Iāve been poking around with #Crowdsec for the past couple of days, had to deal with a lot of false paositives but Iām starting to get it. Iāve even hooked it up with #Ntfy just because I can. Now I should try making my own scenarios and see how it goes.
↳
In-reply-to
»
Some A hole has been trying to pull every single Twtxt feed that existed/still exists since forever. How do I know? Welp' They've been querying my Timelineā¢ instance for all of it, every single twtxt file and twt Hash they can find. šš¤¦ It must have been going on for days and I have just noticed... + it's all coming from the same ASN
ā¤ Read More
AS136907 HWCLOUDS-AS-AP HUAWEI CLOUDS
@prologic@twtxt.net This shi_ is as fun as it is frustrating! š the bot is poking at me from a different ASN now, Alibabaās.
- Short term solution: Iāve geo-locked my Timeline instance since Iām the only one using it (and I only do so for reading twts when Iām away from terminal).
- Long term: I took a look at your Caddy WAF but couldnāt figure things out on my own; until then, Iāll be poking at Caddy-Defender, maybe throw in a Crowdsec for lolsā¦ #FUN
hmmm i really should set up crowdsec and maybe a WAF like coraza or something. i donāt look at my logs as much as i should because they scare me and ignorance is bliss but i should probably cut out as much false traffic as possible especially to my biggest site (superlove)
↳
In-reply-to
»
Not sure how this can be applied for self hosters?
ā¤ Read More
@prologic@twtxt.net I donāt know if there is/will be a Crowdsec bouncer to handle something like that. š¤