Yeah, same old story. I keep forgetting that linking to my sites that aren’t behind the Apache filter that blocks all the Fediverse user agents is basically a distributed denial of service attack because my server is so small and I’m not serving static pages – and I hate the fact that I have to be thinking about blocking, caching and hundreds of connections all at the same time only to defend against Mastodon.
These are services for the Smolnet, not for all the people that keep thinking about scaling all the time.
Here’s what Monit tells me a few minutes after I linked to The Transjovian Council:
[CEST Aug 16 19:25:21] error : 'gemini-wiki' total mem amount of 185.8 MB matches resource limit [total mem amount>100 MB] [CEST Aug 16 19:30:26] error : 'gemini-wiki' total mem amount of 185.8 MB matches resource limit [total mem amount>100 MB] [CEST Aug 16 19:35:36] error : 'gemini-wiki' total mem amount of 185.8 MB matches resource limit [total mem amount>100 MB] [CEST Aug 16 19:40:47] error : 'gemini-wiki' total mem amount of 125.5 MB matches resource limit [total mem amount>100 MB] [CEST Aug 16 19:45:52] error : 'gemini-wiki' total mem amount of 125.5 MB matches resource limit [total mem amount>100 MB] [CEST Aug 16 19:45:52] info : 'gemini-wiki' trying to restart [CEST Aug 16 19:45:52] info : 'gemini-wiki' stop: '/bin/bash -c kill -s SIGKILL `cat /home/alex/farm/gemini-wiki.pid`; sleep 10' [CEST Aug 16 19:46:02] info : 'gemini-wiki' start: '/usr/bin/perl -I/home/alex/gemini-wiki/lib /home/alex/farm/gemini-wiki --setsid --user=alex --group=alex --log_level=3 --log_file=/home/alex/farm/gemini-wiki.log --pid_file=/home/alex/farm/gemini-wiki.pid --wiki_dir=/home/alex/gemini-wiki --host=transj...' [CEST Aug 16 19:51:09] error : 'gemini-wiki' process is not running [CEST Aug 16 19:51:09] info : 'gemini-wiki' trying to restart [CEST Aug 16 19:51:09] info : 'gemini-wiki' start: '/usr/bin/perl -I/home/alex/gemini-wiki/lib /home/alex/farm/gemini-wiki --setsid --user=alex --group=alex --log_level=3 --log_file=/home/alex/farm/gemini-wiki.log --pid_file=/home/alex/farm/gemini-wiki.pid --wiki_dir=/home/alex/gemini-wiki --host=transj...' [CEST Aug 16 19:56:15] error : 'gemini-wiki' process is not running [CEST Aug 16 19:56:15] info : 'gemini-wiki' trying to restart [CEST Aug 16 19:56:15] info : 'gemini-wiki' start: '/usr/bin/perl -I/home/alex/gemini-wiki/lib /home/alex/farm/gemini-wiki --setsid --user=alex --group=alex --log_level=3 --log_file=/home/alex/farm/gemini-wiki.log --pid_file=/home/alex/farm/gemini-wiki.pid --wiki_dir=/home/alex/gemini-wiki --host=transj...' [CEST Aug 16 20:01:21] error : 'gemini-wiki' service restarted 3 times within 3 cycles(s) - stop
Why is this? Because all the Fediverse instances connect to the linked site in order to try and generate a preview! The original server federates the toot with the URL, but not the preview it generated and therefore ever other fediverse server attempts to generate that preview.
Mastodon can be used as a DDOS tool #4486
The way I solved this for all the sites behind Apache is using a user agent block:
RewriteEngine on
RewriteCond "%{HTTP_USER_AGENT}" "Mastodon|Friendica|Pleroma" [nocase]
RewriteRule ^(.*)$ - [forbidden,last]
Yeah, it’s not a lot of requests. A few hundred, maybe? But as you can see the memory shoots up and I don’t want to have RAM to spare, nor caches. I really need to look into better shutdown and then restarting super slowly. Also making sure the old process doesn’t hang around, blocking the port, and so on. Gah!
#Gemini #Mastodon
(Please contact me if you want to remove your comment.)
⁂
Slightly more elegant than returning 403 would be to redirect to a static page with just the Facebook/Twitter card metadata that Mastodon uses. Don’t know if you have the resources for that, though.
– elpher7HI6ms 2020-08-17 00:43 UTC
---
Interesting idea!
– Alex 2020-08-17 09:06 UTC