I’ve been poking around with #Crowdsec for the past couple of days, had to deal with a lot of false paositives but I’m starting to get it. I’ve even hooked it up with #Ntfy just because I can. Now I should try making my own scenarios and see how it goes.
↳
In-reply-to
»
Some A hole has been trying to pull every single Twtxt feed that existed/still exists since forever. How do I know? Welp' They've been querying my Timeline™ instance for all of it, every single twtxt file and twt Hash they can find. 😆🤦 It must have been going on for days and I have just noticed... + it's all coming from the same ASN
⤋ Read More
AS136907 HWCLOUDS-AS-AP HUAWEI CLOUDS
@prologic@twtxt.net This shi_ is as fun as it is frustrating! 😆 the bot is poking at me from a different ASN now, Alibaba’s.
- Short term solution: I’ve geo-locked my Timeline instance since I’m the only one using it (and I only do so for reading twts when I’m away from terminal).
- Long term: I took a look at your Caddy WAF but couldn’t figure things out on my own; until then, I’ll be poking at Caddy-Defender, maybe throw in a Crowdsec for lols… #FUN
hmmm i really should set up crowdsec and maybe a WAF like coraza or something. i don’t look at my logs as much as i should because they scare me and ignorance is bliss but i should probably cut out as much false traffic as possible especially to my biggest site (superlove)
Secure Docker Compose stacks with CrowdSec - The open-source & collaborative IPS
Testing this at the moment, quite happy with the results for one of my VPS running Funkwhale that came from a mix of Wordpress / Ampache, wordpress was being heavily probed for vulnerabilities, login attemps etc .. ⌘ Read more