馃懡 haze

Wow! Cyber attacks on Gemini is now a thing!! Just saw SQL injections attempts in TLGS's log this morning (I log system errors).

I totally welcome people attacking the service with good will, trying to find vulns and report. Hopefully this is that.

If not, good luck pwning it, enjoy the near-OpenBSD level of paranoia protections. Dedicated user, unveil(), hardened malloc, etc...

9 months ago 路 馃憤 marmarper, acidus, barnaba

Actions

馃憢 Join Station

4 Replies

馃懡 acidus

hahaha! I spent about a decade Breaking into websites, and thought it might be fun to adjust some CGI scanners against Gemini. But actually it wasn鈥檛 me 馃槆 If it was I would totally tell you 路 9 months ago

馃懡 haze

@krixano Yeah, sounds like good idea. I'll see what I can do. Maybe to test each server that has security.txt avaliable. So we can automatically alart the capsule owner if say directory treversal is possible. 路 9 months ago

馃懡 krixano

We definitely should have some security experts testing servers out automatically for security stuff - as long as they are doing it to help fix security problems, that is. 路 9 months ago

馃懡 krixano

I was getting some directory traversal attacks on my server. I would bet @acidus has his search engine do this to test servers and send them an email about the vulnerability, since he wrote a post about it. Thankfully, my server shouldn't be vulnerable to those attacks. 路 9 months ago