Sunil

Verified account

@IrootEren

Human exploiting machine logic 🛡️

127.0.0.1

Joined June 2025

289 Following

217 Followers

504 Posts

3 days ago

Short Answer IP-based rate limiting alone is not enough in production because attackers can rotate IPs using proxies, VPNs, or botnets. Real systems use layered protection across identity, gateways, behavior analysis, and distributed enforcement. System Design Perspective 1️⃣ Rate Limit by Identity, Not Just IP Attackers can easily bypass IP-based limits. Production systems also rate limit using: * User ID * API key * Auth token * Device fingerprint * Session ID 👉 Prevents abuse even when IPs change constantly. 2️⃣ Distributed Rate Limiting with Redis Single-server counters fail in distributed systems. Use centralized stores like: * Redis * DynamoDB * Distributed caches to maintain global request counters across all API servers. 👉 Ensures consistent enforcement at scale. 3️⃣ API Gateway Enforcement Rate limiting should happen before traffic reaches backend services. Common gateways: * Kong * NGINX * AWS API Gateway * Spring Cloud Gateway 👉 Blocks malicious traffic early and protects backend infrastructure. 4️⃣ Web Application Firewall (WAF) WAFs automatically detect: * Bot traffic * Malicious patterns * Layer 7 attacks * Suspicious request signatures Tools: * Cloudflare * AWS WAF * Akamai 👉 Adds another protection layer beyond application logic. 5️⃣ Behavior-Based Detection Bots behave differently from real users. Detect: * Sudden traffic spikes * Repeated request patterns * Invalid headers/tokens * Impossible user behavior 👉 Modern systems use anomaly detection and risk scoring. 6️⃣ Progressive Protection Instead of immediately blocking users: * Add CAPTCHA * Introduce temporary throttling * Require re-authentication 👉 Reduces false positives for legitimate users. Key Insight Production security relies on layered defenses, not a single rate-limiting rule. One-Line Interview Closer Modern APIs defend against distributed abuse using identity-based limits, distributed counters, gateways, WAFs, and behavioral detection systems.

0

0

0

0

6

3 days ago

Interviewer:"Attackers are bypassing your rate limiting by using multiple IP addresses. How would you protect your APl in production?

1

1

0

0

12

3 days ago

@Cristiano @selecaoportugal 🙌🙌

0

0

0

0

6

7 days ago

5 windows hacks: 1. Map connections to PID: netstat -abno 1 2. Hunt hidden persistence: Get-CimInstance -Namespace root\subscription -ClassName __EventConsumer 3. Dump cleartext Wi-Fi keys: netsh wlan show profile name="SSID" key=clear 4. Sniff traffic without Wireshark: netsh trace start capture=yes 5. Spot malicious child processes: Look for Event ID 4688 in Security Logs

0

1

0

0

30

7 days ago

go ahead, tap the windows logo 🟦🟦 🟦🟦

1

1

0

0

31

9 days ago

sudo sleep now 💤🥱

0

1

0

0

24

11 days ago

@shashank_sindhe Agree 💯

0

0

0

0

4

11 days ago

Correct Answer is C) 62. quick breakdown 👇 A /26 mask leaves 6 bits for hosts (32 - 26 = 6). Total addresses = 2^6 = 64. Subtract 2 for the Network ID and Broadcast address. 64 - 2 = 62 usable host addresses

11 days ago

Networking Question 👇🏽. Give it a try. How many usable host addresses are available in a network with the subnet mask /26? A) 30 B) 32 C) 62 D) 64

26

66

12

11

7K

0

2

0

0

43

11 days ago

DevOps cheat sheet 👇

IrootEren's tweet photo. DevOps cheat sheet 👇 https://t.co/DxqCJVPsT6

0

1

0

0

34

11 days ago

@shashank_sindhe Doing good, naruto has that classic fire energy. ✌️

0

1

0

0

8

11 days ago

Which one do you like ? Naruto Or Jujutsu Kaisen

IrootEren's tweet photo. Which one do you like ?

Naruto Or Jujutsu Kaisen https://t.co/yitrhoIz3c

1

2

0

0

34

12 days ago

IrootEren's tweet photo. @JohnCena https://t.co/NDgcmwlVK1

0

1

0

0

10

12 days ago

AI is creating a massive career shift - and most people still don’t see it. Companies are no longer hiring only coders. They’re hiring professionals who can manage: ✔ AI Risk ✔ Cyber Threats ✔ Compliance ✔ Model Governance ✔ Data Privacy ✔ Third-Party Technology Risk Because the biggest question today is not: ‘Can we build AI?’ It’s: ‘Can we trust and govern it safely?’ This is where the next generation of high-value tech careers is growing rapidly. And the best part? You don’t need to be a hardcore developer to enter this field. If you understand Risk + Cyber + AI Governance, you’ll stay relevant for the next decade.”

0

2

0

0

49

12 days ago

This isn’t a government ban - it’s a highly calculated, intentional psychological operation designed to brainwash Gen Z into blind anti-government hatred. They dropped a text tweet crying "dictatorship" because their website went down, but the technical backend data completely exposes their lie. They intentionally triggered this shutdown themselves from their own dashboard just to stage a fake crackdown for digital clout. Here is the exact technical proof of how they staged it: 1. The clientHold Self-Sabotage: Look at the WHOIS screenshots. The domain status is explicitly clientHold. In global network architecture (ICANN), a "client" status code means the action was pulled directly from inside their OWN Registrar panel. They intentionally changed their own settings or manually hit suspend from their internal dashboard to deliberately kill the site's routing. If a central agency or court actually legally seized or banned this domain, it would show a serverHold status. They are hiding behind a "client" status because THEY are the ones who pulled the plug. 2. Weaponizing Fake Narratives against Gen Z: This is deliberate digital propaganda. They know the average Gen Z kid won't look up a DNS record or understand backend architecture. They intentionally turned off their own nameservers, watched the error screen appear, and typed up a fake "censorship" narrative to manipulate youth frustration for political points. Stop running engineered victimhood operations to fool the youth. The network logs don't lie - you staged your own shutdown. 🤡🪳

IrootEren's tweet photo. This isn’t a government ban - it’s a highly calculated, intentional psychological operation designed to brainwash Gen Z into blind anti-government hatred.
They dropped a text tweet crying "dictatorship" because their website went down, but the technical backend data completely exposes their lie. They intentionally triggered this shutdown themselves from their own dashboard just to stage a fake crackdown for digital clout.
Here is the exact technical proof of how they staged it:
1. The clientHold Self-Sabotage:
Look at the WHOIS screenshots. The domain status is explicitly clientHold. In global network architecture (ICANN), a "client" status code means the action was pulled directly from inside their OWN Registrar panel.

They intentionally changed their own settings or manually hit suspend from their internal dashboard to deliberately kill the site's routing.
If a central agency or court actually legally seized or banned this domain, it would show a serverHold status. They are hiding behind a "client" status because THEY are the ones who pulled the plug.

2. Weaponizing Fake Narratives against Gen Z:
This is deliberate digital propaganda. They know the average Gen Z kid won't look up a DNS record or understand backend architecture. They intentionally turned off their own nameservers, watched the error screen appear, and typed up a fake "censorship" narrative to manipulate youth frustration for political points.
Stop running engineered victimhood operations to fool the youth. The network logs don't lie - you staged your own shutdown. 🤡🪳

IrootEren's tweet photo. This isn’t a government ban - it’s a highly calculated, intentional psychological operation designed to brainwash Gen Z into blind anti-government hatred.
They dropped a text tweet crying "dictatorship" because their website went down, but the technical backend data completely exposes their lie. They intentionally triggered this shutdown themselves from their own dashboard just to stage a fake crackdown for digital clout.
Here is the exact technical proof of how they staged it:
1. The clientHold Self-Sabotage:
Look at the WHOIS screenshots. The domain status is explicitly clientHold. In global network architecture (ICANN), a "client" status code means the action was pulled directly from inside their OWN Registrar panel.

They intentionally changed their own settings or manually hit suspend from their internal dashboard to deliberately kill the site's routing.
If a central agency or court actually legally seized or banned this domain, it would show a serverHold status. They are hiding behind a "client" status because THEY are the ones who pulled the plug.

2. Weaponizing Fake Narratives against Gen Z:
This is deliberate digital propaganda. They know the average Gen Z kid won't look up a DNS record or understand backend architecture. They intentionally turned off their own nameservers, watched the error screen appear, and typed up a fake "censorship" narrative to manipulate youth frustration for political points.
Stop running engineered victimhood operations to fool the youth. The network logs don't lie - you staged your own shutdown. 🤡🪳

IrootEren's tweet photo. This isn’t a government ban - it’s a highly calculated, intentional psychological operation designed to brainwash Gen Z into blind anti-government hatred.
They dropped a text tweet crying "dictatorship" because their website went down, but the technical backend data completely exposes their lie. They intentionally triggered this shutdown themselves from their own dashboard just to stage a fake crackdown for digital clout.
Here is the exact technical proof of how they staged it:
1. The clientHold Self-Sabotage:
Look at the WHOIS screenshots. The domain status is explicitly clientHold. In global network architecture (ICANN), a "client" status code means the action was pulled directly from inside their OWN Registrar panel.

They intentionally changed their own settings or manually hit suspend from their internal dashboard to deliberately kill the site's routing.
If a central agency or court actually legally seized or banned this domain, it would show a serverHold status. They are hiding behind a "client" status because THEY are the ones who pulled the plug.

2. Weaponizing Fake Narratives against Gen Z:
This is deliberate digital propaganda. They know the average Gen Z kid won't look up a DNS record or understand backend architecture. They intentionally turned off their own nameservers, watched the error screen appear, and typed up a fake "censorship" narrative to manipulate youth frustration for political points.
Stop running engineered victimhood operations to fool the youth. The network logs don't lie - you staged your own shutdown. 🤡🪳

Cockroach is Back

@Cockroachisback

13 days ago

The government has taken down our iconic website - https://t.co/vUpauZpapY. 10 Lakh cockroaches had signed up on our website has members. 6 Lakh cockroaches had signed a petition to demand the resignation of Dharmendra Pradhan. Why is the government so scared of cockroaches? But this dictatorial behaviour is opening the eyes of India's youth. Our only crime is we were demanding a better future for ourselves. But you can't get rid of us that easily. We’re working on a new home right now. Cockroaches never die. 🪳

346

7K

2K

85

172K

0

2

1

1

77

12 days ago

CJP ?

0

0

0

0

37

12 days ago

@meyonte3 this T2 phage looks like straight up sci-fi robot

0

0

0

1

77

12 days ago

Which option is best suited for beginners? Ubuntu Fedora Arch Linux Mint Linux

0

1

0

0

106

13 days ago

RCSA is one of the most powerful tools in risk management. And also one of the most misunderstood. Most assessments focus on completion: “Was the process followed?” But the real question is: “Did we actually identify the risk?” A well-documented RCSA can still miss: • Emerging risks • Cross-functional dependencies • Control effectiveness gaps Because risk doesn’t sit neatly within processes. RCSA should not be a checklist exercise. It should challenge assumptions, expose weaknesses, and drive uncomfortable but necessary conversations. If your RCSA is always smooth… it’s probably not surfacing the real risks.

0

1

0

0

39

Last Seen Users on Sotwe

Trends for you

Most Popular Users