Protect from malicious report submission #88

anadahz · 2016-06-02T04:31:40Z

We should find a way to protect from intentionally or unintentionally malicious report submission that could saturate ooni-backend resources and end-up unable to process new reports requests.
#87 could possibly help to counteract this problem and the current issue could help to solve ooni/pipeline#27 .

willscott · 2016-06-06T16:00:52Z

We can do an initial sanity check when using a domain-fronted collector to make sure reports are being submitted from the general location where they claim to be made.

Beyond that, i think we need to initially save stuff and look for unexplained spikes in activity after the fact to identify malicious reports (similar to how tor watches for bad relays coming on line)

anadahz · 2016-06-06T17:52:56Z

Ref. example: https://lists.torproject.org/pipermail/ooni-operators/2016-June/000003.html

hellais · 2024-12-09T18:28:14Z

Superseeded by #897

hellais added the ooni/backend Issues related to https://github.com/ooni/backend label Jan 13, 2020

bassosimone self-assigned this Sep 14, 2020

bassosimone added the priority/low label Sep 25, 2020

bassosimone assigned FedericoCeratto and unassigned bassosimone Jul 5, 2021

hellais closed this as completed Dec 9, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Protect from malicious report submission #88

Protect from malicious report submission #88

anadahz commented Jun 2, 2016

willscott commented Jun 6, 2016

anadahz commented Jun 6, 2016

hellais commented Dec 9, 2024

Protect from malicious report submission #88

Protect from malicious report submission #88

Comments

anadahz commented Jun 2, 2016

willscott commented Jun 6, 2016

anadahz commented Jun 6, 2016

hellais commented Dec 9, 2024