450
submitted 4 months ago* (last edited 4 months ago) by tek@calckey.world to c/technology@lemmy.world
you are viewing a single comment's thread
view the rest of the comments
[-] IphtashuFitz@lemmy.world 3 points 4 months ago

I know some sites have experimented with feeding bots bogus data rather than blocking them outright.

My employer spotted a bot a year or so ago that was performing a slow speed credential stuffing attack to try to avoid detection. We set up our systems to always return a login failure no matter what credentials it supplied. The only trick was to make sure the canned failure response was 100% identical to the real one so that they wouldn’t spot any change. Something as small as an extra space could have given it away.

this post was submitted on 19 Jul 2024
450 points (99.3% liked)

Technology

59773 readers
5118 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS