Hacker News new | past | comments | ask | show | jobs | submit login

I think blocking network access is the simplest fix. Just make the payor specify a whitelist. Email them the blocked attempts. You can run the white list checker on a c3a.large for a pretty big CI.



whitelist? A bit drastic for that minor nuisance. Block outbound to the crypto-miner servers is enough.


I am of the school of know and manage your dependencies. And it is really hard to block stuff with a black list. Especially when the opponent has money.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: