← Back to context

Comment by os2warpman

7 months ago

Anyone can sue anyone else for any reason.

This is what trips me up:

>On my server, I've added a middleware that checks if the current request is malicious or not.

There's a lot of trust placed in:

>if (ipIsBlackListed() || isMalicious()) {

Can someone assigned a previously blacklisted IP or someone who uses a tool to archive the website that mimics a bot be served malware? Is the middleware good enough or "good enough so far"?

Close enough to 100% of my internet traffic flows through a VPN. I have been blacklisted by various services upon connecting to a VPN or switching servers on multiple occasions.

2 comments

os2warpman

Reply
immibis  7 months ago

Yes.

A user has to manually unpack a zip bomb, though. They have to open the file and see "uncompressed size: 999999999999999999999999999" and still try to uncompress it, at which point it's their fault when it fills up their drive and fails. So I don't think there's any ethical dilemma there.

  • wing-_-nuts  7 months ago

    For some reason I was under the impression that browsers had the ability to transparently decompress certain archive formats? I may be thinking of less and gzip though