|
|
|
|
|
|
by mdhb
237 days ago
|
|
|
I recently wrote a deception / honeypot service that does some similar stuff so that all makes sense to me and I think the general strategy of impose costs on attackers by making them expose more of their infrastructure etc are actually a really good move especially in the context of developing an early warning signal. I had some additional logic that gave me a really easy but unintuitive way to tell with an incredibly high degree of confidence the difference between a bot and a human on keyboard scenario and for what it’s worth I think that is the specific thing that makes it worth the effort. If I have reasons to suspect it’s a bot I just drop the request and move on with my day. The signal to noise ratio isn’t worth it to me. |
|
|
So we made coffee-money wasting spammers time, and attacks stayed rudimentary. =3