| ▲ | JohnMakin 2 days ago |
| Nice find, I think one of my sites actually got recently hit by something like this. And yea, this kind of thing should be trivially preventable if they cared at all. |
|
| ▲ | zanderwohl a day ago | parent | next [-] |
| IDK, I feel that if you're doing 5000 HTTP calls to another website it's kind of good manners to fix that. But OpenAI has never cared about the public commons. |
| |
| ▲ | chefandy 13 hours ago | parent | next [-] | | Nobody in this space gives a fuck about anyone outside of the people paying for their top-tier services, and even then, they only care about them when their bill is due. They don't care about their regular users, don't care about the environment, don't care about the people that actually made the "data" they're re-selling... nobody. | |
| ▲ | marginalia_nu a day ago | parent | prev [-] | | Yeah, even beyond common decency, there's pretty strong incentives to fix it, as it's a fantastic way of having your bot's fingerprint end up on Cloudflare's shitlist. | | |
| ▲ | bflesch 10 hours ago | parent [-] | | Kinda disappointed by cloudflare - it feels they have quite basic logic only. Why would anomaly detection not capture these large payloads? There was a zip-bomb like attack a year ago where you could send one gigabyte of the letter "A" compressed into very small filesize with brotli via cloudflare to backend servers, basically something like the old HTTP Transfer-Encoding (which has been discontinued). Attacker --1kb--> Cloudflare --1GB--> backend server Obviously the servers who received the extracted HTTP request from the cloudflare web proxies were getting killed but cloudflare didn't even accept it as a valid security problem. AFAIK there was no magic AI security monitoring anomaly detection thing which blocked anything. Sometimes I'd love to see the old web application firewall warnings for single and double quotes just to see if the thing is still there. But maybe it's misconfiguration on side of cloudflare user because I can remember they at least had a WAF product in the past. | | |
| ▲ | benregenspan 3 hours ago | parent [-] | | > But maybe it's misconfiguration on side of cloudflare user because I can remember they at least had a WAF product in the past They still have a WAF product, though I don't think anything in the standard managed ruleset will fire just on quotes, the SQLi and XSS checks are a bit more sophisticated than that. From personal experience, they will fire a lot if someone uses a WAF-protected CMS to write a post about SQL. |
|
|
|
|
| ▲ | dewey a day ago | parent | prev [-] |
| > And yea, this kind of thing should be trivially preventable if they cared at all. Most of the time when someone says something is "trivial" without knowing anything about the internals, it's never trivial. As someone working close to the b2c side of a business, I can’t count the amount of times I've heard that something should be trivial while it's something we've thought about for years. |
| |
| ▲ | bflesch a day ago | parent | next [-] | | The technical flaws are quite trivial to spot, if you have the relevant experience: - urls[] parameter has no size limit - urls[] parameter is not deduplicated (but their cache is deduplicating, so this security control was there at some point but is ineffective now) - their requests to same website / DNS / victim IP address rotate through all available Azure IPs, which gives them risk of being blocked by other hosters. They should come from the same IP address. I noticed them changing to other Azure IP ranges several times, most likely because they got blocked/rate limited by Hetzner or other counterparties from which I was playing around with this vulnerabilities. But if their team is too limited to recognize security risks, there is nothing one can do.
Maybe they were occupied last week with the office gossip around the sexual assault lawsuit against Sam Altman. Maybe they still had holidays or there was another, higher-risk security vulnerability. Having interacted with several bug bounties in the past, it feels OpenAI is not very mature in that regard. Also why do they choose BugCrowd when HackerOne is much better in my experience. | | |
| ▲ | fc417fc802 a day ago | parent [-] | | > rotate through all available Azure IPs, ... They should come from the same IP address. I would guess that this is intentional, intended to prevent IP level blocks from being effective. That way blocking them means blocking all of Azure. Too much collateral damage to be worth it. | | |
| ▲ | jackcviers3 15 hours ago | parent [-] | | It is. There are scraping third party services you can pay for that will do all of this for you, and getting blocked by IP. You then make your request to the third-party scraper, receive the contents, and do with them whatever you need to do. |
|
| |
| ▲ | a day ago | parent | prev | next [-] | | [deleted] | |
| ▲ | grahamj a day ago | parent | prev | next [-] | | If you’re unable to throttle your own outgoing requests you shouldn’t be making any | | |
| ▲ | bflesch a day ago | parent [-] | | I assume it'll be hard for them to notice because it's all coming from Azure IP ranges. OpenAI has very big credit card behind this Azure account so this vulnerability might only be limited by Azure capacity. I noticed they switched their crawler to new IP ranges several times, but unfortunately Microsoft CERT / Azure security team didn't answer to my reports. If this vulnerability is exploited, it hits your server with MANY requests per second, right from the hearts of Azure cloud. | | |
| ▲ | grahamj a day ago | parent [-] | | Note I said outgoing, as in the crawlers should be throttling themselves | | |
| ▲ | bflesch a day ago | parent [-] | | Sorry for misunderstanding your point. I agree it should be throttled. Maybe they don't need to throttle because they don't care about cost. Funny thing is that servers from AWS were trying to connect to my system when I played around with this - I assume OpenAI has not moved away from AWS yet. Also many different security scanners hitting my IP after every burst of incoming requests from the ChatGPT crawler Azure IP ranges. Quite interesting to see that there are some proper network admins out there. | | |
| ▲ | jillyboel a day ago | parent | next [-] | | They need to throttle because otherwise they're simply a DDoS service. It's clear they don't give a fuck though, like any bigtech company. They'll spend millions on prosecuting anyone who dares to do what they perceive as a DoS attack against them, but they'll spit in your face and laugh at you if you even dare to claim they are DDoSing you. | |
| ▲ | grahamj a day ago | parent | prev [-] | | yeah it’s fun out on the wild internet! Thankfully I don’t manage something thing crawlable anymore but even so the endpoint traffic is pretty entertaining sometimes. What would keep me up at night if I was still more on the ops side is “computer use” AI that’s virtually indistinguishable from a human with a browser. How do you keep the junk away then? |
|
|
|
| |
| ▲ | jillyboel a day ago | parent | prev [-] | | now try to reply to the actual content instead of some generalizing grandstanding bullshit |
|
