九维我操你爹
#PSA #Cloudflare 如果你使用 Cloudflare 的自助服务(没有签订任何 Enterprise 合同),并购买了任何 Cloudflare 按量付费的服务(例如 Tired Cache、Argo Smart Routing、Image Optimization、Video Delivery、IPFS Gateway),请立刻退订这些服务。Cloudflare 自带的 DDoS 防御(在不自己编写任何 Custom Rules 的情况下)如同厕纸一样一捅就破,并且 Cloudflare 会给你邮寄将近 3 万 5 千 USD 的账单:
https://fxtwitter.com/isukkaw/status/1846950005745340807
FxTwitter / FixupX
Sukka / 毛绒绒的大尾巴🦊 (@isukkaw)
Sukka / 毛绒绒的大尾巴🦊 (@isukkaw)
This is how @Cloudflare claims they will give you unlimited DDoS protect for free.

The truth is, if your Cloudflare-protected website gets hit by DDoS and you happen to purchase their addon, @Cloudflare will charge you for 34,489.9 USD.

Quoting 欧式fifty…
PSA Cloudflare
[#PSA] Telegram 官方 macOS Swift 客户端会对随机的、不属于 Telegram 的 IP 的 443 端口进行 TCP 握手。随机 IP 没有规律、有时甚至会尝试向不存在的 IP(如图中的 0.36.205.8 )发起 TCP 握手。

https://github.com/overtake/TelegramSwift/issues/1060

建议使用防火墙拦截上述的随机 TCP 连接,Surge for Mac 用户可以使用下述规则拦截:


# Telegram 域名
RULE-SET,https://ruleset.skk.moe/List/non_ip/telegram.conf,[replace with your policy name],extended-matching
# Telegram 官方在 https://core.telegram.org/resources/cidr.txt 列出的 Telegram IP 段
RULE-SET,https://ruleset.skk.moe/List/ip/telegram.conf,[replace with your policy name]
# 非官方收集的 Telegram ASN 列表
RULE-SET,https://ruleset.skk.moe/List/ip/telegram_asn.conf,[replace with your policy name]
# 静默丢弃 Telegram 客户端发起的、目标非 Telegram 域名和 IP 的其他连接
PROCESS-NAME,Telegram,REJECT-DROP
GitHub
[Bug] Telegram macOS (Swift version) often connects to random IPs that doesn't belongs to Telegram · Issue #1060 · overtake/TelegramSwift
As shown in the screenshot above, the Telegram Swift is trying to connect to random IPs' 443 port. This also includes an invalid IP 0.36.205.8. And here are more screenshots:
PSA
 
 
Back to Top