Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

Chemistry is applied theology. -- Augustus Stanley Owsley III


rocksolid / Security / Zones

SubjectAuthor
* long live return code 444Anonymous
+- long live return code 444Retro Guy
+* ZonesAnonymous
|`- ZonesRetro Guy
+* nginx is greatAnonymous
|`- nginx is greatAnonUser
`- long live return code 444anon

1
long live return code 444

<opsec.703.16vmh7@anon.com>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=129&group=rocksolid.shared.security#129

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: long live return code 444
Date: Sun, 26 Jul 2020 15:58:22 -0700
Organization: def5
Message-ID: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="25743"; mail-complaints-to="usenet@def5.org"
 by: Anonymous - Sun, 26 Jul 2020 22:58 UTC

https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

Block certain kinds of ddos at application level simply by dropping the connection with your reverse http proxy. works like a charm, simpler and more effective than lowlevel blocking attempts (like with iptables).

You can base the criteria which connection to drop on all kind of shit like user-agent, url, request method or any other var you can access. Also you can use combinations of them to fingerprint annoying bots.

And nginxs non standard return code 444 simply drops the connection without giving any answer, thus not wasting any more server resoources like cpu time or open sockets or giving more information to potential attackers.

Fucking awesome ! nginx just rocks.

--
Posted on def2

Re: long live return code 444

<4fbc28ca82cf5d7628dd03beef312c86$1@www.novabbs.com>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=130&group=rocksolid.shared.security#130

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: retro.guy@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Subject: Re: long live return code 444
Date: Mon, 27 Jul 2020 08:20:14 +0000
Organization: Rocksolid Light
Message-ID: <4fbc28ca82cf5d7628dd03beef312c86$1@www.novabbs.com>
References: <opsec.703.16vmh7@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="12045"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.com
X-Rslight-Site: $2y$10$eQnkal1MD7UFw5SBd.oqKubsrx4VoCH4oWpcdfQRECrUJ8hb7qWcW
 by: Retro Guy - Mon, 27 Jul 2020 08:20 UTC

Anonymous wrote:

> https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#return

> Block certain kinds of ddos at application level simply by dropping the connection with your reverse http proxy. works like a charm, simpler and more effective than lowlevel blocking attempts (like with iptables).

I use zones to limit requests and a few other ways of blocking. It works great. I wasn't familiar with the code you mention here, I need to check it out.

> Fucking awesome ! nginx just rocks.

Been really impressed with nginx so far!

Retro Guy

--
Posted on: Rocksolid Light
www.novabbs.com

Zones

<opsec.705.1js4ni@anon.com>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=131&group=rocksolid.shared.security#131

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: Zones
Date: Mon, 27 Jul 2020 11:25:11 -0700
Organization: def5
Message-ID: <opsec.705.1js4ni@anon.com>
References: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="28547"; mail-complaints-to="usenet@def5.org"
 by: Anonymous - Mon, 27 Jul 2020 18:25 UTC

>I use zones to limit requests

I looked at zones as well, but if you cannot use the ip (because it is a service on tor), than your are kind of stuck in some situations.
In my case I used a combination of the URL and the posting method to get rid of some annoying script kids.

--
Posted on def2

nginx is great

<opsec.711.2dzng2@anon.com>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=137&group=rocksolid.shared.security#137

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!.POSTED.bogusentry!not-for-mail
From: poster@anon.com (Anonymous)
Newsgroups: rocksolid.shared.security
Subject: nginx is great
Date: Sat, 01 Aug 2020 15:13:19 -0700
Organization: def5
Message-ID: <opsec.711.2dzng2@anon.com>
References: <opsec.703.16vmh7@anon.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: def5.org; posting-host="bogusentry:192.168.1.189";
logging-data="13208"; mail-complaints-to="usenet@def5.org"
 by: Anonymous - Sat, 1 Aug 2020 22:13 UTC

nginx is great for sure, and it also comes with some pitfalls (concerning the configuration). the nginx team was so fed up with those that they put together a page dedicated to what not to do. It's really great and it saved me some headaches already:
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php
Also good to read:
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
https://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html

--
Posted on def2

Re: nginx is great

<baa1f124146a0b8ca5f51f388e28258b$1@rslight.i2p>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=138&group=rocksolid.shared.security#138

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!.POSTED.localhost!not-for-mail
From: AnonUser@rslight.i2p (AnonUser)
Newsgroups: rocksolid.shared.security
Subject: Re: nginx is great
Date: Wed, 5 Aug 2020 01:13:23 +0000
Organization: Rocksolid Light
Message-ID: <baa1f124146a0b8ca5f51f388e28258b$1@rslight.i2p>
References: <opsec.703.16vmh7@anon.com> <opsec.711.2dzng2@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: novabbs.org; posting-account="retrobbs1"; posting-host="localhost:127.0.0.1";
logging-data="1723"; mail-complaints-to="usenet@novabbs.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Rslight-Site: $2y$10$cWFddsd6Cj6RgMu6Pzi2Oecq9pN7/tF2wS9GFTCqv3.ks9VkGlE5O
 by: AnonUser - Wed, 5 Aug 2020 01:13 UTC

Anonymous wrote:

> nginx is great for sure, and it also comes with some pitfalls (concerning the configuration). the nginx team was so fed up with those that they put together a page dedicated to what not to do. It's really great and it saved me some headaches already:
> https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#passing-uncontrolled-requests-to-php

Interesting, and pretty nicely written. Standarize and simplify are good goals.

> Also good to read:
> https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
> https://agentzh.blogspot.com/2011/03/how-nginx-location-if-works.html

Haven't checked these out yet.

--
Posted on: Rocksolid Light
rslight.i2p

Re: Zones

<dae9ba9695017ce0efcbee5554f12fab$1@www.novabbs.com>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=139&group=rocksolid.shared.security#139

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!.POSTED!not-for-mail
From: retro.guy@rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.security
Subject: Re: Zones
Date: Wed, 5 Aug 2020 04:51:45 +0000
Organization: Rocksolid Light
Message-ID: <dae9ba9695017ce0efcbee5554f12fab$1@www.novabbs.com>
References: <opsec.703.16vmh7@anon.com> <opsec.705.1js4ni@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Info: i2pn2.org; posting-account="retrobbs1";
logging-data="30375"; mail-complaints-to="usenet@i2pn2.org"
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs-new-nyc1
X-Rslight-Site: $2y$10$UY4PVXjk7xYkQ1Q5TvsOP.m9pIa8VxQsxFV6s3n6x7OVfgdgC34jS
 by: Retro Guy - Wed, 5 Aug 2020 04:51 UTC

Anonymous wrote:

>>I use zones to limit requests

> I looked at zones as well, but if you cannot use the ip (because it is a service on tor), than your are kind of stuck in some situations.
> In my case I used a combination of the URL and the posting method to get rid of some annoying script kids.

It's nice to be able to throttle spiders, and it's not difficult if you have an ip address. Even i2p provides a specific ip for each identity, so it works. With tor, you can't really throttle without throttling everyone.

--
Posted on: novaBBS
www.novabbs.com

Re: long live return code 444

<95b9482bebb165b27724bb50470eadf4@def4>

 copy mid

https://rocksolidbbs.com/rocksolid/article-flat.php?id=140&group=rocksolid.shared.security#140

 copy link   Newsgroups: rocksolid.shared.security
Path: i2pn2.org!rocksolid2!def5!POSTED.localhost!not-for-mail
From: anon@anon.com (anon)
Newsgroups: rocksolid.shared.security
Message-ID: <95b9482bebb165b27724bb50470eadf4@def4>
Subject: Re: long live return code 444
Date: Wed, 05 Aug 2020 19:01:34+0000
Organization: def5
In-Reply-To: <opsec.703.16vmh7@anon.com>
References: <opsec.703.16vmh7@anon.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
 by: anon - Wed, 5 Aug 2020 19:01 UTC

>With tor, you can't really throttle without throttling everyone.

Yes, and with the method mentioned in the op you can actually kill the buggers connections instead of just throttling.

--
Posted on def4

1
server_pubkey.txt

rocksolid light 0.9.7
clearnet tor