Comments on postSqreen API
Jice Lavocat
@jice_lavocat · Founder at Elokenz
Hi Sqreen / Don, This API seems so useful... thanks for the release. Just to clarify a bit more, what's the 'risk_score' exactly? If I want to implement the API on my site and block real bad guys, is there a suggested threshold? Or should I block anyone above 0?
Don Goodman-Wilson
@degoodmanwilson · DevRel @ Sqreen 🇫🇷
@jice_lavocat Thanks for the question. This is our own subjective analysis of whether you should trust this address to behave nicely. It ranges from 0 to 100. I would start flagging addresses at around 50 or so, and outright banning at 80. Scores of 10–30 are usually nothing to worry about, but might be worth keeping tabs on as they use your app. I'll update the documentation to reflect this—thanks for the feedback!
Pierre Betouin
@pbetouin · Co-founder & CEO, Sqreen
@degoodmanwilson @jice_lavocat Risk score is dynamically computed from IP properties (TOR, Open Proxy, ...), Date/Time, and attacks detected by our community. If an attack is detected from this source, attack type, duration, intensity are taken into account to raise the risk score accordingly. For instance, a source performing basic security scan will have a lower risk score than a source performing account takeover attacks or stressing web applications to look for SQL injections.
Jice Lavocat
@jice_lavocat · Founder at Elokenz
@pbetouin @degoodmanwilson Thanks for the answer. Alright, so banning at 80... I'll use that.