Conversation

Notices

1. Embed this notice
    (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 19:46:45 JST 
   Apologies for intermittent 500s, it will happen again.
   • Pleroma-tan likes this.
   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 19:48:33 JST 

     in reply to
     Oh shite.
     Screenshot_20240817_134315.png
     Pleroma-tan likes this.
     Pleroma-tan repeated this.
   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 19:48:34 JST 

     in reply to
     Results of the last rowocaust (deleting remote like/react activities since they're recorded elsewhere): 21% table row count decrease, about 10% total DB size decrease.
     Pleroma-tan repeated this.
   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 19:58:55 JST 

     in reply to
     I'd act surprised it hasn't frozen yet, but apprently the issue is completely man-made, that being chomos attempting to DoS instances.
     Screenshot_20240817_134526.png
     ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.
   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 20:14:12 JST 

     in reply to

     • Phantasm
     • chris9x
     @chris9x @phnt Those activities aren't even targeted towards my relay, it has cannibal.cafe's relay (which I think shouldn't exist anyway since ackoma disables them by default) in recepients. Still I find it hard to believe it's collateral damage, youjo shouldn't have a relay for the same reasons and even if it was, why the fuck would I subscribe to it. It appears shenaginans began at 08:20:52 UTC and stopped at 09:45:42, somewhere halfway through useragent switched from "I hope you are feeling better" to "curl/8.9.1".
     ips.txt
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     chris9x (chris9x@ryona.agency)'s status on Saturday, 17-Aug-2024 20:14:13 JST chris9x

     in reply to
     @mint reject relay follow activities from malicious servers?
     Pleroma-tan repeated this.
   • Embed this notice
      (mint@ryona.agency)'s status on Saturday, 17-Aug-2024 20:40:28 JST 

     in reply to

     • Phantasm
     • chris9x
     @phnt @chris9x Apparently youjo is still up and other nonces just put it to hosts to federate. I have the same theory, maybe whatever HTTP library he used follows redirects by default, and the pedo tried to play hot potato with me.
     ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Saturday, 17-Aug-2024 20:40:29 JST Phantasm

     in reply to

     • chris9x
     @mint @chris9x youjo.love doesn't even resolve to an IP for months and got banned from their registrar at least once at some point I think.
     http://demo.fedilist.com/instance/youjo.love
     
     Now what is the chance that this is done by the kid that tried to DoS pedo instances a month ago and Ryona somehow got to his list.
   • Embed this notice
     Phantasm (phnt@fluffytail.org)'s status on Sunday, 18-Aug-2024 09:22:32 JST Phantasm

     in reply to
     @mint
     
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
      (mint@ryona.agency)'s status on Sunday, 18-Aug-2024 09:23:15 JST 

     in reply to

     • Phantasm
     • chris9x
     • pistolero
     @chris9x @phnt @p It appears they've changed the tactic, instead just spamming follows. Judging by the fact it passed the pipeline to the point of going to transmogrifier (and getting MRF rejected), the signature is valid.
     Screenshot_20240817_143442.png
     Screenshot_20240817_143457.png
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
      (mint@ryona.agency)'s status on Sunday, 18-Aug-2024 09:23:16 JST 

     in reply to

     • Phantasm
     • chris9x
     @chris9x @phnt Oh, requests with curl useragent went to /relay/inbox/ (note the slash) and didn't have valid-looking signature in the header, which made all of them return 400. The other useragent was sending them to /relay/inbox, all with the same header with valid structure. Might've been the work of two, albeit from the same IP range.
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Sunday, 18-Aug-2024 09:23:26 JST тняэдт™

     in reply to
     @mint let's find some 10gb binary blobs and serve them up in return. i'm always prepared for a good mystery novel
     zero_in.gif
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Sunday, 18-Aug-2024 09:24:02 JST pistolero

     in reply to

     • Phantasm
     • chris9x
     • тняэдт™
     @phnt @chris9x @mint @threat No protections around outbound requests, so "fetch the key to verify the sig" and the race before the key is fetched (no locking) means your server makes N simultaneous outbound requests to get that file.
   • Embed this notice
      (mint@ryona.agency)'s status on Sunday, 18-Aug-2024 09:24:02 JST 

     in reply to

     • Phantasm
     • chris9x
     • pistolero
     • тняэдт™
     @p @phnt @chris9x @threat Also, latest Pleroma doesn't do any synchronous key fetching upon request, instead queuing them up in Oban, so there's not going to be any full pipe oversaturation.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     тняэдт™ (threat@ryona.agency)'s status on Sunday, 18-Aug-2024 09:24:03 JST тняэдт™

     in reply to

     • Phantasm
     • chris9x
     • pistolero
     @mint @chris9x @p @phnt if the matter is object size, isn't there a way in pleroma to reject >(x) object size? maybe i don't understand the context in this one.