Remix clone Hacker News

new | show | ask | jobs Github

▲

daveoc64 6 hours ago

Seems pretty easy to cause problems for other people with this.

If you follow the link at the end of my comment, you'll be flagged as an LLM.

You could put this in an img tag on a forum or similar and cause mischief.

Don't follow the link below:

https://www.owl.is/stick-och-brinn/

If you do follow that link, you can just clear cookies for the site to be unblocked.

▲

kijin 5 hours ago | parent | next [-]

If a legit user accesses the link through an <img> tag, the browser will send some telling headers. Accept: image/..., Sec-Fetch-Dest: image, etc.

You can also ignore requests with cross-origin referrers. Most LLM crawlers set the Referer header to a URL in the same origin. Any other origin should be treated as an attempted CSRF.

These refinements will probably go a long way toward reducing unintended side effects.

▲

6 hours ago | parent | prev | next [-]

[deleted]

▲

kazinator 6 hours ago | parent | prev [-]

You do not have a meta refresh timer that will skip your entire comment and redirect to the good page in a fraction of a second too short for a person to react.

You also have not used <p hidden> to conceal the paragraph with the link from human eyes.

▲

nvader 5 hours ago | parent [-]

I think his point is that the link can be weaponized by others to deny service to his website, if they can get you to click on it elsewhere.

	▲	kazinator 4 hours ago \| parent [-]
		I see. Moreover, there is no easy way to distinguish such a fetch from one generated by the bad actors that this is intended against. When the bots follow the trampoline page's link to the honeypot, they will - not necessarily fetch it soon afterward; - not necessarily fetch it from the same IP address; - not necessarily supply the trampoline page as the Referer. Therefore you must assume that out-of-the-blue fetches of the honeypot page from a previously unseen IP address must be bad actors. I've mostly given up on honeypotting and banning schemes on my webserver. A lot of attacks I see are single fetches of one page out of the blue from a random address that never appears again (making it pointless to ban them). Pages are protected by having to obtain a cookie from answering a skill testing question.