💾 Archived View for station.martinrue.com › haze › a0ea0348b5cf460ebf6e146a45ff5ddf captured on 2023-09-08 at 17:33:35. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-07-22)

➡️ Next capture (2024-02-05)

-=-=-=-=-=-=-

👽 haze

Wow! Cyber attacks on Gemini is now a thing!! Just saw SQL injections attempts in TLGS's log this morning (I log system errors).

I totally welcome people attacking the service with good will, trying to find vulns and report. Hopefully this is that.

If not, good luck pwning it, enjoy the near-OpenBSD level of paranoia protections. Dedicated user, unveil(), hardened malloc, etc...

1 year ago · 👍 marmarper, acidus, barnaba

Actions

👋 Join Station

4 Replies

👽 acidus

hahaha! I spent about a decade Breaking into websites, and thought it might be fun to adjust some CGI scanners against Gemini. But actually it wasn’t me 😇 If it was I would totally tell you · 1 year ago

👽 haze

@krixano Yeah, sounds like good idea. I'll see what I can do. Maybe to test each server that has security.txt avaliable. So we can automatically alart the capsule owner if say directory treversal is possible. · 1 year ago

👽 krixano

We definitely should have some security experts testing servers out automatically for security stuff - as long as they are doing it to help fix security problems, that is. · 1 year ago

👽 krixano

I was getting some directory traversal attacks on my server. I would bet @acidus has his search engine do this to test servers and send them an email about the vulnerability, since he wrote a post about it. Thankfully, my server shouldn't be vulnerable to those attacks. · 1 year ago