After struggling all night with LLM crawlers, here's a little something I wrote:
A #Fail2Ban filter to block #LLMCrawlers before they start damaging infrastructure. It works by matching HTTP user-agents.
Hopefully this can be of use for other people as well.
my adventures in #selfhosting - day 89 
Oh #PeerTube, you are making me do mental somersaults as I strategize about the best way to self-host my videos.
This newbie wants to ask: how many VPS’s are too many for someone who has little coding experience and has been self-hosting for just 3 months?
Fedi friends, I’m thinking of signing up for a THIRD VPS 
Why?
My current setup:
5€/month Debian VPS with #YunoHost, where I’m self-hosting #GoToSocial (this account), #Friendica, #Pixelfed, #Fail2Ban and #LinkStack.
5€/month Ubuntu VPS where I am self-hosting my (upcoming) #Ghost blog (this will make me save a ton, compared to my current Ghost Pro plan).
Back to PeerTube: I could easily upgrade my #Debian VPS and install it there - the costs would be minimal and I would double my RAM and storage. But I am afraid of PeerTube’s consumption when it comes to bandwidth. As in: if I upload a video that for some reason becomes really popular, or if a bad actor decides to DDOS my channel, would that take down all my other self-hosted Fediverse instances? Since they are on the same VPS?
I could limit potential issues by having a dedicated VPS just for PeerTube.
What would you do?
And do you have recommendations for Europe-based VPS’s with affordable plans? (aside from Hostinger) I was thinking of #Hetzner…
#MySoCalledSudoLife #AskFedi
Good morning Fedi friends!
I was just checking my #Fail2Ban logs and I'm a little taken aback by all the failed login attempts.
Asking the more experienced amongst you if this is normal?
The screenshot is from my Ubuntu VPS (which has been active for less than a month):
total failed: 737;
total banned 142.
By comparison my other VPS (the one with YunoHost on Debian) has the following stats:
total failed: 530;
total banned: 106.
I would definitely beef up my security even more but I don't really understand the security guide on YunoHost. If you have tips for TRUE newbies, I'm all ears :)
"Look ma, I'm coding!" 
Happy to report my #Fail2Ban installation was successful and I've enabled one jail so far.
Now off I go prepare for my Stanford in Florence Zoom call. Will I mention my FOSS journey? You bet! 
#MySoCalledSudoLife
my adventures in #selfhosting - day 77
This morning I'm attempting a manual install of #Fail2Ban (that is, with commands, no YunoHost) on my #Ubuntu VPS.
I've been greatly enjoying Fail2Ban on my #Debian VPS and I'd like to extend the same protections to the VPS with my self-hosted #Ghost blog.
I hope nothing goes wrong because I have a video call with Stanford students at the study abroad program in Florence at 11am (for a women in cinema class, I'm invited every year)... so I don't wanna feel distracted by tech issues, ha!
#MySoCalledSudoLife
Protegido mi servidor con #ufw #fail2ban contra ataques al puerto ssh ... comprobado y funciona.
Estoy usando las vpn de proton que me facilitan el ir cambiando de ip para probar.
He instalado en el VPS el proxy inverso #pangolin https://docs.fossorial.io/overview que aunque está en un estado muy inicial funciona bien y los desarrolladores hace un muy buen trabajo el producto final va a ser muy muy bueno 
Seguiré probando y cacharreando hasta que este bien seguro de los riesgos y ventajas. Como siempre no tengo prisa y aprender es lo que me gusta.
#derechoareparar #linux #selfhosting
my adventures in #selfhosting - day 48
Yesterday when I got back from #FOSDEM I found an email in my inbox that gave me a mini-heart attack: a message from my VPS hosting company saying my service had been suspended for running over costs / my card being declined.
The email looked absolutely legit, formatting and branding-wise. But I'm not a fool! I didn't click on any links, just closed it and logged onto my VPS account from another device. I checked billings and resource usage and everything was normal. Ouf. So it was a targeted phishing attack (someone who went through the trouble of looking up my hosting company and finding my contact email address, right when I was traveling and publicly posting from FOSDEM).
Nice try scammer! But you didn't fool me.
Thing is, realistically speaking I could have consumed too many resources. I'm at 75% RAM usage now. As soon as I stop paying for a Ghost(Pro) plan next month, I will upgrade my VPS. And please prevent me from adding another Fediverse app, I'm SOOO tempted to self-host #Friendica too, after re-falling in love with it during a demo at #SocialWebFosdem.
Anyway, today I hit a milestone of sorts: my first experience updating #YunoHost AND 3 different apps (#Fail2Ban #Pixelfed and #GhostIO). Everything went smoothly and my system diagnostics dashboard is all green – just as I like it.
This self-hosting journey is really empowering and the best antidote to my frustration/rage towards Big Tech oligarchs. You can't control my Fedi homes!
Primera entrega de mis "Apuntes de instalación de un VPS". Yo estoy usando un VPS en Contabo, Pero la mayor parte del documento vale para cualquier proveedor. Y si queréis hacer la prueba con cualquier VPS que os deje instalar Debian 12 debería valer.
@arne I can recommend #Canonical's documentation re: #UbuntuLTS...
Maybe just do #Pubkey-based #SSH auth and/or #Fail2Ban for anyone failing 3 logins or not being inside the "Managment LAN"...
Ach nee? Eine Instanz im Fediverse hat anscheinend noch ein anderes "Hobby". Und zwar ist libera . site bei mir im #fail2ban log aufgetaucht, nachdem sie allerlei Versuche unternommen hat, Sicherheitslücken abzuklopfen. Sollten #fediadmin drauf aufpassen, blocken und per iptables sperren!
My search skill is nowhere today. Does anyone have a good means of sharing blocklists for #firewalld or sending #fail2ban events to multiple servers?
OK, so what can we do about all these SSH brute force attacks?
We have a plan - actually, not just a plan, we run this in production on one of the @cloudlab clusters.
Let's start with this observation: if attackers are using a broad set of usernames, then we can use these username sets as a sort of signature. About half of attacking IP addresses only try one username, but that also means that about half are trying more than one - in fact some individual IP addresses tried more than 10,000 usernames!
What we do is this: we find *sets* of usernames that are used by *more than one* attacking IP address (actually it's a bit more complicated that this, details in the paper). This gives us "dictionaries" of usernames that are *only* used by attackers, and not any of our real users. We collect these dictionaries from the logfiles of a bunch of SSH servers, and combine them to form a Username Block List (UBL).
Now, all we have to do is: as soon as we see an IP address try a username from this UBL, we block it. That simple. We call this Dictionary Based Blocking (DBB).
How well does this work? We used logs from our clusters containing a total of 213 million login attempts, and it blocked *99.5%* of all attempts, generating a false positives (accidentally locking out a real user) at a rate of just one about every five days.
But what about #fail2ban, you might ask? That's another method people use to block attacks against SSH (and other services) by locking out addresses that fail to log in more than X times in Y minutes. Well, with it's default settings, it only blocks about 66% of attacks, and it generates more than 5x as many false positives (graph attached). As it turns out, there is *no* way to tune fail2ban to get DBB's accuracy without a false positive rate that's orders of magnitude higher.
I said we run this in production - how well does that work? We run it on one of of CloudLab clusters that already had a firewall - subscribing to popular blocklists and running something very much like fail2ban. It's catching four-fifths of the attacks that were not already getting caught by these measures, and so far it hasn't caused a single false positive.
How To Prevent SSH Brute Force Attacks Using Fail2ban In Linux #python #macos #linuxsecurity #monitoring #bsd #ids #intrusiondetectionsoftware #fail2ban #intrusionpreventionsoftware #banhosts #ips #loganalyzer #security #opensource #linux #linuxadministration
https://ostechnix.com/prevent-ssh-brute-force-attacks-fail2ban-linux/
Oops, banned my own IP address in #Cloudflare (#fail2ban working too well). Took a lot of monkey business to figure out how to unban myself, ha ha ha. #SysAdmin #fail
If you self-host, make sure u have #Fail2Ban setup. It's a life saver. 
Likes far-left memes, constructed languages, rose & blue flags, IT trends, digital alternatives.
