WingNews logo WingNews
top | item 46425902

(no title)

Sakura-sx | 2 months ago

Are you using a proxy? If you aren't that would be concerning, since false positives are way worse than false negatives.

If you are then it means the score is sometimes a bit lower and sometimes a bit higher than 0.1, which is the threshold for getting blocked.

If you want to know the exact score, you can check https://aroma.global.ssl.fastly.net/score

It's set at a low threshold since I want to avoid blocking regular users at all costs, I think the detection can be improved a lot by using more data and not a single division to calculate the score, in this case it's a somewhat simple PoC.

Thanks for taking the time to test it, I really appreciate it!

discuss

order

JDye|2 months ago

I'm testing using our residential proxies.

It's a super cool tool, I've been wondering about an open source tool doing this since reading about the technique in one of Nikolai Tschacher's blog posts years ago (https://incolumitas.com/pages/about/).

There's a few ways to work around this, but I think it's one of the best signals available to detect low-effort/common proxy providers.

Sakura-sx|2 months ago

Oh I haven't seen that before, it's really cool, thank you for showing me that!

I want to clarify that the approaches are a bit different, they use IP intelligence too and this approach doesn't use any kind of websockets, which is a really good idea, and I have to admit I didn't think of that, but sadly it's not really possible to do it with Fastly.

Another big difference is that this could work with any TCP application, not only HTTP, and if you do it with HTTP/S you can know if it's a proxy or not on a request basis and totally passively, without adding any delay or changing the code of the app.

But yeah, it's a really cool demo, thanks again!