Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wouldn't the attack on github not have resulted in any traffic spikes from China? If the DDOS scripts are injected into browsers viewing Chinese content outside the firewall/canon, the traffic spikes would be distributed from all over the globe where ever there are Chinese expats


That's correct. I work at a company in the US, and visitors to our website were giving the "Malicious Script" alert because we had Baidu analytics installed. Defending against this is much more nuanced than just blocking all traffic from China.


I'm curious what prompted installing Baidu analytics in the first place.


So block the Baidu analytics CDN and call it a day?


That would work, assuming there isn't a workaround. If they were really serious about the attack, though, it's easy to imagine ways around that, especially if you add the possibility of browser caching and exploits in the injected script.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: