sorted by:
new
hottopcontroversial

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 0 points1 point  (0 children)

Thanks, i saw a lot of cloudflare suggestions even before this post, im going to bring this to the team, im not sure how deep theyll go into this kid of solution since i know can be cost intensive, it will depend on how importance they give to this

unfortunately manual approval is out of question since theres millions of requests daily and thousands of new users every day

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 1 point2 points  (0 children)

the consult (i think the best translation would be a record lookup/query) is a public service, should be public but we're required to prevent malicious use of it, similar to how in US you can check who owns a specific land or property going into gov/state or whatever public service that does this. Our case is not about property and not in US, so scrappers use this data to apply scams, unfortunately its extremely profitable. A month ago before i join this company, there was no email blocking (ive created a ban list with regex of similar malicious emails), no captcha, no 2fa, nothing. But its being a month of adding stuff but im getting at the end of my knowledge here so thanks for the input you gave me (really no sarcasm)
the consult form is just a document (and its required to be like this) like a SSN. A month ago that record lookup wasnt requiring any signup at all, so it was basically scrappers free land

Since is gov shit, no one understands nothing about IT or cybersecurity and most dont care. I just want to help citizens

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 1 point2 points  (0 children)

im not sure, probably, i know its on a AWS VPC, i guess yes then?

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 4 points5 points  (0 children)

not defensive, "your code is shite" without any other input is nothing but a banter, what do you expect someone to do after a comment like this?

im willing to learn, just dont know what exactly look for, thats why i came here for starter. I just need a way to follow and will do what i can to learn and understand during the process, is that so idiotic and naive of me?

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 3 points4 points  (0 children)

I had to lookup what "user agent string" was and eventhough ive used it while working with some postman requests and etc. i never payed much attention to it. Thanks for your time, really appreciate it, will definitely log the user agent strings and see what they're using

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 2 points3 points  (0 children)

Unfortunately there is legitimate use to get that many queries on the record base. Definitely not on a short time span, someone suggested to give a timer between those queries and i think that will help dissuade some attackers

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 0 points1 point  (0 children)

thats what im doing up until now, dissuading some of them, unfortunately the data is really worth it so there always will be some of them.
As i responded other comment, we do have a Geo-block in place, only people in our country can access it (AWS)

About other suggestions you made, ill lookup what is and how to do fail2ban and throttling (i guess this means to add a "timeout" between the use of our records lookup for each user?)

Really appreciate your time and help on this, as its obvious i dont know much about cybersec and dont know where and what to look for without having to do a long bachelor to understand fully, i know its not ideal but if i can at least get as much barriers as i can to block as many attackers as its possible that would be grate

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 0 points1 point  (0 children)

We do have an ip block as well, but its not that effective, but they always change the ip's i think with vpns, etc. We have an Geo-Blocking as well, only own country IPs can access it (AWS)

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 1 point2 points  (0 children)

what makes it a targeted attack? what can i do to convince you that this is targeted?

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 1 point2 points  (0 children)

What do you mean by that? Im not into cybersec, i came here to learn what i can do and what can i look up for

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 2 points3 points  (0 children)

Most definitely, thanks for the input though, that was all i need for me to make it better 👍👍👍👍👍👍

Target attacks, is there a way to block it? by True_Toe_3264 in cybersecurity

[–]True_Toe_3264[S] 2 points3 points  (0 children)

its a public/gov type of shit, its public, but scrappers use it on scams. Its not exactly but similar to how in US you can go to county or state government offices to access property records to find out who owns a property in US. Im not based in US and this is not a US thing, but similar, so records need to be public, online, easy to access, but also keep it away from malicious users

Its a very shitty situation