:wtf: How can this be so wrong??? (AKA the Discopocalypse thread)
-
@Lorne-Kates
Three /29 net blocks come up in ARIN's Whois. Which seems retardedly small.Well, OK, I found a fourth. But still, I kind of expected them to have a direct allocation, and of fairly large size. Not a handful of Comcast business allocations throughout the country and an XO allocation in San Jose.
-
I know that a single IP that serves around 1000 IT workers behind a NAT is banned from meta.discourse
-
@groo I wonder who could be responsible?
-
@boomzilla said in How can this be so wrong??? (AKA the Discopocalypse thread):
@groo I wonder who could be responsible?
: All signs point to
-
@groo Bah, amateur hour.
A multinational company with thousands of employees all being blocked from WTDWTF? Now that is impressive!
Suck it,
-
The problem is that all these IP bans take up a lot of processing.
Let's make a BLDN to centralize the ban list creation.
-
@sloosecannon said in How can this be so wrong??? (AKA the Discopocalypse thread):
The problem is that all these IP bans take up a lot of processing.
Just wait until someone wants IPv6!
-
@boomzilla
Though, in reality, IPv6 bans will start at /64s, anyway, so there's only 4 trillion times as many (give or take) possible individual "IPs" as in IPv4. And once they start rolling up entire ISPs' /32 to /48 allocations after 5 /64s do naughty things, things will really start flying.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@boomzilla
Though, in reality, IPv6 bans will start at /64s, anyway, so there's only 4 trillion times as many (give or take) possible individual "IPs" as in IPv4. And once they start rolling up entire ISPs' /32 to /48 allocations after 5 /64s do naughty things, things will really start flying.Hm, so I could ban my entire ISP by my lonesome, as I have a /56 ;).
-
@izzion I'm not saying it would take only one troll/spammer on mobile using IPv6 and a /64 ban to get a whole cell carrier in a country banned but...
-
@MathNerdCNU ...but we all know that's actually all it would take.
-
@Onyx said in How can this be so wrong??? (AKA the Discopocalypse thread):
@groo Bah, amateur hour.
A multinational company with thousands of employees all being blocked from WTDWTF? Now that is impressive!
Suck it,
-
@Dreikin certain Korean company ?
-
@cabrito with a certain... enlightened individual?
-
@cabrito said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Dreikin certain Korean company ?
@JBert said in How can this be so wrong??? (AKA the Discopocalypse thread):
@cabrito with a certain... enlightened individual?
I thought they banned themselves though? (Or am I reading that wrong? I'm reading that wrong, aren't I.)
-
@Dreikin We're talking about the same thing. Note that @Onyx said "blocked", not "banned", meaning they just blackholed this site from their company network.
Filed under: Banning all those people sounds like way more work than the moderators would put up with
-
@JBert said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Dreikin We're talking about the same thing. Note that @Onyx said "blocked", not "banned", meaning they just blackholed this site from their company network.
Filed under: Banning all those people sounds like way more work than the moderators would put up with
Yeah, I read @Onyx's post wrong then. I was still thinking in the context of the Discourse IP-block autoban - something done by the forum - and didn't realize this was a little more disconnected from that concept - any forum block, not blocks by the forum. Thanks :)
-
@Onyx said in How can this be so wrong??? (AKA the Discopocalypse thread):
Suck it,
Gross! I wouldn't let that guy anywhere near my dick.
-
@sloosecannon said in How can this be so wrong??? (AKA the Discopocalypse thread):
Let's make a BLDN to centralize the ban list creation.
Congratulations. You've invented Disco-DNSBLs.
-
@Dreikin said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Onyx said in How can this be so wrong??? (AKA the Discopocalypse thread):
@groo Bah, amateur hour.
A multinational company with thousands of employees all being blocked from WTDWTF? Now that is impressive!
Suck it,
I will now read the IP ban list for this NodeBB instance. This concludes the reading of the IP ban list.
-
@ben_lubar
And that explains the constant server cooties
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar
And that explains the constant server cootiesThere are a few user agents that are banned in the nginx config, along with a few that are rate limited to 1 request every 10 seconds.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar
And that explains the constant server cootiesIf only it made that much sense.
-
@boomzilla
I mean, we are taking 1e4 hits per day from crawlers trying to fuzz for WP vulnerabilities, right? Seems like something that should be in the IP block discussion, as was brought up when that information was first posted...#fail2ban
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
I mean, we are taking 1e4 hits per day from crawlers trying to fuzz for WP vulnerabilities, right?
I guess we could talk about that. It wouldn't be talking about our server cooties. But we could talk about that.
-
@izzion 10^4 doesn't seem like an enormous amount of requests... Or at least it doesn't seem like the kind of number that should bring a web server to its knees
-
@bb36e
That's just the number of hits on that WP endpoint, if I understood the graphic correctly. How many more hits are they fuzzing on other possible endpoints?And, judging by previous experience (/t/1000), web servers go down for a lot less, given the right incentives...
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
/t/1000
I'd argue that discourse really shouldn't be used when discussing how things /should/ work :p
-
@bb36e
We have pretty strong evidence that server cooties weren't (solely) caused by DiscoInefficientCoding. All I'm saying is, I agree with the person who called it out in the other thread; why aren't the IPs that are fuzzing WP endpoints banned (with a "member whitelist" if we have problems)? At least long enough to see if it makes any different. We're a tech forum, who make fun of people who do stupid shit in IT. Seems like blaming the problem on the software instead of IP banning very likely bad actors might be the content of a front page article.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@boomzilla
I mean, we are taking 1e4 hits per day from crawlers trying to fuzz for WP vulnerabilities, right? Seems like something that should be in the IP block discussion, as was brought up when that information was first posted...#fail2ban
Which uses more resources:
-
404 error due to a bad route with no session cookie so the database isn't queried at all for the user data
-
403 error due to an IP ban that happens within NodeBB which means it still uses up the exact same amount of time
-
-
@bb36e said in How can this be so wrong??? (AKA the Discopocalypse thread):
@izzion 10^4 doesn't seem like an enormous amount of requests... Or at least it doesn't seem like the kind of number that should bring a web server to its knees
10^4 is also about 5 times more 404 errors than we've had on that endpoint in the last month (or however long it's been since the 404 log was last cleared)
Also, the following endpoints have each had exactly 5 404 errors:
- /topic/14061/the-fox-ideas-thread/@Fox%20said:Foxes%20are%20kinda%20my%20thing%20%20But%20you%20ain't%20the%20first%20fox%20here%20%20http://orig09.deviantart.net/79b9/f/2009/343/e/9/fiona_fox_by_sapphirespring.jpg
- /users/codinghorror
- /users/aliceif
- /members/GetXanax.aspx
- /users/lorne_kates
- /images/emoji/emoji_one/beetle.png
- /Themes/leanandgreen/images/user_IsOnline.gif
(For the record, the
/users -> /user
redirect was removed when they added the public-facing user list)
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/aliceif
That was me, whoops.
-
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/aliceif
That was me, whoops.
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/aliceif
That was me, whoops.
When once doesn't work, it might be the user's fault. If it doesn't work twice, maybe something in the cosmos. And so on...
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/aliceif
That was me, whoops.
Oh good, the moral police arrived. Let the kids have their fun, jeez.
-
@ben_lubar
Neither - you firewall the IP before it ever gets to nginx
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar
Neither - you firewall the IP before it ever gets to nginxYou do realize this is the topic where we're discussing Discourse banning ISPs automatically, right?
Or does Discourse now ban people using iptables?
-
@ben_lubar I think @izzion is talking about us using iptables to ban the stupid metasploit kiddies. Using fail2ban as an example if you look at his previous posts. With which I agree, actually, it can be a bit fiddly to set up initially at times, but it works well.
Filed under: That's one ugly wiki though
-
@Onyx said in How can this be so wrong??? (AKA the Discopocalypse thread):
That's one ugly wiki though
Needs more animated gifs
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
I mean, we are taking 1e4 hits per day from crawlers trying to fuzz for WP vulnerabilities, right?
I like watching those in my server logs. It's cute how naive they are.
-
@Luhmann said in How can this be so wrong??? (AKA the Discopocalypse thread):
Needs more animated gifs
Since it's for a Wiki…
-
@dkf Dat page turn.
-
@Zecc said in How can this be so wrong??? (AKA the Discopocalypse thread):
Dat page turn.
I know. When I saw it, I knew it belonged…
-
@Onyx
This ^
Just because Discourse has the where of IP banning in a weird spot, or because their rollup method is a little too aggressive, doesn't mean that IP banning bad actors is a bad method. (Just like using the topic infrastructure for
PMs isn't a bad idea, just because they didn't implement actual privacy in a private message). If you can use iptables to black hole traffic as it enters your device (router, server, what have you) and not spend time decoding the headers (which is an actual decode in this case, since we're enforcing HTTPS) to figure out that this user agent is not welcome here, then you're saving a noticeable amount of processing power on the server.Now, I'll throw out a caveat here that I have no idea whether or not Docker containers give you enough control to actually run iptables/fail2ban. But there's a reason fail2ban is basically a pre-requirement for an Asterisk server, and should be useful to a web forum as well...
-
@dkf
That's a nice pipe you have there ...
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
Now, I'll throw out a caveat here that I have no idea whether or not Docker containers give you enough control to actually run iptables/fail2ban. But there's a reason fail2ban is basically a pre-requirement for an Asterisk server, and should be useful to a web forum as well...
I have no idea if this works, but…
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/lorne_kates
wat.
http://i.imgur.com/ELukwCJ.png
SOMENOE IZ CYBERSTALKING ME AGGRESSION!
-
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
@Tsaukpaetra said in How can this be so wrong??? (AKA the Discopocalypse thread):
@ben_lubar said in How can this be so wrong??? (AKA the Discopocalypse thread):
/users/aliceif
That was me, whoops.
Hey, if I had the chance to end-point Alicef, I wouldn't want to do it just once either.
-
@izzion said in How can this be so wrong??? (AKA the Discopocalypse thread):
Now, I'll throw out a caveat here that I have no idea whether or not Docker containers give you enough control to actually run iptables/fail2ban
nginx runs on the host, so we'd have to run those on the host as well. In fact, Docker interacts with iptables already - containers in a virtual network can't access containers in another virtual network.
-