Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

They literally proxy your website? I thought they'd cache it... that makes more sense now in your statement that you hit their website with a specially formatted url. Since they pass that through to you you can filter on that.

Also: since you say 4k-5k IPs... any of them from cloud providers? And specific location?



No cloud providers as far as I'm aware.

They were all from the same 4-5 ASN networks, all based in Russia.


If you happen to use Cloudflare.... Cloudflare -> Firewall rules -> Russia JS Challenge (or block)


Residential proxy botnet.


Why do they bother doing this domain proxy stuff in the first place?


High quality content with a good standing in Google => unique and quality impressions => more revenue from the ads they insert in the content.


There is also the potential to use it as a watering hole for more sophisticated or subversive measures where they subtly change what you post to promote something you don't actually promote (so at some point they deviate from pure proxy to mitm).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: