#tarpit — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #tarpit, aggregated by home.social.
-
Ow no a bot is stuck in my tarpit:
proof/honeysweet/manifestation-peritenon/malefically/lobigerous/dovewood/jinniyeh/rife/phacochoerine/unintermissive/vallancy/sericin/" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.3; +https://openai[.]com/gptbot)",
Its scraping gerbage and wont stop.
-
Tarpits like Nephentes are cool, but can't I just bypass them by waiting for "network idle" before scraping and setting a reasonable timeout for that?
-
Since I setup a #tarpit (using #nepenthes) about 3 days ago, the server has been hit more than 1 million times by the likes of #OpenAI and #Meta. Apart from the usual parasitic crawlers.
This only proves, how unethical the whole industry is.
-
As an experiment, today I setup an instance of #Nepenthes in a #VPS.
It is a poisoning #tarpit intended for crawlers that scrape data for #LLMs. It will generate endless linked pages with randomly generated content.
Interestingly, just minutes after deployment, the #OpenAI crawler showed up. Since then, it has been happily eating all the crap thrown at it.
I know this is a tiny effort against one of the most toxic industries in history, but I love the feeling of fighting back even if it is almost symbolic.
-
@dnsprincess @Walker in any event you should always opt to build the monster app or apps that wring out not only many opsec oversights but also work together in gestalt catalyzing manner - good examples of this could be cve in a wiki or diy shodan plus maltego or a graph #tarpit #artillery by dave kennedy #osint #dfir #tags #arroyo cluster #firehose #version number
-
I was playing around with fail2ban and started thinking.
If I ban bots, is that actually a net negative to the health of the internet?
When you ban bots, they just go to the next server. Because your server does not have default or dumb passwords it was unlikely to be breached anyways, the bot was just wasting its resources.
When you ban it, it moves to the next one where it has a higher chance to succeed.
The two ideas I have to impose higher costs on bots is
- Tarpit
Tying up resources indefinitely seems more useful than just blocking it. Although compute is so cheap it probably doesn't matter nowadays. Maybe more effective back when bots were simpler.
- Report it to abuseipdb and similar
I'm not sure if the aipdb et al are actually annoying enough that bots would spend time avoid getting on those lists?
I have an idea for doing a test, I'll take two IP:s and put fail2ban on them.
On one, we don't ban, just report it to abuseipdb.
On the other we just ban.
I'm curious if this will affect the amount of scans hitting it.
-
It's been wild watching the crazy array of obvious AI bots working their way deeper into my iocaine tarpit.
They are taking the greatest care to not burden my system (rate is holding at about 5 pages per minute, on average, for the last 30 days straight). The site they are chewing through is statically generated, so it can handle a lot more.
It's just such a weird feeling watching them, like when a toddler thinks you can't see them because *their* head is covered.
-
-
-
OpenAI is directly ignoring my robots.txt file which disallows indexing of /trash/ on my website. Their loss I guess.
Or it's some other actor impersonating OpenAI.
-
"Rage against the machine"
I haven't realized this war was already happening, but I think it was inevitable. Funny to combat new shiny AI crawlers with old techniques.
"Be indigestible. Grow spikes."
By the way, I'm not telling anyone to do anything, as a disclaimer. I find this very interesting myself.
-
We could probably make significant damage to all those "Dark Net" scraper bullshit tools if we'd use the Trademark registrars, the German Handelsregister, etc. and created bullshit database entries from it, bullshit GitHub (they only care about GitHub, they don't even scan others lol) commits with some XML containing references to those names, crap websites, etc. We could even combine this with #Tarpit and other anti-AI stuff.
~ signed, a person who has to wade through thousands of bullshit alerts for generic terms.
-
-
Hackaday Links: February 9, 2025 - January 9 ended up being a very expensive day for a Culver City, California man af... - https://hackaday.com/2025/02/09/hackaday-links-february-9-2025/ #hackadaycolumns #termsofservice #hackadaylinks #northamerica #superscooper #continent #emergency #honeypot #amradio #geology #slider #europe #tarpit #drone #eula #fine #bot #llm #tos
-
For those who run webservers and are a bit sick of LLM crawlers, you may find iocaine https://git.madhouse-project.org/algernon/iocaine/ and nepenthes https://zadzmo.org/code/nepenthes/ interesting.
#LLM #iocaine #web #AI #nepenthes #tarpit #WebServer #nginx #caddy
-
On my machines, I have begun to disable SSH on IPv4 and replaced it with a tarpit instead. :drgn_comfy_evil:
-
Бородатый обманщик. Методика TARPIT в защите и нападении
Существует стратегия информационной безопасности, суть которой сводится к непропорциональному расходованию ресурсов атакующей стороны. Ресурсов вычислительных, временных и человеческих. Добро пожаловать под кат если вас интересует: Как затруднить атакующему фазу разведки? Отчего nmap может серьезно тормозить? Откуда берутся хосты с тысячами открытых портов? Как выявлять tarpit хосты и что с ними делать если вы занимаетесь аудитом ИБ. Что это вообще такое этот ваш tarpit? )
https://habr.com/ru/companies/webmonitorx/articles/775680/
#информационная_безопасность #уязвимости #кибербезопасность #взлом #атаки #tarpit #firewall #системное_администрирование #ловушка #honeypot
-
#Endlessh is a #publicdomain #SSH #tarpit.
Endlessh (Endless SSH) is a barebones SSH server that traps any clients that attempt to connect. When a connection is made Endlessh sends an endless stream of junk data at a slow rate that forces the client to wait. Endlessh can trap hundreds of clients for days or weeks with minimal performance impact. Endlessh is useful for trapping bots on false SSH ports.
Website 🔗️: https://github.com/skeeto/endlessh