You are not logged in.

#1 2025-01-11 5:54 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,088

False positives on all email checks - Jan 11, 2025

Due to a code logic bug in background processing, a string was erroneously allowed to be added to the "part string" domain blacklist.  This list contains partial domain names for when bad actors use random subdomains, such as 7f8a.mycasino.sites 5557.mycasino.sites etc.  This allows the API to treat all subdomains as if they were blacklisted by adding "mycasino.sites" to the partial string blacklist.

Due to the way that the API code (typescript) does substring matches, if the substring is empty then a compare will return true.  I won't go into how or why this shouldn't happen but it did and it's entirely my fault

Once I was alerted then I fixed this as quickly as I could.  It took about 2 minutes to find the problem and another to push out the updated blacklist strings without the blank string, and the API stopped returning blacklisted domains for all emails.  This was happening for a couple of hours before it was reported.

Two fixes were made to stop this happening again
1 - The code the takes the strings from the database and pushes them to the API has been updated to reject all partial domain strings of fewer than 4 characters.
2 - The database has two new triggers that mandate correct string length by testing the string length on insertion and updating.  The database now cannot take a string that would trigger this problem

I know that no amount of apologizing is enough but I'm hoping that the good will built up over the last 17 years will go some way.  Code issues like this have been few and far between.  No system is perfect and I know that I certainly aren't

Offline

#2 2025-01-11 12:53 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,444
Website

Re: False positives on all email checks - Jan 11, 2025

Thanks for such fast action, pedigree.

Offline

Board footer

Powered by FluxBB

Close
Close