↳
In-reply-to
»
@prologic I'd say give crowdsec a try but I know for sure you prefer your own WAF ... 😅
⤋ Read More
@aelaraji@aelaraji.com I think I’ll just end up using the Official CrowdSec Go library 🤔
↳
In-reply-to
»
@prologic I'd say give crowdsec a try but I know for sure you prefer your own WAF ... 😅
⤋ Read More
@prologic@twtxt.net The periodic blacklists updates will be done automatically in the background, as for the different processing mechanisms (rules, collections of rules, remediation …etc) you just install/add the pre-made ones from the hub and call it a day, they’ll get periodic updates when needed. But you could easily create and add your own in case you want to block or white-list a specific behavior
↳
In-reply-to
»
@prologic I'd say give crowdsec a try but I know for sure you prefer your own WAF ... 😅
⤋ Read More
@prologic@twtxt.net The main thing that I tought of is that whomever is abusing your services must be a well known actor (by range/set of IPs) that got reported by other Crowdsec users. So to my simpleton’s understanding, your reverse-proxy/web server passes the requests by crowdsec for processing, they get banned for $N hours if the source has already been blacklisted by the community or violates any of a set of behavior base rules (and even more hours for repeat offenders); otherwise the requests/responses go as per usual. Not sure if I got things right but this might help paint a better picture of the process.
↳
In-reply-to
»
Oh fuck me! I had basically turned off the route to
⤋ Read More
git.mills.io last night and went ot bed at ~2AM after unsuccessfully trying to control the attacks (bad bots) that were behaving like a DDoS attack. Tried to re-enable the route this monring and *BOOM, they're back! As-if they never stopped?! what da actual fuq?! Media Anyone have any clever ideas of what I can do here to allows normal users, like you nice folk and block ths obnoxious traffic?!
@prologic@twtxt.net I’d say give crowdsec a try but I know for sure you prefer your own WAF … 😅
I’ve been poking around with #Crowdsec for the past couple of days, had to deal with a lot of false paositives but I’m starting to get it. I’ve even hooked it up with #Ntfy just because I can. Now I should try making my own scenarios and see how it goes.
↳
In-reply-to
»
Some A hole has been trying to pull every single Twtxt feed that existed/still exists since forever. How do I know? Welp' They've been querying my Timeline™ instance for all of it, every single twtxt file and twt Hash they can find. 😆🤦 It must have been going on for days and I have just noticed... + it's all coming from the same ASN
⤋ Read More
AS136907 HWCLOUDS-AS-AP HUAWEI CLOUDS
@prologic@twtxt.net This shi_ is as fun as it is frustrating! 😆 the bot is poking at me from a different ASN now, Alibaba’s.
- Short term solution: I’ve geo-locked my Timeline instance since I’m the only one using it (and I only do so for reading twts when I’m away from terminal).
- Long term: I took a look at your Caddy WAF but couldn’t figure things out on my own; until then, I’ll be poking at Caddy-Defender, maybe throw in a Crowdsec for lols… #FUN
hmmm i really should set up crowdsec and maybe a WAF like coraza or something. i don’t look at my logs as much as i should because they scare me and ignorance is bliss but i should probably cut out as much false traffic as possible especially to my biggest site (superlove)
↳
In-reply-to
»
Not sure how this can be applied for self hosters?
⤋ Read More
@prologic@twtxt.net I don’t know if there is/will be a Crowdsec bouncer to handle something like that. 🤔