Black Fedora

@blackfedora

Black Fedora

Joined April 2022

About

Nothing here yet.

Available for

chatting through the challenges with protecting the systems from abuse. Hit me up on twitter to email or "hi at blackfedora.dev".

Black Fedora's blogs

Anti-Abuse for Developersblackfedora.dev6 posts

Articles Comments

Recently published

BFBlack Fedorablackfedora.devApr 30, 2022 · 6 min read

🔑 Password attack types and mitigation strategies

In this post we are going to talk about different password attacks. Knowing how to attack it will help us to propose a defense solution. In general there is 2 main ways we can get a username and a password. We can either guess them or steal them. Bef...

0

BFBlack Fedorablackfedora.devApr 6, 2022 · 3 min read

🔄 How to close the feedback loop on an attacker

When we discussed adversarial cycle we mentioned that defending the system is a fundamentally unsolvable problem, because it's an infinite game. Our task, however, is not to win it but "tip the economics" in our favor. By that I mean trying to create...

0

BFBlack Fedorablackfedora.devApr 5, 2022 · 3 min read

Apache: Restrict access by IP address

Keep in mind that this is a static configuration, which is not very effective against adversarial attacks when an attacker constantly changes their tactics. This guide does not cover managing .htaccess file. Locating config files Before applying the ...

0

BFBlack Fedorablackfedora.devApr 2, 2022 · 2 min read

HAProxy: Restrict access by IP address

Keep in mind that this is a static configuration, which is not very effective against adversarial attacks when an attacker constantly changes their tactics. By default HAProxy configuration file is located at /etc/haproxy/haproxy.cfg. To block a sing...

1

J

BFBlack Fedorablackfedora.devApr 2, 2022 · 2 min read

NGINX: Restrict access by IP address

Keep in mind that this is a static configuration, which is not very effective against adversarial attacks when an attacker constantly changes their tactics. Denylisting (that's what NGINX calls it) is done through ngx_http_access_module, which provid...

0

Black Fedora

About

Available for

Black Fedora's blogs

Recently published

🔑 Password attack types and mitigation strategies

🔄 How to close the feedback loop on an attacker

Apache: Restrict access by IP address

HAProxy: Restrict access by IP address

NGINX: Restrict access by IP address

Search Hashnode

Black Fedora

About

Available for

Black Fedora's blogs

Recently published

🔑 Password attack types and mitigation strategies

🔄 How to close the feedback loop on an attacker

Apache: Restrict access by IP address

HAProxy: Restrict access by IP address

NGINX: Restrict access by IP address