Comment by brian_cunnie

11 hours ago

I typically get a takedown notice a couple times a week, usually from my registrar (Namecheap) or from Netcraft, about 100 so far.

I keep a public (transparent) list of takedowns, on a public repo on GitHub. The commit messages are the logs. [0]

I have a way to dispute: raise a GitHub issue. I've only had two people dispute: one was legit, and I unblocked him, and the other ran a WordPress site which he didn't know was compromised. I did not unblock him. [1]

Please don't judge me harshly for honoring the takedowns immediately, but I do so because the remedy is simple: register your own domain, and don't rely on my nip.io / sslip.io service (which maps IP addresses to hostnames as a convenience for developers, e.g. 127.0.0.1.nip.io → 127.0.0.1).

Dealing with takedown requests is the least pleasant aspect of running FOSS project. I want to spend my free time coding, not blocking phishers, scammers, and grifters.

[0] https://github.com/cunnie/sslip.io-blocklist [1] https://github.com/cunnie/sslip.io/issues/100

1 comment

brian_cunnie

Reply
_the_inflator  1 hour ago

Thanks a lot my friend! You saved my day in reminding me to include blocklists on my server respectively block more aggressively.

I got so much inbound traffic from malicious actors, my fail2ban blocking needs serious attention.

Thanks, mate!