undefined | Better HN

0 pointssantah5y ago0 comments

This is a good question I don't have an answer to.

I'll try and find out and also I'll have to learn exactly what "slowloris" is. It may be helpful indeed!

0 comments

2 comments · 1 top-level

speedgoose5y ago· 1 in thread

slowloris is an old attack on HTTP. The idea is to send garbage HTTP headers as slow as possible while keeping the TCP connection open, you send one letter every 5 seconds for example. The HTTP stack on the other side stays busy waiting for HTTP headers and can't do anything else meanwhile.

It's usually targeted to webservers, before most HTTP servers got fixed you could DDOS a server with a tiny connection, but some HTTP clients can also be vulnerable.

But you may find better usage of your time than implementing this.

gnyman5y ago

I had not heard about slowloris, thanks for the tip. I am always on the lookout for ways to make life harder for scrappers and scanners.

In this case though, to defeat scrapers maybe create some link which only the scraper sees and leave a "gzip-bomb"' like described here https://blog.haschek.at/2017/how-to-defend-your-website-with... and see how their scraper handle that :-)

Personally I just used a html-fuzzer to generate 5 MiB of junk html and named it wp-login.php :-) And a ssh-tarpit

j / k navigate · click thread line to collapse