@bender@twtxt.net Thanks! I’ll try to repro and fix shortly 👌
test
Fucking hell. This was me trying to figure out why I was getting a 403 Forbidden
from my own Edge proxy and waf 🤦♂️ See This Issue for details 🤣
Solution:
Add this to the WAF:
SecRuleRemoveById 932370
text: @kat@yarn.girlonthemoon.xyz Btw, as a new pod operator, please do let me know how I can improve yarnd
at all 🙏
test
Test
what da hell?!
@kat@yarn.girlonthemoon.xyz 🤣 We should swap notes, I’m pretty big into self-hosting all the things™ 😅
@kat@yarn.girlonthemoon.xyz Thanks! 🙏
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
@kat@yarn.girlonthemoon.xyz I know right 🤣🤣
@kat@yarn.girlonthemoon.xyz LOL 😂 Not that it’s a competition or anything… But here you go 🤣
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
Did we just discover a way to grow the Yarn.social network? 🤣
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
All our servers come with an initial 2tb for free.
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
Their response:
The bandwidth for our free instances is 2 TB of free bandwidth.
Mike Wolfman
ww.vultr.com
enior Linux Systems Administrator
😱
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
@bender@twtxt.net Is right. Apparently it’s 0 bandwidth. I’m asking them some clarifying questions:
Hi Team,
Just noticed that you offer FREE (as in $0) VM(s) on the vc2-1c-0.5gb-free
plan. however I also note that this has 0 Bandwidth.I’m a bit confused by this. What would be the point of having a free VM if it has no Bandwidth? How is network bandwidth charged in this case?
cheers
james
yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That's right $0.00 🤣 Media
@aelaraji@aelaraji.com Yes it would be honestly, for low traffic volumes for sure!
@terron@duque-terron.cat Oh! For a minute there I thought this was our cat 🐱 Haha 😆
@lyse@lyse.isobeef.org Or… You got interrupted and forgot about the shape of the codebase you were going for 🤣
@kat@yarn.girlonthemoon.xyz Morning! 👋 I’m quite ill today, taking today/tomorrow off work. Not sure what I’ve come down with 😢 😷
@kat@yarn.girlonthemoon.xyz HTMX is very nice to use 🤣
Look forward to it 😅
@bender@twtxt.net It’s true! This is only a good thing @kat@yarn.girlonthemoon.xyz 🤣 You keep going like this with your own little community of friends, and my twtxt.net
(flagship pod) will no longer be 🤣 I’ve always want to see Yarn.social grow, but grow in ways that keep to its truest sense of “decentralised”. That’s one of the reasons I built yarnd
not to scale too much 🤣 My own pod has around ~18-20 active users per month (give or take) and that’s honestly enough 😅
@kat@yarn.girlonthemoon.xyz Oh you self-host Plex too! 🤔 Nice! 👍
I don’t want it to be 2026 🤣
@bmallred@staystrong.run You can probably recover missing twts from our caches if you need to…
Hey this could be good news for self-hosters and folks that want to run their own yarnd
? 🤔 Vultr is offering 1 vCPU, 500MB Memory and 10GB Storage for FREE! That’s right $0.00 🤣
@aelaraji@aelaraji.com Man I’m sorry to hear this. 😢 Whatever it is you’re going through, things will get better I promise you 🤗
@aelaraji@aelaraji.com Same, I hope things get much better for you bud 🤗
No more stupid little DDoS(s) from fucking China now 🤣
Note for reference I was trying to write and fix this rule (fixed version below):
# Ignore Content-Type restrictions for Git
SecRule REQUEST_HEADERS:Host "@streq git.mills.io" "id:101,phase:1,t:none,nolog,ctl:ruleRemoveById=920420"
Notably the custom operator @lookupASN
I’ll try to add a README for caddy-waf soon™ (going back to bed now) at least document the customizations I’ve made to this WAF (which I forked from caddy-coraza)
This is how I build my caddy:
proxy-1:~# cat build.caddy.sh
#!/bin/sh
xcaddy build \
--with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/cache-handler \
--with git.mills.io/prologic/caddy-ratelimit \
--with git.mills.io/prologic/caddy-waf
proxy-1:~#
Ahh fuck! Sorry I was fixing a rule 🤣 This is much better!
proxy-1:~# grep -c 'Bad ASN' /var/log/caddy/caddy.log
2441
@bender@twtxt.net Yes they are rather large 🤣 Here you go:
proxy-1:~# cat /etc/caddy/waf/bad_asns.txt
# CHINANET-BACKBONE No.31,Jin-rong Street, CN
# Why: DDoS
4134
# CHINA169-BACKBONE CHINA UNICOM China169 Backbone, CN
# Why: DDoS
4837
# CHINAMOBILE-CN China Mobile Communications Group Co., Ltd., CN
# Why: DDoS
9808
# FACEBOOK, US
# Why: Bad Bots
32934
proxy-1:~#
An autonomous system (AS) is a collection of connected Internet Protocol (IP) routing prefixes under the control of one or more network operators on behalf of a single administrative entity or domain, that presents a common and clearly defined routing policy to the Internet.[1] Each AS is assigned an autonomous system number (ASN), for use in Border Gateway Protocol (BGP) routing. Autonomous System Numbers are assigned to Local Internet Registries (LIRs) and end-user organizations by their respective Regional Internet Registries (RIRs), which in turn receive blocks of ASNs for reassignment from the Internet Assigned Numbers Authority (IANA). The IANA also maintains a registry of ASNs which are reserved for private use (and should therefore not be announced to the global Internet).
Cool! 😎 So I can now block ASN(s) 🤣 (And I bet no-one noticed anything)
@kat@yarn.girlonthemoon.xyz I love blue 🤣
@aelaraji@aelaraji.com Still in my cache 🤣
@aelaraji@aelaraji.com Bahahaha, you know where the default theme lives 🤣 PRs welcome!
It’s nice to see that some Crawlers actaully respect rate limits and respect a 429 Too many requests
response 👌 Thank you Google! 🙌
@bender@twtxt.net So you mean, get failtb2n to look at my Caddy audit logs for violations and then just block at the firewall level for repeated violations? 🤔
@kat@yarn.girlonthemoon.xyz token will still be valid 👌
@kat@yarn.girlonthemoon.xyz Yeah that’s what the admin function does. Normal user password reset is different but requires working email 🤣
@kat@yarn.girlonthemoon.xyz Speaking of KVM, Tiny Pilot and Jet KVM look really good!
@kat@yarn.girlonthemoon.xyz It’ll be whatever the actual server’s time zone is.
@kat@yarn.girlonthemoon.xyz Temporally change the admin account on your pod to another account. Then login with that and reset the password on your main account.
What didn’t work? Hmmm 🤔
Hmm? 🤔