Irenes (many)Apr 7
this feels like a nice afternoon to just watch incoming traffic in the system log, flowing by quietly
Show threadIrenes (many)Apr 7
it's interesting how the pace can be faster or slower. relaxing.
Show threadIrenes (many)Apr 7
most of this is legit traffic, even if we have minor capacity issues from it. that feels good. the "default" situation with any self-hosting scenario is that most traffic is malicious.
Show threadIrenes (many)Apr 7
it would be a lot of work to compare for-real, and the point of doing this is to relax, so we won't... but it feels like this is slower than before we put the 429 thing in place. so that's good.
Show threadFredApr 7
@ireneista I put a 302 in place for requests to .git/* to httped://hil-speed.hetzner.com/10GB.bin and it gives me a chuckle when I seem the logs :~)
Show threadFredApr 7
@ireneista sorry I shouldn't have linked to the actual file...
Show threadJohn William David ThomsonApr 7

@fcbsd @ireneista I wonder how hard it would be to make a zip bomb type file be returned with the built in compression in http requests for anything malicious looking.

Could just expand to "403 get lost" or something a trillion times.

Show threadIrenes (many)
@jwdt @fcbsd the way our infrastructure is set up, that would be trivial if we wanted to do it
Apr 7 at 9:47pmWeb