digdilem

joined 1 year ago
[–] digdilem@lemmy.ml 1 points 6 days ago (1 children)

I think your reply would have been more useful if you'd given some pointers about how, instead of just "do it right".

[–] digdilem@lemmy.ml 2 points 1 week ago* (last edited 1 week ago)

It's fine, but not going to be the cheapest.

Cheap to buy: Any old PC desktop, really. Most will run linux and windows fine, depending on what you want. Anywhere from free to £100. If you have an old desktop or laptop already, use that to start with.

Cheap to run: Any mini PC. I run a Lenovo ThinkCentre M53 for low power duties. Cost £40 and runs silently at 10watts, idle. (I have a secondary, much beefier server for other stuff that runs at around 100w which lives in the garage)

But plenty of people do run mac minis as home servers, often on Linux. They're fine - just do your homework on the CPU ability, how much ram you can add, and whether you're okay with external disks if you can't fit enough inside.

[–] digdilem@lemmy.ml 9 points 1 week ago

Find your thing.

For me that's been different things as I've gone through life. Currently in my 50s and enjoying riding a motorbike at weekends. When I'd ridden all the local roads so many times it was starting to get boring, I added another layer and am now riding my bike to every Village in my county. It's going to take a while, but has given another layer of interest and purpose. Many people won't understand why it's interesting to me, and that's fine, they don't have to. Finding what works for you is half the challenge.

BTW, if you've got depression, then finding happiness without resolving that is really, really difficult. Been there and absolutely everything felt bleak and pointless. Fixing that is the first step.

[–] digdilem@lemmy.ml 6 points 1 week ago
[–] digdilem@lemmy.ml 5 points 1 week ago (1 children)

Are headphones a possibility in your workplace?

[–] digdilem@lemmy.ml 1 points 1 week ago (1 children)

Thanks, that's some good thoughts. I do already do that, contribute to FOSS, write fiction and I've taught some stuff to younger folk at work so it's not entirely wasted. If I can achive net zero on whatever cosmic scoreboard is in place, I figure that's okay.

[–] digdilem@lemmy.ml 20 points 1 week ago (4 children)

Mixed, but mostly okay.

Pros: The world is massively overpopulated already. Our genes aren't particularly noteworthy. I'm not very optimistic about the future. People's happiness generally seems a lot less than it was when I was younger and I don't see that changing.

Cons: Not being able to pass anything on - my knowledge and experience, ironically much of which was gained through having time that would have been unavailable if I had had kids. As we both get older, our own care is concerning. Doing physical things around our smallholding is getting harder and a pair of young hands would be nice.

I don't begrudge other people having kids. We tried once but lost it and that kind of took the excitement out of it for us. Before we knew it, it was too late anyway.

[–] digdilem@lemmy.ml 2 points 1 week ago

The UK has seen a stratospheric drop too. Banned from all non-private indoor spaces, taxed through the roof. At least in the South, it's rare to see or even smell someone smoking now, even on TV. Although in some cities it's just as likely to smell cannabis as tobacco.

I don't think you're "exporting it" though - it's not an American initiative. This was a pretty universal shift of "why the fuck do we do this stupid shit?"

[–] digdilem@lemmy.ml 2 points 1 week ago

India has the BRO too.

Watching a guy called Joe Ryan on Youtube at the mo, who's riding a motorbike around the Himalayas. The BRO are building roads there at an incredible rate in the most impossible landscape. I'm genuinely amazed at the scale and adaptability of them and how much they're doing right now.

This is literally changing the lives of those who live in the area, although I do wonder how much this will trigger tourism and change everything as it has elsewhere. But still, those guys can build roads.

[–] digdilem@lemmy.ml 7 points 1 week ago

Much of the UK's regular government stuff is online and very simple too - their website is actually very good. It doesn't integrate everything though. The health service is particularly fragmented and communication is often by post and not that good.

[–] digdilem@lemmy.ml 2 points 1 week ago

Actually - a lot of closed source programs are still vulnerable to the supply chain attacks you mention where a bad actor has got access to their codebase. This has happened and been reported on, plus I'm sure, plenty of occasions where it was hushed up for reputational reasons. And - much commercial software still uses FOSS dependencies, so is also vulnerable to the same situation you describe for that. Worst of both worlds.

I don't think either system is inherantly better than the other in terms of computer security. Each has different and overlapping vulnerabilities.

195
submitted 6 months ago* (last edited 6 months ago) by digdilem@lemmy.ml to c/linux@lemmy.ml
 

I host a few small low-traffic websites for local interests. I do this for free - and some of them are for a friend who died last year but didn't want all his work to vanish. They don't get so many views, so I was surprised when I happened to glance at munin and saw my bandwidth usage had gone up a lot.

I spent a couple of hours working to solve this and did everything wrong. But it was a useful learning experience and I thought it might be worth sharing in case anyone else encounters similar.

My setup is:

Cloudflare DNS -> Cloudflare Tunnel (Because my residential isp uses CGNAT) -> Haproxy (I like Haproxy and amongst other things, alerts me when a site is down) -> Separate Docker containers for each website. On a Debian server living in my garage.

From Haproxy's stats page, I was able to see which website was gathering attention. It's one running PhpBB for a little forum. Tailing apache's logs in that container quickly identified the pattern and made it easy to see what was happening.

It was seeing a lot of 404 errors for URLs all coming from the same user-agent "claudebot". I know what you're thinking - it's an exploit scanning bot, but a closer look showed it was trying to fetch normal forum posts, some which had been deleted months previously, and also robots.txt. That site doesn't have a robots.txt so that was failing. What was weird is that the it was requesting at a rate of up to 20 urls a second, from multiple AWS IPs - and every other request was for robots.txt. You'd think it would take the hint after a million times of asking.

Googling that UA turns up that other PhpBB users have encountered this quite recently - it seems to be fascinated by web forums and absolutely hammers them with the same behaviour I found.

So - clearly a broken and stupid bot, right? Rather than being specifically malicious. I think so, but I host these sites on a rural consumer line and it was affecting both system load and bandwidth.

What I did wrong:

  1. In docker, I tried quite a few things to block the user agent, the country (US based AWS, and this is a UK regional site), various IPs. It took me far too long to realise why my changes to .htaccess were failing - the phpbb docker image I use mounts the root directory to the website internally, ignoring my mounted vol. (My own fault, it was too long since I set it up to remember only certain sub-dirs were mounted in)

  2. Figuring that out, I shelled into the container and edited that .htaccess, but wouldn't have survived restarting/rebuilding the container so wasn't a real solution.

Whilst I was in there, I created a robots.txt file. Not surprisingly, claudebot doesn't actually honour whats in there, and still continues to request it ten times a second.

  1. Thinking there must be another way, I switched to Haproxy. This was much easier - the documentation is very good. And it actually worked - blocking by Useragent (and yep, I'm lucky this wasn't changing) worked perfectly.

I then had to leave for a while and the graphs show it's working. (Yellow above the line is requests coming into haproxy, below the line are responses).

Great - except I'm still seeing half of the traffic, and that's affecting my latency. (Some of you might doubt this, and I can tell you that you're spoiled by an excess of bandwidth...)

  1. That's when the penny dropped and the obvious occured. I use cloudflare, so use their firewall, right? No excuses - I should have gone there first. In fact, I did, but I got distracted by the many options and focused on their bot fighting tools, which didn't work for me. (This bot is somehow getting through the captcha challenge even when bot fight mode is enabled)

But, their firewall has an option for user agent. The actual fix was simply to add this in WAF for that domain.

And voila - no more traffic through the tunnel for this very rude and stupid bot.

After 24 hours, Cloudflare has blocked almost a quarter of a million requests by claudebot to my little phpbb forum which barely gets a single post every three months.

Moral for myself: Stand back and think for a minute before rushing in and trying to fix something in the wrong way. I've also taken this as an opportunity to improve haproxy's rate limiting internally. Like most website hosts, most of my traffic is outbound, and slowing things down when it gets busy really does help.

This obviously isn't a perfect solution - all claudebot has to do is change its UA, and by coming from AWS it's pretty hard to block otherwise. One hopes it isn't truly malicious. It would be quite a lot more work to integrate Fail2ban for more bots, but it might yet come to that.

Also, if you write any kind of web bot, please consider that not everyone who hosts a website has a lot of bandwidth, and at least have enough pride to write software good enough to not keep doing the same thing every second. And, y'know, keep an eye on what your stuff is doing out on the internet - not least for your own benefit. Hopefully AWS really shaft claudebot's owners with some big bandwidth charges...

EDIT: It came back the next day with a new UA, and an email address linking it to anthropic.com - the Claude3 AI bot, so it looks like a particularly badly written scraper for AI learning.

view more: next ›