[Hpr] Implemented a deny list on HPR

Joshua Knapp jknapp85 at gmail.com
Tue Mar 19 07:33:28 PDT 2013


Chances are these aren't people actively attacking HPR so much as bots
from infected systems/account trying to add one more system to its
ranks. We see scans on systems frequently and we do block them when
they get our attention.

If someone is interested in trying to hack a site, I recommend we
setup a sandbox, through dummy data on it and snapshot it. Then if it
gets hacked, we can roll back and fix what ever went wrong.  Then we
take what we learned and protect HPR with it.

Just because we are hacker, does not mean we should allow others to
attack what we feel is important online, just to see what they can do.
 We should always look to improve our security ourselves before a
successful attack.

--Josh (aka shadow)

Sent from my iPhone

On Mar 19, 2013, at 6:31 AM, StankDawg <stankdawg at stankdawg.com> wrote:

> Our hosting company might not feel the same way. We have to treat them as real attacks which we get all the time and I have banned for years. If they draw the attention of the hosting company we risk getting in trouble with them. They don't want to be attacked.
>
> Sent from my iPhone but don't judge me. I use it because it is convenient and useful not because it is some hipster accessory.
>
> On Mar 19, 2013, at 4:40 AM, Ken Fallon <ken.fallon at gmail.com> wrote:
>
>> Hi All,
>>
>> I have just banned 341 ip addresses from accessing HPR that were
>> attempting to use known exploits to attack the site.
>>
>> I'm not sure how this fit's in with the HPR hacking ethos so I'm
>> interested to hear if this is something you want or not.
>>
>> The site is basically a cpanel install, a cms, the shows and a
>> database and pretty much all of it is available in the feed so there
>> is actually nothing to steal.
>>
>> If you do wish to hack the site (probably not that hard to do) so that
>> we can improve the security, please send me an email and I'll remove
>> the ban on your IP address.
>>
>> Your thoughts as ever please.
>>
>> Ken.
>>
>> _______________________________________________
>> Hpr mailing list
>> Hpr at hackerpublicradio.org
>> http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org
>
> _______________________________________________
> Hpr mailing list
> Hpr at hackerpublicradio.org
> http://hackerpublicradio.org/mailman/listinfo/hpr_hackerpublicradio.org




More information about the Hpr mailing list