Wafris
@wafrisorg
Followers
226
Following
2
Media
20
Statuses
57
Wafris is the open-source Web Application Firewall that works with your web framework to protect your sites from dark traffic, intrusions, and attacks.
Your Web Framework
Joined October 2022
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Apple
• 425741 Tweets
Lakers
• 69727 Tweets
renjun
• 41984 Tweets
Dan Hurley
• 39033 Tweets
Siri
• 36916 Tweets
Thug
• 35177 Tweets
Benin
• 31779 Tweets
UConn
• 30726 Tweets
Malawi
• 26465 Tweets
Ubisoft
• 23124 Tweets
Super Eagles
• 21229 Tweets
PREVIEW TRES DE FEBRERO
• 20581 Tweets
OpenAI
• 20248 Tweets
iPhone 15
• 19227 Tweets
Semih
• 18308 Tweets
Arda
• 16924 Tweets
Samantha
• 16517 Tweets
Tomlin
• 15867 Tweets
Finidi George
• 15606 Tweets
iOS 18
• 15409 Tweets
Kerem
• 14465 Tweets
Airbnb
• 12925 Tweets
$CROAK
• 12608 Tweets
Ronnie
• 10825 Tweets
Vision Pro
• 10464 Tweets
We're trying to make managing the security of your web apps as automatic as possible. One way we accomplish that is with rulesets: collections of rules specific to threats, frameworks, and goals.
1
1
7
A small sample of some of the rules we put in place for a site that was getting hit with tons of bot/probe traffic.
0
1
5
We analyzed the traffic of one of our beta users after they put Wafris on their production site.
- 50% AI Bots scraping the site
- 35% SEO Bots scraping the site
- 15% Legit traffic
0
1
4
We're really excited to be heading out to RailsWorld next week and are bringing gifts for everybody.
1
1
3
We just published a new guide on how to better configure Redis for your Wafris instance.
Get your 𝚖𝚊𝚡𝚖𝚎𝚖𝚘𝚛𝚢-𝚙𝚘𝚕𝚒𝚌𝚢 𝚟𝚘𝚕𝚊𝚝𝚒𝚕𝚎-𝚝𝚝𝚕 on.
0
1
3
0
0
3
How bad are bot probes?
We brought a new site up on Wafris, and out of the first 30 IP addresses to connect to it, 25 were malicious bots.
0
1
3
Can you tell what this bot is doing? (see screenshot)
Answer: it’s a bot using 🇨🇳 Chinese proxy servers, probing for compressed, manually backed-up copies of the site that are kept on the server.
Backups that might have API keys, ENV files, or other high-value targets.
0
0
2
It’s essential to recognize that bots going directly for the jugular aren’t playing around but exhibiting direct hostile intent.
Here, the second screenshot shows where a single bot (proxied through the US, UK, and Latvia) is ripping through 27 exploits in 3 seconds.
3/3
0
0
0
Seems like a good time to announce publicly that we're going to have our Laravel client out very soon (we're still looking for some more beta testers) and are working on a Pulse card for it.
Introducing Laravel Pulse. 💓
Pulse delivers at-a-glance insights into your production application's performance and usage. Track down slow jobs and endpoints, find your most active users, and more.
Next week on GitHub. A gift from Laravel to you.
142
505
3K
0
0
2
@rskopecek
@_swanson
Yeah, that's pretty much the case across the board for "public" sites, API/backend sites see fewer (but often more concerning attacks). One of our early users saw a 95% bandwidth savings as their site was so ridden with bots.
0
0
1
Why do bots request random seeming images, js and CSS files on your site? (And they do; go look in your logs).
They released free/open source themes into the wild that contain backdoors and exploits.
The requests identify sites with the compromised themes.
0
2
1
0
0
2
🤖 Bots are learning too quickly. They now scrape for domains, names, and emails to enhance their probing abilities.
Here's a screenshot (from our dashboard) of a 🇨🇳 Chinese bot (based on path requests) making proxied requests through a 🇹🇷 Turkish IP.
1/2
1
0
1
@DouTatsu
We’re pretty close. Want to wrap up some things before fully turning on self service. Two weeks tops but are trying to have it done this week.
1
0
1
How to spot fakes? One of the easiest ways is to check the "age" of the browser version, given that most are now constantly updated, and older versions stick out. Then there's this Chinese botnet (see screenshot)
0
0
1