|
|
|
|
|
|
by tragicpapercut
2575 days ago
|
|
|
And for companies that don't do business with those countries - this is not a loss. Most "asshole" traffic I see falls into one of two categories - attempts to exploit vulnerabilities (../../../etc/passwd stuff) and account takeover attacks. The first I can forgive, I don't frankly care where that traffic comes from and the responsibility is entirely mine as website admin to prevent these types of attacks through good coding practices, WAF, etc. The second I have less control over because customers / the general public sucks at security. They re-use passwords they've had for 10 years and won't opt-in to 2fa. And as a merchant, my company generally eats the cost of fraud that these attacks generally result in. If no or little legitimate traffic is coming from Tor, and a significant percentage of malicious traffic is coming from Tor - at great cost to me / my company - why the hell would I allow it to continue? |
|
|