🧮 USERS:1 FEEDS:2 TWTS:1207 ARCHIVED:83421 CACHE:2846 FOLLOWERS:17 FOLLOWING:14
No more stupid little DDoS(s) from fucking China now 🤣
No more stupid little DDoS(s) from fucking China now 🤣 ⌘ Read more
**(#cmttsmq) Note for reference I was trying to write and fix this rule (fixed version below):
# Ignore Content-Type restrictions for Git
S ...**
Note for reference I was trying to write and fix this rule ( _fixed version below_):
SecRule REQUEST_HEADERS:Host “@streq git.mills.io” “id:101,phase:1,t:none,nolog,ctl:ruleRemoveById=920420”
⌘ [Read more](https://twtxt.net/twt/n4ipixa)
(#cmttsmq) Notably the custom operator @lookupASN
Notably the custom operator @lookupASN ⌘ Read more
(#cmttsmq) I’ll try to add a README for caddy-waf soon™ (going back to bed now) at least document the customizations I’ve made to this WAF ( …
I’ll try to add a README for caddy-waf soon™ ( going back to bed now) at least document the customizations I’ve made to this WAF ( which I forked from caddy-coraza) ⌘ Read more
**(#cmttsmq) This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build \
--with github.com/caddy-dns/cloudflare \
...**
This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build
--with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/cache-handler \
--with git.mills.io/prologic/caddy-ratelimit \
--with git.mills.io/prologic/caddy-waf
proxy-1:~#
⌘ [Read more](https://twtxt.net/twt/dokh7ca)
**(#cmttsmq) Ahh fuck! Sorry I was fixing a rule 🤣 This is much better!
proxy-1:~# grep -c 'Bad ASN' /var/log/caddy/caddy.log
2441
```**
Ahh fuck! Sorry I was fixing a rule 🤣 This is **much** better!
proxy-1:~# grep -c ‘Bad ASN’ /var/log/caddy/caddy.log
2441
”` ⌘ Read more
**(#cmttsmq) @bender@bender Yes they are rather large 🤣 Here you go:
proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
# CHINANET-BACKBONE No. ...**
[@bender](https://twtxt.net/user/bender/) Yes they are rather large 🤣 Here you go:
proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
CHINANET-BACKBONE No.31,Jin-rong Street, CN Why: DDoS4134
CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN Why: DDoS4837
CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN Why: DDoS9808
FACEBOOK, US Why: Bad Bots32934
proxy-1:~ … ⌘ Read more
**(#cmttsmq) @bender@bender AS Number):
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under …**
@bender AS Number:An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet.[ … ⌘ Read more
Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)
Cool! 😎 So I can now block ASN(s) 🤣 ( And I bet no-one noticed anything) ⌘ Read more
(#dzdazga) @kat I love blue 🤣
@kat @yarn.girlonthemoon.xyz I love blue 🤣 ⌘ Read more
(#4haff4q) @aelaraji Still in my cache 🤣
@aelaraji @aelaraji.com Still in my cache 🤣 ⌘ Read more
(#dzdazga) @aelaraji Bahahaha, you know where the default theme lives 🤣 PRs welcome!
@aelaraji @aelaraji.com Bahahaha, you know where the default theme lives 🤣 PRs welcome! ⌘ Read more
It’s nice to see that some Crawlers actaully respect rate limits and respect a 429 Too many requests response 👌 Thank you Google! 🙌 …
It’s nice to see that some Crawlers actaully respect rate limits and respect a 429 Too many requests response 👌 Thank you Google! 🙌 
⌘ Read more
@bmallred@staystrong.run did you rotate your twtxt file or something happened to your twts? 🤔 asking just in case…
(#axb3ekq) @bender@bender So you mean, get failtb2n to look at my Caddy audit logs for violations and then just block at the firewall level f …
@bender So you mean, get failtb2n to look at my Caddy audit logs for violations and then just block at the firewall level for repeated violations? 🤔 ⌘ Read more
(#oktfrhq) @kat token will still be valid 👌
@kat @yarn.girlonthemoon.xyz token will still be valid 👌 ⌘ Read more
(#a46vupa) @kat 🙌
@kat @yarn.girlonthemoon.xyz 🙌 ⌘ Read more
(#n57rgiq) @kat Yeah that’s what the admin function does. Normal user password reset is different but requires working email 🤣
@kat @yarn.girlonthemoon.xyz Yeah that’s what the admin function does. Normal user password reset is different but requires working email 🤣 ⌘ Read more
(#nww6fla) @kat Speaking of KVM, Tiny Pilot and Jet KVM look really good!
@kat @yarn.girlonthemoon.xyz Speaking of KVM, Tiny Pilot and Jet KVM look really good! ⌘ Read more
(#uxttbva) @kat It’ll be whatever the actual server’s time zone is.
@kat @yarn.girlonthemoon.xyz It’ll be whatever the actual server’s time zone is. ⌘ Read more
(#uwd4atq) @kat Temporally change the admin account on your pod to another account. Then login with that and reset the password on your main acc …
@kat @yarn.girlonthemoon.xyz Temporally change the admin account on your pod to another account. Then login with that and reset the password on your main account. ⌘ Read more
(#tokn7wa) What didn’t work? Hmmm 🤔
What didn’t work? Hmmm 🤔 ⌘ Read more
(#tv6ifoa) Hmm? 🤔
Hmm? 🤔 ⌘ Read more
(#cn5kamq) @seabirdie@seabirdie 👋 Welcome to Yarn.social 🙌
@seabirdie @yarn.girlonthemoon.xyz 👋 Welcome to Yarn.social 🙌 ⌘ Read more
(#tpykhda) @kat Haha 🤣
@kat @yarn.girlonthemoon.xyz Haha 🤣 ⌘ Read more
(#boohdlq) Also yarnd supports video too 🤣
Also yarnd supports video too 🤣 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1206 ARCHIVED:83381 CACHE:2835 FOLLOWERS:17 FOLLOWING:14
(#boohdlq) @kat Thanks! I built my own video hosting platform too but not nearly as fancy as what you use 🤣
@kat @yarn.girlonthemoon.xyz Thanks! I built my own video hosting platform too but not nearly as fancy as what you use 🤣 ⌘ Read more
(#t4bkusa) 👋 Welcome to Yarn.social 🙌
@ @yarn.girlonthemoon.xyz 👋 Welcome to Yarn.social 🙌 ⌘ Read more
(#axb3ekq) @bender@bender Wre I’m talking about Web right? 🤣
@bender Wre I’m talking about Web right? 🤣 ⌘ Read more
(#buvh2sa) @aelaraji Nice! 🙌
@aelaraji @aelaraji.com Nice! 🙌 ⌘ Read more
(#tw5ulrq) @bender@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up …
@bender you’re right the scale wasn’t that large, but analyzing the logs. It definitely was a detox attack. 🤣 I woke up this morning to see six other small spikes like this which I’ll have to analyze later tonight… ⌘ Read more
(#tw5ulrq) @movq Yes
@movq @www.uninformativ.de Yes ⌘ Read more
(#boohdlq) @kat What do you use for this btw? 🤔
@kat @yarn.girlonthemoon.xyz What do you use for this btw? 🤔 ⌘ Read more
↳
In-reply-to
»
Any idea What's this
⤋ Read More
"twtxtfeevalidator/0.0.1" UA about? I thought I could ask before throwing a 1000GB file at it 🪤 could it be the same 'xt' thing @lyse was talking about the other day?
hmm… apparently the invalid twts are the latest ones I’d posted from Timeline but highly probably because I’d tried to restore them manually, after unintentionally overriding my twtxt file with one that was out of date 🤦
**So I need to figure out how to block ASN(s)…
Additionally, I’ thinking of; How to detect DDoS attachs?
Here’s one way I’ve come up that’s qu …**
So I need to figure out how to block ASN(s)…
Additionally, I’ thinking of; How to detect DDoS attachs?
Here’s one way I’ve come up that’s quite simple:
Detecting DDoS attacks by tracking requests across multiple IPs in a sliding window. If total requests exceed a threshold in a given time, flag as potential DDoS. ⌘ Read more
(#tw5ulrq)
⌘ Read more
(#d6gewza) @lyse@lyse Cool 👌
@lyse @lyse.isobeef.org Cool 👌 ⌘ Read more
Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic…
Hmmm so I’ve sustained two DDoS attacks on my Gitea server today. A few hours apar. Still analyzing the traffic… ⌘ Read more
For the time being… I’ve just blocked all of OpenAI(s) Bots. They (thankfully) publish a JSON endpoint that you can use to block all OpenAI …
For the time being… I’ve just blocked all of OpenAI(s) Bots. They ( thankfully) publish a JSON endpoint that you can use to block all OpenAI crawlers from reaching your server ( in my case, blocking it at the edge). Example:
proxy-1:~# curl -qs https://openai.com/gptbot.json | jq -r '.prefixes[].ipv4Prefix' | xargs -I{} ./block-ip.sh {}
Where … ⌘ Read more
**(#buvh2sa) @aelaraji Yes! 👏 This is exactly what it is! 🤣 I will of course soon™ be hosting this service, likely at validator.twtxt.net ...**
[@aelaraji _@aelaraji.com_](https://twtxt.net/external?uri=https://aelaraji.com/twtxt.txt&nick=aelaraji) Yes! 👏 This is exactly what it is! 🤣 I will of course soon™ be hosting this service, likely atvalidator.twtxt.net😅😅 ⌘ [Read more](https://twtxt.net/twt/rmyrhwq)
(#f26jg3a) @kat Haha 🤣 If someone figures this out, please let me know 🙏🙏 – In the meantime, I’m going to very soon™ write a daemon …
@kat @yarn.girlonthemoon.xyz Haha 🤣 If someone figures this out, please let me know 🙏🙏 – In the meantime, I’m going to very soon™ write a daemon that will watch the audit log for repeated violations and add to the network firewall. ⌘ Read more
**(#4nndfsa) This is better:
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
2025/01/04 23:17:04 4.227.36.76 58982 GE ...**
This is better:
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
2025/01/04 23:17:04 4.227.36.76 58982 GET /external?aff-HY0BLO=&f=mediaonly&f=noreplies&nick=g1n&uri=https%3A%2F%2Fthe-president-codes.linegames.org null 0 On OWASP_CRS/4.7.0
Actionset: OWASP_CRS/4.7.0
Message: Bad User Agent
Severity: 0
Raw: SecRule REQUEST_HEADERS:User-Agent “@pmFromFile /etc/cadd … ⌘ Read more
**Nice! I wrote another useful tool 👌
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
Actionset: OWASP_CRS/4.7.0
M ...**
Nice! I wrote another useful tool 👌
proxy-1:~# ./audit-log-by-ip.sh 4.227.36.76 | coraza-log-formatter -m -
Actionset: OWASP_CRS/4.7.0
Message: Bad User Agent
Severity: 0
Raw: SecRule REQUEST_HEADERS:User-Agent “@pmFromFile /etc/caddy/waf/bad_user_agents.txt” “id:2000,log,phase:1,deny,msg:‘Bad User Agent’”
⌘ [Read more](https://twtxt.net/twt/4nndfsa)
**How in da fuq do you actually make these fucking useless AI bots go way?
proxy-1:~# jq '. | select(.request.remote_ip=="4.227.36.76")' /v ...**
How in da fuq do you _actually_ make these fucking useless AI bots go way?
proxy-1:~# jq ‘. | select(.request.remote_ip==“4.227.36.76”)’ /var/log/caddy/access/mills.io.log | jq -s ‘. | last’ | caddy-log-formatter -
4.227.36.76 - [2025-01-05 04:05:43.971 +0000] “GET /external?aff-QNAXWV=&f=mediaonly&f=noreplies&nick=g1n&uri=https%3A%2F%2Fmy-hero-ultra-impact-codes.linegames.org HTTP/2.0” … ⌘ Read more
(#d6gewza) Done.
Done. ⌘ Read more
(#d6gewza) @lyse Oh good! It works haha 🤣 I’ll bump it up a bit 👌
@lyse @lyse.isobeef.org Oh good! It works haha 🤣 I’ll bump it up a bit 👌 ⌘ Read more
🧮 USERS:1 FEEDS:2 TWTS:1205 ARCHIVED:83338 CACHE:2807 FOLLOWERS:17 FOLLOWING:14
And now I’ve applied rate limits on every site to reasonable values 👌
And now I’ve applied rate limits on every site to reasonable values 👌 ⌘ Read more