Patrick Figel 🐣 @pfigel@mastodon.at
Admin
mastodon.at admin | Software Development | DevOps | InfoSec | @patfigel on Twitter | keybase.io/pfg | GPG: 286BE9D35F9FE18A | DM for Signal | Vienna, Austria
Joined Apr 2017
Patrick Figel 🐣
boosted
Wir haben in den letzten Tagen sehr viel Unterstützung erfahren und möchten uns herzlich bei jedem einzelnen bedanken. Egal, ob er uns spendet, unsere Inhalte teilt oder FreundInnen von uns erzählt: Nur gemeinsam können wir in Richtung positiver Zukunft gehen <3
Why is /etc group writable on a clean Scaleway Ubuntu server based on their image is all I want to know right now.
You know what would be great? If fog-openstack doesn't change what kind of configuration it expects for, like, one release.
On the bright side, I guess we now have 20G of free disk space for future database growth.
I suppose this is the point where it's finally paid off to have a Content-Security-Policy in place. Mastodon should really ship one by default 😐
Patrick Figel 🐣
boosted
Hi Fediverse! We've finally arrived here, too. ;) ^k
elasticsearch in single-node deployments is always good for a surprise is all I'm saying
Me whenever I see tech people trying to interpret GDPR somewhere online:
Here's a version of the block list you can dump in your nginx to get rid of the bots:
https://gist.github.com/patf/1ae99fdd15718483fc15b1e8c8f25fe2#file-naughty_list_nginx-conf
The advantage of using nginx here instead of your firewall/iptables is that you'll have an easier time checking for false-positives in logs (in case I fucked up); the bots follow a predictable pattern (GET / then GET /auth/sign_up) while real traffic would stand out.
cc @Gargron
Here's a slightly revised CIDR list that seems to cover all the IPs used by the spammers so far:
https://gist.github.com/patf/1ae99fdd15718483fc15b1e8c8f25fe2
(some CIDRs are redundant because they're from different sources)
Hopefully that'll do for now.
Definitely looks like a spam campaign. So far all accounts signed up from the same ISP. Here's a script you can paste in your rails console to find all users from IP ranges belonging to that ISP (assuming I didn't miss any):
To get to the rails console, run this in /home/mastodon/live as the mastodon user:
RAILS_ENV=production bundle exec rails c
You might also want to temporarily ban those IP ranges if the sign-ups don't stop. I did.
Anyone else seeing spammy-looking signups from QUALITYNETWORK IP ranges? #mastoadmin
Not deploying a simple HTTP header, something that literally every website security scan out there would flag, is apparently not a sign of crappy security practices, folks.
It's quite telling that infosec people are mostly talking about DNSSEC and what not instead of being like "Wait, you're telling me a cryptocurrency wallet handling millions every day did not deploy HSTS?"
No one's even surprised anymore.
Oh for fuck's sake, OpenSSL. Just when I was starting to think they'd finally gotten their shit together
TFW you're looking for XSS and accidentally find RCE
Admin
mastodon.at admin | Software Development | DevOps | InfoSec | @patfigel on Twitter | keybase.io/pfg | GPG: 286BE9D35F9FE18A | DM for Signal | Vienna, Austria
Joined Apr 2017
