GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 21:44:16 JST Kris Nóva Kris Nóva

    We are currently investigating DDoS attacks which involve #Hachyderm. I will continue to post in the thread below.

    In conversation Monday, 05-Dec-2022 21:44:16 JST from hachyderm.io permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:49 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥
      • Tani Aura

      @ian @Taniwha

      Our notes from incident response.

      https://hackmd.io/rD9nsTz1QeuPT-erxqjY-A?view

      In conversation Monday, 05-Dec-2022 22:08:49 JST permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:50 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥
      • Tani Aura

      @ian @Taniwha

      We have scraped the JavaScript ActivityPub source code and have retained a copy of it.

      At this time we are not publishing the source code, however we have it on file if needed for historical purposes.

      REDACTED

      In conversation Monday, 05-Dec-2022 22:08:50 JST permalink

      Attachments


    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:51 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥
      • Tani Aura

      @ian @Taniwha

      Also suggested to block subdomains with dnsmasq.

      In conversation Monday, 05-Dec-2022 22:08:51 JST permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:52 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥
      • Tani Aura

      @ian @Taniwha

      Immediate suggested actions to block the following domains and close registrations.

      *.activitypub-troll.cf
      *.misskey-forkbomb.cf
      *.repl.co

      Mastodon domain blocks are confirmed to extend to subdomains. Please block the domain.

      https://github.com/mastodon/mastodon/issues/11558

      In conversation Monday, 05-Dec-2022 22:08:52 JST permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:53 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥
      • Tani Aura

      @ian @Taniwha We believe the attacker could point the DNS records they control to an arbitrary target. We are unsure how advanced they are and unsure if federated servers will be successfully in pulling data from the targets.

      In conversation Monday, 05-Dec-2022 22:08:53 JST permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:54 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥

      @ian

      We believe that they are creating spoofed activity and forcing ActivityPub servers to spam arbitrary targets. They are funneling the attacks through man-in-the-middle subdomains which they control DNS records for.

      In conversation Monday, 05-Dec-2022 22:08:54 JST permalink

      Attachments


      1. https://media.hachyderm.io/media_attachments/files/109/451/631/668/786/265/original/4e41e7701661d997.png
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:55 JST Kris Nóva Kris Nóva
      in reply to
      • Ian Coldwater 📦💥

      Original thread about the attacks (Thanks to @ian for sharing) is here:

      https://hachyderm.io/@dwarf@borg.social/109449246766819991

      Again - We currently suspect that the fediverse is being leveraged for a C&C style DDoS attack against arbitrary domains. We believe they are using wildcart certs to change DNS to point to their victims, and the fediverse is their new fleet of compute to do their dirty work.

      In conversation Monday, 05-Dec-2022 22:08:55 JST permalink
    • Embed this notice
      Kris Nóva (nova@hachyderm.io)'s status on Monday, 05-Dec-2022 22:08:56 JST Kris Nóva Kris Nóva
      in reply to

      Capturing a timestamped graph of what I believe is the beginning of the attack on our primary queue processing server.

      We believe the attack is leveraging federated ActivityPub workers as a way of attacking arbitrary domains.

      In conversation Monday, 05-Dec-2022 22:08:56 JST permalink

      Attachments


      1. https://media.hachyderm.io/media_attachments/files/109/451/621/281/906/393/original/b84812f5fa6f1823.png

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.