Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

coordinate site list with other projects #6

Open
droopy4096 opened this issue Feb 28, 2022 · 9 comments
Open

coordinate site list with other projects #6

droopy4096 opened this issue Feb 28, 2022 · 9 comments

Comments

@droopy4096
Copy link

see erkexzcx/stoppropaganda#35 and https://github.com/droopy4096/agressor-sites .

JS can point to those JSON files for sources instead of CSV file thus making it easy to broaden the surface across apps
@droopy4096
Copy link
Author

will likely need a way to rollback to some other location in case central location is down

@nkahoang
Copy link
Contributor

@droopy4096 Thanks for that.

We would like to make it CSV so that it's easier for people to contribute (as JSON is a bit more technical for some, in our opinion. We know we are on GitHub but still).

Please feel welcome to add in your contribution to add additional sources, for example and we will review + merge.

@droopy4096
Copy link
Author

we can have both. and recompile into JSON

@droopy4096
Copy link
Author

you have have "additional" sources local to project in CSV and reference external "base" lists. expand blast radius :)

@Yneth
Copy link

Yneth commented Mar 2, 2022

I have created an API, it can be updated if needed, currently contains url and priority
http://164.92.247.88:9300/victims

working on adding ip

@nkahoang
Copy link
Contributor

nkahoang commented Mar 3, 2022

Hi @Yneth ,

Thanks for doing that. My suggestion is that doing so as an API might not be a great idea due to the following reasons:

  1. If you build an API that requires backend processing, then your backend will become a target itself. Worse, if there are many users querying your endpoint ended up being the first that receives all of the traffic. That's why the list should be a static file, either .json or .csv and being hosted statically, cached on a CDN.
  2. You are exposing an IP without a domain, firstly it's not safe since you are exposing your service IP directly.
  3. You are using HTTP which is not safe. Also for all web context within HTTPS (such as what we are using at https://stopwarnow.github.io/), we can't connect to your API being it on http.

@Yneth
Copy link

Yneth commented Mar 15, 2022

@nkahoang sure you are correct.
I did not have time to configure everything you mentioned.
It can be easily implemented via GCP CDN

@Yneth
Copy link

Yneth commented Mar 15, 2022

@nkahoang in a way, that I would deploy every N minutes a fresh target list,
triggering CDN cache invalidation

@Yneth
Copy link

Yneth commented Mar 15, 2022

moreover, it is possible to go as is.
with simple modifications like new server with nginx as a proxy for my service.
and a backup list of targets stored somewhere on github in case of DDoS of my API

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nkahoang @droopy4096 @Yneth