[Cin] [CinCV TNG] about Cin-GG

matheu matheu at danwin1210.me
Wed Jul 10 17:12:00 CEST 2019


Hi!

Sam:
> Hi Matheu,
> 
> I'm sorry you had trouble subscribing to the mailing list.
> 
> I can disable all the security mechanisms, but as a result we have more
> work with all the manual cleanups caused by spammers. We are exposed to
> many spam attacks every day and use existing protection mechanisms to
> protect ourselves and our community from such attacks. Here are some
> numbers about spam, last weeks 2786 attacks were blocked based on IP
> address. 17 direct login attempts with blacklisted email addresses have
> been blocked. 7 brute force attacks and 70 complex attacks. All
> attackers want to remain anonymous.
However, blacklisting Tor exit nodes is usually not doing anything to
the attackers, because of the way Tor works.

E.g., one of the addresses that you blacklist is:
http://metrics.torproject.org/exonerator.html?ip=185.220.101.27&timestamp=2019-07-08&lang=en
a Tor exit node with probably heavy traffic of all kinds of people, most
of them probably legitimate visitors.
The malicious ones, esp. if they are expert or just more advanced, your
ban does pretty much nothing to them, because they can do so much more
than just change identity in the top right corner of Tor browser (which
means change who you appear to be to the website that you are visiting,
i.e. the exit node)...

So banning an exit node, which is what the CleanTalk probably does (no
time to investigate, but I think I saw some address with that name in
some instances when I tried visiting https://www.cinelerra-gg.org and
was banned, is just wrong thing to do...

Also there are FOSS captcha's available, way more benign to users, but I
have no time to search for links to those...

> I also prefer to surf the Internet
> anonymously as far as possible, but we use these protection techniques
> to protect ourselves and not to use our visitors for advertising
> purposes. These security tools help us spend our time on more important
> things, such as more time improving Cinelerra. I would love to do
> without such tools, but unfortunately this would make dynamic content of
> our users impossible.
> 
> I can add you manually. I'll send you an email


But whatever you use to counter spam and attacks is blacklisting exit
nodes that I used today as well.

[...]

> Sam

[...]



More information about the Cin mailing list