[Cin] [CinCV TNG] about Cin-GG
Sam
cinelerra at posteo.de
Wed Jul 10 17:28:20 CEST 2019
Hi Matheu,
Thank you for that information. I wasn't even aware that this problem
existed. CleanTalk seems to be the cause of this problem. I will look
for ways to find a solution. I can't promise to find a solution
immediately, it will certainly take some time and testing. I will open a
ticket and try to solve this problem after my vacation.
Sam
On 10.07.19 17:12, matheu wrote:
> Hi!
>
> Sam:
>> Hi Matheu,
>>
>> I'm sorry you had trouble subscribing to the mailing list.
>>
>> I can disable all the security mechanisms, but as a result we have more
>> work with all the manual cleanups caused by spammers. We are exposed to
>> many spam attacks every day and use existing protection mechanisms to
>> protect ourselves and our community from such attacks. Here are some
>> numbers about spam, last weeks 2786 attacks were blocked based on IP
>> address. 17 direct login attempts with blacklisted email addresses have
>> been blocked. 7 brute force attacks and 70 complex attacks. All
>> attackers want to remain anonymous.
> However, blacklisting Tor exit nodes is usually not doing anything to
> the attackers, because of the way Tor works.
>
> E.g., one of the addresses that you blacklist is:
> http://metrics.torproject.org/exonerator.html?ip=185.220.101.27×tamp=2019-07-08&lang=en
> a Tor exit node with probably heavy traffic of all kinds of people, most
> of them probably legitimate visitors.
> The malicious ones, esp. if they are expert or just more advanced, your
> ban does pretty much nothing to them, because they can do so much more
> than just change identity in the top right corner of Tor browser (which
> means change who you appear to be to the website that you are visiting,
> i.e. the exit node)...
>
> So banning an exit node, which is what the CleanTalk probably does (no
> time to investigate, but I think I saw some address with that name in
> some instances when I tried visiting https://www.cinelerra-gg.org and
> was banned, is just wrong thing to do...
>
> Also there are FOSS captcha's available, way more benign to users, but I
> have no time to search for links to those...
>
>> I also prefer to surf the Internet
>> anonymously as far as possible, but we use these protection techniques
>> to protect ourselves and not to use our visitors for advertising
>> purposes. These security tools help us spend our time on more important
>> things, such as more time improving Cinelerra. I would love to do
>> without such tools, but unfortunately this would make dynamic content of
>> our users impossible.
>>
>> I can add you manually. I'll send you an email
>
> But whatever you use to counter spam and attacks is blacklisting exit
> nodes that I used today as well.
>
> [...]
>
>> Sam
> [...]
>
More information about the Cin
mailing list