exactly one party in the world that does that (among the annoying scrapers that this mechanism targets). So until there are more...
  
  Reply View | 0 replies