|
|
|
|
|
|
by DevMonkey
5119 days ago
|
|
|
How do you keep a nefarious script kiddie from filling up your logs with bogus data? My thoughts were this: 1. Set the window.onerror to immediately push errors to an array
2. Load a small unique script that will create a basic sendError function to post the onerror arguments to an endpoint with a unique csrf set.
3. Loop through the arguments that are queued up and send them to the endpoint.
4. Replace the window.onerror with the sendError function. Your endpoint can be an API that will log the data to either something like Graylog2 or whatever your favorite logging system is. Not 100% bullet proof but better then nothing. |
|
|
You don't. Such a behavior is boring to them, so most won't. It does not provide money nor a way into the server, so no motivation.
If they want to DOS you they have many possible methods, adding this doesn't really change anything.