403 Forbidden

Posted Aug 1, 2025 0:54 UTC (Fri) by cesarb (subscriber, #6266)
In reply to: 403 Forbidden by ttuttle
Parent article: Garrett: Secure boot certificate rollover is real but probably won't hurt you

> what country were you connecting from?

Brasil. I tried, in two different devices, from the ISPs with ASNs 28665 and 26599. I have seen other complaints about it, for instance at https://mastodon.social/@graydon@types.pl/114694935858208831 "[...] it looks like dw is geoblocking several countries now for spam mitigation [...]"

403 Forbidden

Posted Aug 1, 2025 2:36 UTC (Fri) by corbet (editor, #1) [Link] (3 responses)

Spam mitigation - but there is also a lot of scraperbot traffic that comes from Brazil. There are lot of sites engaging in that sort of wide-range blocking in an attempt to avoid being completely overwhelmed.

403 Forbidden

Posted Aug 1, 2025 12:01 UTC (Fri) by hmh (subscriber, #3838) [Link] (2 responses)

AFAIK, we have a very large (criminal) botnet in Brazil, mostly made up of compromised android-tv boxes (and/or dubious applications people install on those), plus the usual IoT slop. There are lots of compromised old computers, too, and maybe cellphones.

These botnet nodes are operated as for-hire "home access" proxies by the criminal organizations that control them (as well as all other services a criminal botnet usually provides, such as DDoS) -- and get rented by middleman shady companies, which are themselves hired "no questions asked" by the less savory data scrappers (lots of lesser "AI" companies among them).

This whole deal involves a lot of crimes (as far as Brazilian law is concerned), but laws that are too hard to be enforced in practice are of little help. Note that almost always the botnet gangs, the middleman companies, and any companies using their services are *NOT* Brazilian in the first place, which makes prosecuting them even harder: typically the only Brazilians involved are the owners of the compromised devices (and the vast majority would be considered victims).

BTW, I had no issues accessing mjg49's site from my mobile phone or from home yesterday, but right now it cannot be accessed from work, which has its own ASN and IP allocation (and it is a heavily monitored network). So, it really looks like some sort of partial geo-blocking is taking place.

403 Forbidden

Posted Aug 1, 2025 12:18 UTC (Fri) by hmh (subscriber, #3838) [Link] (1 responses)

Hmm, just for the record: I allowed Firefox to load and run JS from "awsaf.com", and it allowed access to mjg's site even from work. I do not know if this requirement is selective or not, but looks easy enough for real people using full browsers to access the content.

403 Forbidden

Posted Aug 1, 2025 21:57 UTC (Fri) by cesarb (subscriber, #6266) [Link]

> Hmm, just for the record: I allowed Firefox to load and run JS from "awsaf.com", and it allowed access to mjg's site even from work.

Now *that's* interesting.

The article page itself has no "awsaf.com" JS at all (it's a pure HTTP-level 403), but going to the root (https://mjg59.dreamwidth.org/) *does*. Temporarily unblocking that JS and letting it run made the 403 on the article page disappear, and the content is now there as expected.

So it's just a non-obvious trap: to see the article, you must first go to the home page, with JS temporarily unblocked, and that will release the block on everything else. No way I would guess that (if I had seen the "awsaf.com" JS on the article page, I'd have temporarily unblocked it right there and it would've been fine).

403 Forbidden

Posted Aug 1, 2025 3:53 UTC (Fri) by rsidd (subscriber, #2582) [Link]

For me too (India). I don't see this commonly.