Safari can't open the page "https://mirror.newsdump.org/confuse-some-ssh-bots.html" because Safari can't connect to the server "mirror.newsdump.org". tcpdump -p -i any -c512 -NNnnvv port 443 and 'tcp[13] == 2'
Why does this happen, wouldn't bots just ignore the version information?
Silent by default.
And good choice on the wireguard only, only issue I had is devops/testing things and not being connected to the wireguard because I'd be connected to another wireguard and couldn't ssh in to the server.
WireGuard _all_ of the things
How does an initial connection work in that scheme?
Seems like a pretty big footgun for questionable benefit, since a main benefit of Wireguard is that it’s very lean in terms of resources.
Turns out switching from Firefox mobile to Chrome mobile "fixes" this. Thanks for supporting the free and open internet.
[1] - https://mirror.newsdump.org/nginx/inc.d/30_generic_http_stuf...
Many of the things I do are terrible ideas. That is half the reason I keep doing them.
The goal here is to show people some of the things that can be done not that they should do them. It's up to each person to experiment and determine what tickles their fancy.
Eventually I blocked Brazil since I always
block them via accept-language in nginx and haproxy anyway.
For reasons I will never understand most people in Brazil
can not and/or will not read or follow even the
simplest instructions. This has been the case since BR was
connected to the internet.
Years of running forums and IRC servers. That is where 99% of my moderation requirements came from even when I would try really hard to be hands off.
# greater than 1 is a vulnerability by design used by TLA phishers rendering every firewall useless.
# beware of fakademic mid-wits that parrot things they do not understand.
MaxSessions 1It's only a risk if someone on your team runs the script and your local network allows outbound connections to the internet. None of this is theory though management teams will never want to see a demo much less let others in the company see it. A former coworker came up with the design. Shout out to The Godfather.
I personally find it extremely useful when working with servers more than 100ms or so away in many contexts, and even closer if the workflow requires making many short-lived connections.
No, it means anyone that can get your team to execute a script can log in as you in any data-center you have authenticated to regardless of multi-factor authentication without using credentials. It means firewalls do not exist, CVE's not required and credentials are not required.
I personally find it extremely useful
Absolutely, not using credentials and riding the existing channels will always be faster. Removing authentication requirements will always reduce friction.
The extremely large banner in this example is hilarious.
Bender•1mo ago
danudey•1mo ago
Bender•1mo ago
[1] - https://www.ssh-audit.com/
Bender•1mo ago
Thus far I am letting some leak through it would seem.
Thus far 2388 requests to this confused-bots file have been let through and 3226 have been assumed to be bots.Bender•1mo ago
- Blackhole routed a few ASN's / data-centers. It's all spoofed packets but good to block data-centers regardless so we are not sending them syn-ack (good hygiene).
- Added a temporary rule when we encounter a syn-flood. [1]
End result: Input 20 packets in 17 seconds, Output syn-ack reply 20 packets in 4 minutes and 44 seconds. That should translate to an acceptable amount of syn-ack if we were actually attacked some day.
Impact: Before, we sent more syn-ack then I would have liked but there was overall no impact to Nginx as we use the "deferred" socket option [2]. Now we send far fewer syn-ack packets for good internet hygiene. Thank-you to the person using the syn flood tool.
[1] - https://mirror.newsdump.org/nftables.txt
[2] - https://mirror.newsdump.org/nginx/http.d/11_bad_sni.conf.txt
Bender•1mo ago
[1] - https://bgp.tools/as-set/RIPE::as-stormwall-set#reverse