| 28 Jan 2024 |
 fadenb | Dom called me, he took action against yet another DOS attack | 05:55:43 |
| fadenb | Seems to have slightly new format and is the first time someone is hitting old page histories which caused issues with the DB cache | 05:56:27 |
| fadenb | And this massively increased CPU load | 05:56:42 |
| fadenb | Btw, the attacker seem to be quite good at automatically solving the more convenient version of the cloudflare challenges.
We are currently discussing whether we might force the manual interaction one and therefore allow back some ASNs | 06:00:54 |
| fadenb | Though, right now we seem to primarily block a Swedish 'niche' ISP | 06:02:00 |
| fadenb | And we just reached out to the NOC of the ISP that seems to originate most of the malicious traffic | 06:17:42 |
| fadenb | Did not reach them by phone but it is 07:17 here on a Sunday and I believe Sweden is in the same time zone | 06:18:19 |
 @fractivore:cyberia.club | We were having similar issues with my computer club's Forgejo server recently. Archive caching was running the server out of space, causing DOS, and CPU load was massively increased. We basically used a bot-detection library, a rate limit, and requests to "deeper" endpoints. We then sent them into a tarpit if a few conditions were met. | 06:55:47 |
| @fractivore:cyberia.club | Basically solved the issue, but also legit users have hit the tarpit as well. Anyway, we believe this is just automated scraping in our case, not a targeted DOS attack. | 06:56:39 |
| fadenb | Ouch, hope you got it under control | 06:58:45 |
| fadenb | For nixos.wiki it is unfortunately not scraping bot a (long) series of attacks that are steadily evolving | 06:59:16 |
| fadenb | We kind of even see which tech stack the attacker just learned :/ | 06:59:33 |
| fadenb | And they just switched so now the traffic is originating from mullvad vpn servers.
If we block that we will annoy even more legitimate users | 07:00:11 |
| fadenb | Turned on global rate limiting on a per ip basis now. I now that my personal usage pattern will trigger that (I like to open many tabs at once and then slowly read them) | 07:01:53 |
| @fractivore:cyberia.club | Very weird. What could their motive be? 🤔 | 07:02:57 |
| @fractivore:cyberia.club | Somebody got REAL frustrated reading wiki entries 😆 | 07:03:22 |
| @fractivore:cyberia.club | In reply to @fadenb:utzutzutz.net
Turned on global rate limiting on a per ip basis now. I now that my personal usage pattern will trigger that (I like to open many tabs at once and then slowly read them) Tough concession to have to make, but honestly probably not too much collateral damage (except maybe people who share an ISP with the attacker) | 07:07:10 |
| @fractivore:cyberia.club | Not sure what the best solution is, it's a really tough problem | 07:09:42 |
| fadenb | We will do what we always do:
Stabilize wiki, yet another police report, wait and hope for better world ;) | 07:09:51 |
| fadenb | In a month or two this attack would not work again anyway as new HW for DB will be racked. Sufficient ram to cache the whole DB and every site in memory | 07:10:53 |
|  nf changed their profile picture. | 14:04:11 |
 nixos-wiki-rcbot | [[Hydra]] https://nixos.wiki/wiki/index.php?diff=11032&oldid=10878 * Jrobsonchase * (+521) Add note about flakes evaluating in restricted mode | 14:54:41 |
| fadenb | Attack is ramping back up.
Block still catching most of it | 15:13:53 |
| nixos-wiki-rcbot | [[Matrix]] https://nixos.wiki/wiki/index.php?diff=11033&oldid=10862 * Jhvst * (+54) clients: add iamb | 15:27:46 |
| 29 Jan 2024 |
| nixos-wiki-rcbot | [[Outline]] https://nixos.wiki/wiki/index.php?diff=11034&oldid=10716 * Sleepful * (+2398) adds nginx example | 06:57:05 |
| nixos-wiki-rcbot | [[Outline]] https://nixos.wiki/wiki/index.php?diff=11035&oldid=11034 * Sleepful * (+188) | 07:05:07 |
| nixos-wiki-rcbot | [[WayDroid]] https://nixos.wiki/wiki/index.php?diff=11036&oldid=10523 * Zeorin * (+109) Waydroid can be run on X11 inside a nested Wayland session | 08:20:17 |
| nixos-wiki-rcbot | [[Neovim]] https://nixos.wiki/wiki/index.php?diff=11037&oldid=10404 * Haemeah * (+1) fix broken link | 10:12:34 |
| nixos-wiki-rcbot | [[Zsh]] https://nixos.wiki/wiki/index.php?diff=11038&oldid=11023 * Rustybucket-cloud * (-2) Renames `oh-my-zsh` to `ohMyZsh` due to the program being renamed. | 20:26:05 |
| 30 Jan 2024 |
| nixos-wiki-rcbot | [[Outline]] https://nixos.wiki/wiki/index.php?diff=11039&oldid=11035 * Sleepful * (+1354) using staticpasswords instead | 09:51:01 |
