Notices by Phantasm (phnt@fluffytail.org), page 3
-
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 18:32:11 JST 
Phantasm
@lucy @Njord @eniko
>no shit but like what genuinely good (affordable) laptop brands are even around these days?
None for the consumer market. At least when buying new.
If you want a mostly affordable laptop that won't probably develop a keyboard/stability issue in two years, decommissioned business laptops that have been refurbished are the way. Business laptops are at least mostly repairable unlike consumer trash. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 08:35:11 JST
Phantasm
@thendrix No grenades and leather boots? Disappointing. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 07:18:26 JST
Phantasm
@mischievoustomato @p @nyanide @ins0mniak This aren't for Fedi scrapers. These are IPs that kept hammering my Gitea instance until it almost died. One day I literally woke up with 20 alerts in my inbox because of these retards. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 07:16:07 JST
Phantasm
@nyanide @ins0mniak @p Here are the ipsets that currently deal with most of the traffic. Claude, Amazon and FB are blocked based on UA in nginx.
huaweicloud-git-scraping.txt
alibabacloud-git-scraping.txt -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 06:12:44 JST
Phantasm
@meso A sed command that your brains apparently runs whenever it encounters the word "nuke". -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 06:11:54 JST
Phantasm
@mischievoustomato The brainworms are telling you that 🪱 -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 06:00:56 JST
Phantasm
meso got infected by s/u/v and now tomato got infected with the Vance virus. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 05:35:18 JST
Phantasm
@snacks @lucy I have the luxury of an OS that packages almost nothing, so nothing can break from new versions. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 05:02:23 JST
Phantasm
@lucy snacks broke the ancient rule of never upgrade -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 04:32:35 JST
Phantasm
@catboymoder None of these words are in the bible. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 04:10:52 JST
Phantasm
@sun @feld Makes sense, I've been hit by a lot of scraping in the last month to the point that I nullroute a lot of /16s and some /8s just to cope with the load. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 04:04:00 JST
Phantasm
@sun @feld Unironically just drop AWS into the nullroute bucket if you don't need it. Same with Alibaba LLC and Huawei Cloud. Nothing of value is hosted there (at least for a Fedi server) and it's most of the traffic.
Also is it your Git instance or SPW? -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 01:57:39 JST
Phantasm
@ins0mniak @p Yeah, same with the random Mirai droppers you sometimes see. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 01:14:36 JST
Phantasm
@nyanide @p @ins0mniak I'll send them when I'm done with other stuff (couple hours).
When in doubt bgp.he.net is your friend. Throw one of the annoying IPs into search->click on AS number->Prefixes vX and enjoy all the nullroutable prefixes. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Wednesday, 05-Mar-2025 01:11:10 JST
Phantasm
Are they one of the ones that tries the "/ai.txt" or something or do they just fucking scrape?
Nope, they ask for robots.txt and then immediately ignore it.
18.119.253.53 - - [23/Feb/2025:02:08:20 +0000] "GET /robots.txt HTTP/2.0" 200 1833 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"I ended up just killing off their IPs, but because I also had to wipe the logs (media.fse ran out of space on /var) I can't check if they did.
With Claude it's at least easy. Return 403 to the UA and you are done. Which btw still does not stop their attempts at scraping. They will continue to hit webserver even when they obviously aren't let through. From there a log monitor will do the job.
With the Chink scrapers, it's a bit harder than automated log monitoring. They are clever in a way, where they will not send you more than approx. 3 requests from one IP, meaning that the typical monitoring tools like fail2ban or something custom won't work as all of the ones I know of don't do subnet/ASN detection, or it will be very trigger-happy.
Thankfully they are retarded in other ways which make them stick out like a sore thumb in the logs. Currently I just look at the logs every few days unless they trigger alerts and throw the whole announced prefix into the trash. So far that has worked out great.
-
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 23:51:25 JST
Phantasm
@p @ins0mniak
>I was not going to open up port 445 and they were sending so many connection attempts that the majority of the bandwidth was those fuckers.
I had an angry moment over Chinese scrapers two weeks ago after I promptly nullrouted half of Huawei Cloud 2 weeks before that. They thought it would be great to switch to Alibaba US and hammer my Gitea instance with requests for every file in most repos and asking for every revision of those files. And in typical Chink when they didn't receive a response in time (obvious when you are sending ~15r/s to a small server), they just closed the connection and tried again in 30 minutes while still scraping other files.
And they have the audacity to use normal browser UAs from a randomized selection of a few making them very hard to block in an easy. Claude on the other hand completely ignores the meta tag and robots.txt, but at least they have "ClaudeBot" in the UA making them trivially blockable in nginx. That said, Claude is also retarded in a different way. They send requests for issues with numbers in the thousands and never stop when literally all of them return a 404. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 22:38:35 JST
Phantasm
@Erpel @lucy I know. It's not even funny anymore.
Seniors in dev are worried that new graduates will take their job with AI, but the reality is that even "developers" with a degree barely know how to operate a computer. In-house helpdesk and hardware administration will probably be a goldmine in a decade. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 22:31:03 JST
Phantasm
@Erpel @lucy
>error message opens up
>impulsively clicks "OK"
>why isn't it working -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 19:06:02 JST
Phantasm
@meso Curiosity. Everything I know about computers and related subjects is self taught. The math behind it usually isn't that advanced as computers also can't calculate advanced math quickly enough. And most of it can be understood in an abstract way where you take the properties of the used math at face value while still understanding how the whole algorithm works. The very advanced part usually is the proof of why it works. -
Embed this notice
Phantasm (phnt@fluffytail.org)'s status on Tuesday, 04-Mar-2025 18:37:22 JST
Phantasm
@cowanon
>leaves dog alone
Subhuman behavior.
All GNU social JP content and data are available under the