This is completely insane!
abucci@buc:/tmp$ du -sh /tmp/yarnd-avatar-*
564M /tmp/yarnd-avatar-3024946878
7.2G /tmp/yarnd-avatar-3122347915
11G /tmp/yarnd-avatar-3533381443
445M /tmp/yarnd-avatar-441914658
I’m going to have to shut down my server soon. This looks like some kind of DDoS. Whether intentional or not it’s filling up the disk at an unsustainable rate.
There are also a bunch of log messages scrolling by. I’ve never seen this much activity in the log:
Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (149.71.56.69) "GET /external?nick=lovetocode999&uri=https://pagez.co.uk/services/your-own-100-fully-owned-online-vi>
Jul 25 01:37:39 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:39 (162.211.155.2) "GET /twt/112135496802692324 HTTP/1.1" 400 12 826.65µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (51.222.253.14) "GET /conv/muttriq HTTP/1.1" 200 36881 20.448309ms
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/112730114943543514 HTTP/1.1" 400 12 663.493µs
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (27.75.213.253) "GET /external?nick=lovetocode999&uri=http%3A%2F%2Falfarah.jo%2FHome%2FChangeCulture%3FlangCode%3Den>
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=error msg="http://bynet.com.br/log_envio.asp?cod=335&email=%21%2AEMAIL%2A%21&url=https%3A%2F%2Fwww.almanacar.c>
Jul 25 01:37:40 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:40 (162.211.155.2) "GET /twt/111674756400660911 HTTP/1.1" 400 12 545.106µs
Jul 25 01:37:40 buc.ci yarnd[829]: time="2024-07-25T01:37:40Z" level=warning msg="feed FetchFeedRequest: @<lovetocode999 http://alfarah.jo/Home/ChangeCulture?langCode=en&returnUrl>
Jul 25 01:37:41 buc.ci yarnd[829]: [yarnd] 2024/07/25 01:37:41 (162.211.155.2) "GET /twt/112507964696096567 HTTP/1.1" 400 12 838.946µs
Something really weird is going on?
I deleted them all right before I sent my previous message, and already, a few minutes later, there are two more:
abucci@buc:~$ du -sh /tmp/yarnd-avatar-3*
1.8G /tmp/yarnd-avatar-3122347915
2.4G /tmp/yarnd-avatar-3533381443
What is this?
@prologic@twtxt.net This is weird, but today, out of nowhere, yarnd filled up the disk on the VPS where I run it. It’s never done anything like this before and I have no idea why it would start. But it threw almost 700 Gbytes of data into /tmp in files like this:
yarnd-avatar-1087570772 yarnd-avatar-1599127133 yarnd-avatar-2042956376 yarnd-avatar-2562946212 yarnd-avatar-3274766535 yarnd-avatar-3931929859 yarnd-avatar-553201529
yarnd-avatar-1089125452 yarnd-avatar-1606826819 yarnd-avatar-2089122560 yarnd-avatar-2611944556 yarnd-avatar-3310922372 yarnd-avatar-3938996661 yarnd-avatar-556240195
yarnd-avatar-1101228867 yarnd-avatar-1618755765 yarnd-avatar-2104107259 yarnd-avatar-2641384948 yarnd-avatar-3326285269 yarnd-avatar-3939402047 yarnd-avatar-559344463
yarnd-avatar-1112165824 yarnd-avatar-1650827505 yarnd-avatar-2142824779 yarnd-avatar-2680659340 yarnd-avatar-3340682113 yarnd-avatar-3998621883 yarnd-avatar-570292705
yarnd-avatar-1119886894 yarnd-avatar-1656673647 yarnd-avatar-2160786463 yarnd-avatar-271923479 yarnd-avatar-3374584613 yarnd-avatar-4005102536 yarnd-avatar-595490106
yarnd-avatar-1131417623 yarnd-avatar-1685698239 yarnd-avatar-2165405940 yarnd-avatar-2793562275 yarnd-avatar-3380606954 yarnd-avatar-4016872095 yarnd-avatar-679251850
yarnd-avatar-1160959085 yarnd-avatar-1746759128 yarnd-avatar-2171489899 yarnd-avatar-2842068287 yarnd-avatar-3416352997 yarnd-avatar-4110048378 yarnd-avatar-679950970
yarnd-avatar-1231649265 yarnd-avatar-1752278279 yarnd-avatar-2251317422 yarnd-avatar-2843868670 yarnd-avatar-3468636088 yarnd-avatar-4116552474 yarnd-avatar-737874628
164 files. Some are empty, some are 7 or even 10 Gbyte.
Any idea what would cause that? And why now, after running yarnd for so long with nothing like this happening?
@prologic@twtxt.net hey testing a rebuild of yarnd
Hmm…
Jun 19 23:31:38 yarn_init.sh[61567]: [yarnd] 2024/06/19 23:31:38 (127.0.0.1:40254) “POST /post HTTP/
1.0” 200 0 3.402208ms
[…]Jun 19 23:31:39 yarn_init.sh[61567]: [yarnd] 2024/06/19 23:31:39 (127.0.0.1:40262) “GET /post HTTP/1.0” 404 729 123.474001ms
I just “published” a #draft on my blog about “How I’ve implemented #webmentions for twtxt” (http://darch.dk/mentions-twtxt), so I wanted to know from you guys if you see yourself doing a similar thing with yarnd @prologic@twtxt.net or others with custom setups?
It not that easy @xuu@txt.sour.is since I implemented webmentions in a different way that how it have been done in yarnd to work with txt-files. You can find the code in webmention_endpoint.php and new_twt.php at main · sorenpeter/timeline
↳
In-reply-to
»
Did another write up on #webfinger and DIDs for twtxt/yarn that you can read and edit/comment in: User lookup for twtxt/yarn - Webfinger or Decentralized Identifiers (DIDs) - HedgeDoc
⤋ Read More
Also made a webfinger lookup resolver that works with my own webfinger endpoint as well as yarnd servers:
http://darch.dk/wf-lookup.php
yarnd does not do auto discovery via webfinger though.. i cant put @username and have it fetch the feed url from webfinger. to fully make feeds portable. would also need to be able to use that for hashing.
↳
In-reply-to
»
(#fytbg6a) What about using the blockquote format with
⤋ Read More
> ?
I’m also more in favor of #reposts being human readable and writable. A client might implement a bottom that posts something simple like: #repost Look at this cool stuff, because bla bla [alt](url)
This will then make it possible to also “repost” stuff from other platforms/protocols.
The reader part of a client, can then render a preview of the link, which we talked about would be a nice (optional) feature to have in yarnd.
@prologic@twtxt.net
Yarnd exposes it for the users to view logs for there own feed?
↳
In-reply-to
»
I've enabled the
⤋ Read More
filter_and_lists and webfinger optional features.
oops, going to update to the latest yarnd and restart. Stay tuned!
OK folks, rebuilding/restarting yarnd hang in there.
Upgrading yarnd to latest and rebooting the virtual machine running it. See you on the other side.
And we’re back, now on yarnd 0.15.1.
We are now running yarnd 0.15.0! 🎉
OK, we are attempting an upgrade from yarnd 0.14.0 to yarnd 0.15.0. See you on the other side. 🤞
**
FOLLOW: @venjiang from @watcher@txt.sour.is using yarnd/0.13.0@0ada09a
**
FOLLOW: @venjiang from @watcher @txt.sour.is using yarnd/0.13.0@0ada09a ⌘ Read more
**
FOLLOW: @venjiang from @ullarah@txt.quisquiliae.com using yarnd/edge@4e6a3819
**
FOLLOW: @venjiang from @ullarah @txt.quisquiliae.com using yarnd/edge@4e6a3819 ⌘ Read more
**
FOLLOW: @venjiang from @watcher@txt.sour.is using yarnd/0.13.0@0db6025fae34e328119d2f031ec8384ee47f3d1f
**
FOLLOW: @venjiang from @watcher @txt.sour.is using yarnd/0.13.0@0db6025fae34e32 … ⌘ Read more
**
FOLLOW: @venjiang from @ullarah@txt.quisquiliae.com using yarnd/0.13.0@72b3ed56
**
FOLLOW: @venjiang from @ullarah @txt.quisquiliae.com using yarnd/0.13.0@72b3ed56 ⌘ Read more
yarnd v0.13 - Aluminium Amarok
Today we announced release v0.13.0 of the Yarn.social backend yarnd that now powers a network of 15 pods around the globe.
You can find the release here:
Yarn/Twtxt (Yarn.social is based on Twtxt) continues to grow steadily every day, and every month or so we see a new independent Pod (what we call in … ⌘ Read more
**
FOLLOW: @venjiang from @ullarah@txt.quisquiliae.com using yarnd/0.11.0@5319fbb
**
FOLLOW: @venjiang from @ullarah @txt.quisquiliae.com using yarnd/0.11.0@5319fbb ⌘ Read more
FOLLOW: @watcher@txt.sour.is from @prologic@twtxt.net using yarnd/0.10.0@4618bd0
FOLLOW: @watcher@txt.sour.is from @fastidious@arrakis.netbros.com using yarnd/0.9.0@1a05858
FOLLOW: @xuu@txt.sour.is from @lukas@mentano.org using yarnd/0.9.0@3a96914
**
FOLLOW: @venjiang from @watcher@txt.sour.is using yarnd/0.8.0@b2ce19a
**
FOLLOW: @venjiang from @watcher @txt.sour.is using yarnd/0.8.0@b2ce19a ⌘ Read more
FOLLOW: @xuu@txt.sour.is from @watcher@txt.sour.is using yarnd/0.8.0@b2ce19a
FOLLOW: @watcher@txt.sour.is from @watcher@txt.sour.is using yarnd/0.8.0@cfe785d
FOLLOW: @default@txt.sour.is from @xuu@txt.sour.is using yarnd/0.8.0@cfe785d
FOLLOW: @xuu@txt.sour.is from @ullarah@txt.quisquiliae.com using yarnd/0.8.0@80999ab
FOLLOW: @xuu@txt.sour.is from @meff@yarn.meff.me using yarnd/0.7.2@a4ee171
FOLLOW: @xuu@txt.sour.is from @darch2@yarn.algorave.dk using yarnd/0.6.2@86938ca
@prologic@twtxt.net
Thank you, that’s the correct one.
Still I have this in my logs (first access of “eleven” by yarnd):
ip.ip.ip.ip - - [21/Oct/2021:20:05:36 +0000] “GET /eleven.txt HTTP/2.0” 200 344 “-” “yarnd/0.2.0@46bea3f (Pod: twtxt.net Support: https://twtxt.net/support)”
ip.ip.ip.ip - - [21/Oct/2021:20:05:36 +0000] “HEAD /avatar.png HTTP/2.0” 200 0 “-” “yarnd/0.2.0@46bea3f (Pod: twtxt.net Support: https://twtxt.net/support)”
And I guess without avatar.png sitting there I would have seen even more requests like /eleven.txt/avatar.png.
I’ve copied stackeffect.png to avatar.png to make yarnd happy when accessing stackeffect.txt.
So in this setup yarnd fetched eleven.txt along with avatar.png which belongs to another twtxt. This feels buggy.
FOLLOW: @xuu@txt.sour.is from @fastidious@arrakis.netbros.com using yarnd/0.1.0@b88b11b
@prologic@twtxt.net finally updated yarnd.. FORK!? Awesome!
FOLLOW: @xuu@txt.sour.is from @adi@f.adi.onl using yarnd/0.1.0@c6fd1c8
FOLLOW: @xuu@txt.sour.is from @laz@tt.vltra.plus using yarnd/master@1dcc5aed
FOLLOW: @xuu@txt.sour.is from @eldersnake@yarn.andrewjvpowell.com using yarnd/0.1.0@e335324
FOLLOW: @xuu@txt.sour.is from @lohn@tw.lohn.in using yarnd/0.0.0@HEAD