💾 Archived View for lists.flounder.online › gemini › threads › 87tuh30y49.fsf@alexschroeder.ch.gmi captured on 2022-04-28 at 19:20:46. Gemini links have been rewritten to link to archived content

View Raw

More Information

-=-=-=-=-=-=-

Dealing with bots

Dealing with bots

From: alex@alexschroeder.ch

Date: Wed, 27 Oct 2021 08:40:06 +0200

Message-Id: 87tuh30y49.fsf@alexschroeder.ch

To: <gemini@lists.orbitalfox.eu>

Reply

Export

--------------------------------------

I kept working on this page on how to deal with bots, and I'd be happy

to add more ideas, or refine the existing sections. If anybody is

interested in how to get fail2ban to work with their server, I'd be

happy to add pages explaining how to do this if you provide me with a

log file snippet, for example.

//transjovian.org:1965/gemini/page/Dealing%20with%20bots

Feel free to copy and use elsewhere.

Feel free to mail me directly with comments.

Re: Dealing with bots

From: cyber@sysrq.in

Date: Wed, 27 Oct 2021 12:14:51 +0500

Message-Id: YXj8a8jeaGrDt/qJ@sysrq.in

To: <gemini@lists.orbitalfox.eu>

In-Reply-To: 87tuh30y49.fsf@alexschroeder.ch

Reply

Export

--------------------------------------

On 2021-10-27 08:40, Alex Schroeder wrote:

I kept working on this page on how to deal with bots, and I'd be happy
to add more ideas, or refine the existing sections. If anybody is
interested in how to get fail2ban to work with their server, I'd be
happy to add pages explaining how to do this if you provide me with a
log file snippet, for example.
=> //transjovian.org:1965/gemini/page/Dealing%20with%20bots
Feel free to copy and use elsewhere.
Feel free to mail me directly with comments.

Good job!

### Banning IP numbers is problematic
It’s true. Perhaps there’s a shared server at that IP number. One of
the users on that server writes a misbehaving bot and all are
punished. If you are concerned about that, your server needs to move
the dynamic content behind a client certificate requirement. There is
no other way to identify particular users using Gemini.

I'm concerned about that, so I have Tor exit nodes explicitly ignored

from blocking. That's what I have in my jail.d files (except for sshd):

ignorecommand = /bin/grep <ip> /etc/tor/torbulkexitlist

/etc/tor/torbulkexitlist is updated daily by a cronjob from

https://check.torproject.org/torbulkexitlist

Re: Dealing with bots

From: alex@alexschroeder.ch

Date: Wed, 27 Oct 2021 13:06:07 +0200

Message-Id: 87r1c620dc.fsf@alexschroeder.ch

To: "Anna “CyberTailor”" <cyber@sysrq.in>

In-Reply-To: YXj8a8jeaGrDt/qJ@sysrq.in

Cc: <gemini@lists.orbitalfox.eu>

Reply

Export

--------------------------------------

Anna “CyberTailor” <cyber@sysrq.in> writes:

I'm concerned about that, so I have Tor exit nodes explicitly ignored
from blocking.

I added a link to gemini://transjovian.org/gemini/page/fail2ban and

there I described your setup. Thanks again!

--

Fingerprint: DF94 46EB 7B78 4638 7CCC 018B C78C A29B ACEC FEAE

Re: Dealing with bots

From: cyber@sysrq.in

Date: Thu, 28 Oct 2021 04:51:18 +0500

Message-Id: YXnl9qnnQKmNr8Fv@sysrq.in

To: <gemini@lists.orbitalfox.eu>

In-Reply-To: 87tuh30y49.fsf@alexschroeder.ch

Reply

Export

--------------------------------------

I've stumbled upon a clever way to stop bots from accessing dynamic

content and infinite loops: a simple captcha!

> gemini://topotun.hldns.ru/cgi-bin/lock.cgi

< 10 Protection against bots. What is 2+2?

(translated ru-en)

It's so obvious but I've never thought about it lol.

This article has /brilliant/ captcha ideas by the way:

https://nearcyan.com/you-probably-dont-need-recaptcha/

My all-time favorites are:

https://wiki.gentoo.org/wiki/Special:CreateAccount

though, however unicode has enough math symbols)

https://math.stackexchange.com/questions/2266227/solving-math-captcha-involving-a-limit-and-sin1-x/2266239

https://lurkmore.to/Матановая_капча

Re: Dealing with bots

From: u9000@posteo.mx

Date: Thu, 28 Oct 2021 11:18:11 +0000

Message-Id: 27f990d6f3de1ff4809f95f6d114f7c91fc92918.camel@posteo.mx

To: "Anna “CyberTailor”" <cyber@sysrq.in>, <gemini@lists.orbitalfox.eu>

In-Reply-To: YXnl9qnnQKmNr8Fv@sysrq.in

Reply

Export

--------------------------------------

On Thu, 2021-10-28 at 04:51 +0500, Anna “CyberTailor” wrote:

I've stumbled upon a clever way to stop bots from accessing dynamic
content and infinite loops: a simple captcha!
> gemini://topotun.hldns.ru/cgi-bin/lock.cgi
< 10 Protection against bots. What is 2+2?
(translated ru-en)

So the bots will index gemini://capsule.example/locked-content?4

I think the better way to handle bots stuck in an infinite loop is to

ban them _temporarily_, or ban them just from the recursive links.

--

DJ Chase

They, Them, Theirs