Irenes (many)this feels like a nice afternoon to just watch incoming traffic in the system log, flowing by quietly
it's interesting how the pace can be faster or slower. relaxing.
most of this is legit traffic, even if we have minor capacity issues from it. that feels good. the "default" situation with any self-hosting scenario is that most traffic is malicious.
it would be a lot of work to compare for-real, and the point of doing this is to relax, so we won't... but it feels like this is slower than before we put the 429 thing in place. so that's good.
Fred@ireneista I put a 302 in place for requests to .git/* to httped://hil-speed.hetzner.com/10GB.bin and it gives me a chuckle when I seem the logs :~)
@ireneista sorry I shouldn't have linked to the actual file...
John William David Thomson@fcbsd @ireneista I wonder how hard it would be to make a zip bomb type file be returned with the built in compression in http requests for anything malicious looking.
Could just expand to "403 get lost" or something a trillion times.
@jwdt @ireneista I want to play with the PNG expanding image approach, which with a carefully created deflated PNG it expands much bigger so you serve a tiny file that is unpacked much larger on the malicious server
@fcbsd @ireneista you know those git repos that have been causing all sorts of problems recently for (mostly) vibe coders?
Since they're often scraping .git or .env I wouldn't be surprised if you could have it even run ~~malicious~~ defensive code if the scraper bots are built badly enough (or the operator curious enough).
Might be a good way to get your domain flagged for malware though, ironically.
@ireneista @jwdt oh the joys of automating the wrong things