Irenes (many)this feels like a nice afternoon to just watch incoming traffic in the system log, flowing by quietly
it's interesting how the pace can be faster or slower. relaxing.
most of this is legit traffic, even if we have minor capacity issues from it. that feels good. the "default" situation with any self-hosting scenario is that most traffic is malicious.
it would be a lot of work to compare for-real, and the point of doing this is to relax, so we won't... but it feels like this is slower than before we put the 429 thing in place. so that's good.
Fred@ireneista I put a 302 in place for requests to .git/* to httped://hil-speed.hetzner.com/10GB.bin and it gives me a chuckle when I seem the logs :~)
@ireneista sorry I shouldn't have linked to the actual file...
John William David Thomson@fcbsd @ireneista I wonder how hard it would be to make a zip bomb type file be returned with the built in compression in http requests for anything malicious looking.
Could just expand to "403 get lost" or something a trillion times.
@jwdt @ireneista I want to play with the PNG expanding image approach, which with a carefully created deflated PNG it expands much bigger so you serve a tiny file that is unpacked much larger on the malicious server
@fcbsd @ireneista you know those git repos that have been causing all sorts of problems recently for (mostly) vibe coders?
Since they're often scraping .git or .env I wouldn't be surprised if you could have it even run ~~malicious~~ defensive code if the scraper bots are built badly enough (or the operator curious enough).
Might be a good way to get your domain flagged for malware though, ironically.
@ireneista @jwdt oh the joys of automating the wrong things
@fcbsd @ireneista or if you can keep connections open inexpensively enough, stream one byte every few seconds for as long as it'll listen.
@jwdt @ireneista there has been a few projects that take the tarpit approach, I've used one with ssh that took several hours to send the initial handshake
@fcbsd @ireneista I think I've used actual ssh servers that felt like they did that.
@jwdt @fcbsd as kids we had a 2400 baud modem
we would telnet into Unix servers and every so often there'd be a latency spike and we wouldn't be able to see what we were typing for several seconds
and if we were doing anything web-related in another window we could track the progress of the web requests by how they affected the telnet session
@ireneista building within strictly defined limits is always good, and the web should be instantaneous for everyone
@fcbsd or at least it should be the same speed for everyone, because that's justice
we think intentionally slowing down, for things that don't matter, can be defensible. like, not everything in life has to be instant gratification
@ireneista exactly. My analogy would be I'm always impatient to get a new book, but then when it arrives, it will take me a long time to read it
@fcbsd yeah we've been ordering physical books from a local co-op lately and they take a while to get here and it feels nice
@ireneista @jwdt my first modem was a 56k cardbus modem, but I did once use my Nokia 8210 as 9600 baud modem...
@ireneista @jwdt that will awaken the memories of AT command sets...