The bot-fighting is a continuous battle. On this week's video, I focus on how we're tweaking Cloudflare Turnstile and mixing extra attributes round how bot-like requests are, and… it nearly labored. Simply as I used to be making ready to write down this intro, I discovered a small spike of anomalous visitors that, upon additional investigation, ought to have been blocked. So we've pivoted once more, including but extra logic to attempt to give legit people one of the best expertise attainable while making it painful for the bots. Luckily, we're doing this with assets which have minimal impression if a restricted variety of bot requests come by means of, but it surely does make for a difficult if not considerably infuriating expertise.
References
- Sponsored by: Report URI: Guarding you from rogue JavaScript! Don’t get pwned; get real-time alerts & forestall breaches #SecureYourSite
- We've now recognized the primary spherical of companions to onboard to HIBP (these are corporations that may assist victims "after the breach")
- ColoCrossing had a breach that uncovered 7k buyer electronic mail addresses for his or her cloud service (seems like this simply ColoCloud)
- We love the HIBP merch retailer, however Teespring's assist is completely woeful (we'll transfer to an alternate supplier within the very close to future)
- We're nonetheless tweaking Cloudflare's Turnstile to maintain the dangerous guys out and the nice guys in (that's a hyperlink to the HIBP homepage which we expect we’ve got dialed in fairly good now, see in case you get a pleasant async request or a full web page post-back)
