frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Confuse some SSH bots and make botters block you

https://mirror.newsdump.org/confuse-some-ssh-bots.html
38•Bender•5d ago

Comments

Bender•5d ago
Feel free to test your SSH bots and HTTP bots against mirror.newsdump.org
danudey•1h ago
Paramiko v4.0.0 (the latest) gets past the version string, it seems, but dies instantly on failed KEX, which is another convenient incompatibility. It does mean that even legitimate SSH bots in Python will fail though.
Bender•51m ago
That is likely from performing hardening in ssh-audit [1]. The way I used to block python, Go and libssh was to use a iptables string search but that capability does not exist at least natively in nftables.

[1] - https://www.ssh-audit.com/

Bender•6m ago
I am having fun playing with the slow syn flood of spoofed packets someone is sending. I appreciate them sending it. I like the variability in the TCP MSS, TTL, Window sizes they are sending.

Thus far I am letting some leak through.

    100 SYN received in 15.03 seconds

    100 SYN-ACK returned in 3 minutes and 22.03 seconds.
unsnap_biceps•2h ago
Not sure if it's down or if I've been flagged incorrectly as a bot

    Safari can't open the page "https://mirror.newsdump.org/confuse-some-ssh-bots.html" because Safari can't connect to the server "mirror.newsdump.org".
Bender•1h ago
If the TCP Window size is abnormally small I block those and MSS outside of 1280-1460 but that is prior to anything the browser is doing. Those can been seen with

    tcpdump -p -i any -c512 -NNnnvv port 443 and 'tcp[13] == 2'
Or if a VPN is being used there is always a chance it is coming from a server/VPS provider and may be blackhole routed on my end.
politelemon•1h ago
> The VersionAddendum will cause most poorly coded bots to hang, thus causing the botter to exclude us from their scans rather than us having to block them.

Why does this happen, wouldn't bots just ignore the version information?

estimator7292•1h ago
That would be a "properly designed" bot and not a poorly-coded one
Bender•1h ago
That pretty much sums it up. Someone writes a quick and dirty python/perl thing and all the botters use it rather than writing something around a recent ssh library. Their thing is probably faster but leaves out a lot making them easier to detect or break.
exabrial•1h ago
We don't leave any ports open anymore. Everything is behind Wireguard. No key? Your packet goes into the blackhole.

Silent by default.

Bender•1h ago
That is a good idea. My example is for people that expose ssh/sftp on purpose such as a public SFTP server for sharing who knows what.
jojomodding•1h ago
I guess I trigger the bot detection? All I am served with is a Rick Astley quote.

Turns out switching from Firefox mobile to Chrome mobile "fixes" this. Thanks for supporting the free and open internet.

Bender•48m ago
Yeah I probably have a number of false positives from my semi-fascist nginx configuration [2] I just use this for hobby sites and would never be accepted as a commercially supported CDN. They do fancy detection methods whereas I just use simple hacky methods. I tend to tune things so my friends can get through and some random people may get dropped until I look at what they are sending. For what it's worth each method is entirely optional or tunable to a persons needs or fever dreams. Probably language settings.

[1] - https://mirror.newsdump.org/nginx/inc.d/30_generic_http_stuf...

ChuckMcM•1h ago
I like this, back when the xterm CVE was common you could probably 0wn any botter who was looking at their logs in xterm.

alpr.watch

https://alpr.watch/
535•theamk•5h ago•267 comments

Prediction: AI will make formal verification go mainstream

https://martin.kleppmann.com/2025/12/08/ai-formal-verification.html
66•evankhoury•1h ago•28 comments

No Graphics API

https://www.sebastianaaltonen.com/blog/no-graphics-api
259•ryandrake•3h ago•40 comments

MIT professor shot at his Massachusetts home dies

https://www.bbc.com/news/articles/cly08y25688o
18•mosura•30m ago•0 comments

GPT Image 1.5

https://openai.com/index/new-chatgpt-images-is-here/
213•charlierguo•4h ago•115 comments

Ty: A fast Python type checker and LSP

https://astral.sh/blog/ty
73•gavide•1h ago•11 comments

40 percent of fMRI signals do not correspond to actual brain activity

https://www.tum.de/en/news-and-events/all-news/press-releases/details/40-percent-of-mri-signals-d...
356•geox•8h ago•156 comments

Mozilla appoints new CEO Anthony Enzor-Demeo

https://blog.mozilla.org/en/mozilla/leadership/mozillas-next-chapter-anthony-enzor-demeo-new-ceo/
359•recvonline•8h ago•524 comments

Thin desires are eating life

https://www.joanwestenberg.com/thin-desires-are-eating-your-life/
224•mitchbob•21h ago•84 comments

The World Happiness Report is beset with methodological problems

https://yaschamounk.substack.com/p/the-world-happiness-report-is-a-sham
66•thatoneengineer•22h ago•84 comments

Writing a blatant Telegram clone using Qt, QML and Rust. And C++

https://kemble.net/blog/provoke/
54•tempodox•6h ago•30 comments

GitHub will begin charging for self-hosted action runners on March 2026

https://github.blog/changelog/2025-12-16-coming-soon-simpler-pricing-and-a-better-experience-for-...
364•nklow•4h ago•143 comments

Sega Channel: VGHF Recovers over 100 Sega Channel ROMs (and More)

https://gamehistory.org/segachannel/
194•wicket•9h ago•27 comments

Chat-tails: Throwback terminal chat, built on Tailscale

https://tailscale.com/blog/chat-tails-terminal-chat
11•nulbyte•1h ago•1 comments

Nvidia Nemotron 3 Family of Models

https://research.nvidia.com/labs/nemotron/Nemotron-3/
99•ewt-nv•1d ago•12 comments

Letta Code

https://www.letta.com/blog/letta-code
12•ascorbic•1h ago•1 comments

Artie (YC S23) Is Hiring Senior Enterprise AES

https://www.ycombinator.com/companies/artie/jobs/HyaHWUs-senior-enterprise-ae
1•j-cheong•5h ago

Show HN: Sqlit – A lazygit-style TUI for SQL databases

https://github.com/Maxteabag/sqlit
85•MaxTeabag•1d ago•9 comments

Context: Odin’s Most Misunderstood Feature

https://www.gingerbill.org/article/2025/12/15/odins-most-misunderstood-feature-context/
25•davikr•1d ago•0 comments

Creating custom yellow handshake emojis with zero-width joiners

https://blog.alexbeals.com/posts/custom-yellow-handshake-emojis-with-zero-width-joiners
43•dado3212•21h ago•1 comments

Show HN: Deterministic PCIe Diagnostics for GPUs on Linux

https://github.com/parallelArchitect/gpu-pcie-diagnostic
6•gpu_systems•1h ago•1 comments

Rust GCC back end: Why and how

https://blog.guillaume-gomez.fr/articles/2025-12-15+Rust+GCC+backend%3A+Why+and+how
149•ahlCVA•8h ago•70 comments

How geometry is fundamental for chess

https://lichess.org/@/RuyLopez1000/blog/how-geometry-is-fundamental-for-chess/h31wwhUX
43•fzliu•4d ago•14 comments

Purrtran – ᓚᘏᗢ – A Programming Language for Cat People

https://github.com/cmontella/purrtran
213•simonpure•3d ago•31 comments

30 Years of <Br> Tags

https://www.artmann.co/articles/30-years-of-br-tags
122•FragrantRiver•3d ago•25 comments

Vibe coding creates fatigue?

https://www.tabulamag.com/p/too-fast-to-think-the-hidden-fatigue
118•rom16384•3h ago•118 comments

Pizlix: Memory Safe Linux from Scratch

https://fil-c.org/pizlix
55•nullbyte808•2d ago•16 comments

Confuse some SSH bots and make botters block you

https://mirror.newsdump.org/confuse-some-ssh-bots.html
38•Bender•5d ago•14 comments

Full Unicode Search at 50× ICU Speed with AVX‑512

https://ashvardanian.com/posts/search-utf8/
178•ashvardanian•1d ago•69 comments

The Beauty of Dissonance

https://www.plough.com/en/topics/culture/music/the-beauty-of-dissonance
7•tintinnabula•3d ago•0 comments