zlacker

[parent] [thread] 4 comments
1. supafa+(OP)[view] [source] 2023-12-18 13:26:04
After building a free-for-all prompt myself (see profile), here’s how I protect against these attacks:

1. Whatever they input gets rewritten in a certain format (in our case, everything gets rewritten to “I want to read a book about [subject]”)

2. This then gets evaluated against our content policy to reject/accept their input

This multi layered approach works really well and ensures high quality content.

replies(2): >>supafa+t6 >>KomoD+tQ
2. supafa+t6[view] [source] 2023-12-18 13:54:06
>>supafa+(OP)
lol, after posting this I immediately got several attempts to break it. feel free to try - I will send a free book to anyone who can break it.
replies(1): >>zestyp+Vu1
3. KomoD+tQ[view] [source] 2023-12-18 17:17:43
>>supafa+(OP)
Sure you protect against that, but someone can also just send spam emails containing HTML since you don't sanitize it in any way.

1. get email list

2. write the prompt to be some spam email using HTML

3. use a captcha solving service and just flood your API, sending thousands of spam emails, destroying your mail reputation and possibly getting you banned from mailjet, for the low low price of a few dollars.

possibly worth fixing

replies(1): >>supafa+FW
◧◩
4. supafa+FW[view] [source] [discussion] 2023-12-18 17:45:33
>>KomoD+tQ
yep, good point, I do need to sanitize the email. I do have bot detection and throttling enabled so not super worried about the email flooding. thanks for testing, you deserve a book!
◧◩
5. zestyp+Vu1[view] [source] [discussion] 2023-12-18 20:36:23
>>supafa+t6
What constitutes breaking?
[go to top]