home.social

#tarpit — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #tarpit, aggregated by home.social.

  1. Ow no a bot is stuck in my tarpit:

    proof/honeysweet/manifestation-peritenon/malefically/lobigerous/dovewood/jinniyeh/rife/phacochoerine/unintermissive/vallancy/sericin/" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; GPTBot/1.3; +https://openai[.]com/gptbot)",

    Its scraping gerbage and wont stop.

    #ai #tarpit #bot

  2. Tarpits like Nephentes are cool, but can't I just bypass them by waiting for "network idle" before scraping and setting a reasonable timeout for that?

    #Tarpit #AI #Nephentes

  3. Since I setup a #tarpit (using #nepenthes) about 3 days ago, the server has been hit more than 1 million times by the likes of #OpenAI and #Meta. Apart from the usual parasitic crawlers.

    This only proves, how unethical the whole industry is.

  4. I have written a #blog entry about my experience with running a #tarpit with the intention of boycotting #AI #bots.

    blog.n41.lat/posts/boycotting-

  5. As an experiment, today I setup an instance of #Nepenthes in a #VPS.

    It is a poisoning #tarpit intended for crawlers that scrape data for #LLMs. It will generate endless linked pages with randomly generated content.

    Interestingly, just minutes after deployment, the #OpenAI crawler showed up. Since then, it has been happily eating all the crap thrown at it.

    I know this is a tiny effort against one of the most toxic industries in history, but I love the feeling of fighting back even if it is almost symbolic.

    zadzmo.org/code/nepenthes/

  6. @dnsprincess @Walker in any event you should always opt to build the monster app or apps that wring out not only many opsec oversights but also work together in gestalt catalyzing manner - good examples of this could be cve in a wiki or diy shodan plus maltego or a graph #tarpit #artillery by dave kennedy #osint #dfir #tags #arroyo cluster #firehose #version number

  7. I was playing around with fail2ban and started thinking.

    If I ban bots, is that actually a net negative to the health of the internet?

    When you ban bots, they just go to the next server. Because your server does not have default or dumb passwords it was unlikely to be breached anyways, the bot was just wasting its resources.

    When you ban it, it moves to the next one where it has a higher chance to succeed.

    The two ideas I have to impose higher costs on bots is

    1. Tarpit

    Tying up resources indefinitely seems more useful than just blocking it. Although compute is so cheap it probably doesn't matter nowadays. Maybe more effective back when bots were simpler.

    1. Report it to abuseipdb and similar

    I'm not sure if the aipdb et al are actually annoying enough that bots would spend time avoid getting on those lists?

    I have an idea for doing a test, I'll take two IP:s and put fail2ban on them.

    On one, we don't ban, just report it to abuseipdb.

    On the other we just ban.

    I'm curious if this will affect the amount of scans hitting it.

    #fail2ban #tarpit

  8. It's been wild watching the crazy array of obvious AI bots working their way deeper into my iocaine tarpit.

    They are taking the greatest care to not burden my system (rate is holding at about 5 pages per minute, on average, for the last 30 days straight). The site they are chewing through is statically generated, so it can handle a lot more.

    It's just such a weird feeling watching them, like when a toddler thinks you can't see them because *their* head is covered.

    #iocaine #tarpit #bots #ai

  9. Fediverse website managers, have you deployed an #AI #tarpit?

  10. OpenAI is directly ignoring my robots.txt file which disallows indexing of /trash/ on my website. Their loss I guess.

    Or it's some other actor impersonating OpenAI.

    #ai #openai #tarpit

  11. "Rage against the machine"

    I haven't realized this war was already happening, but I think it was inevitable. Funny to combat new shiny AI crawlers with old techniques.

    "Be indigestible. Grow spikes."

    By the way, I'm not telling anyone to do anything, as a disclaimer. I find this very interesting myself.

    #ai #internet #tarpit

    youtu.be/vC2mlCtuJiU?si=SI9sA8

  12. We could probably make significant damage to all those "Dark Net" scraper bullshit tools if we'd use the Trademark registrars, the German Handelsregister, etc. and created bullshit database entries from it, bullshit GitHub (they only care about GitHub, they don't even scan others lol) commits with some XML containing references to those names, crap websites, etc. We could even combine this with #Tarpit and other anti-AI stuff.

    ~ signed, a person who has to wade through thousands of bullshit alerts for generic terms.

  13. I accidentally stepped into a http #tarpit

    <3

    there should be plenty.

    wmtips.com/top/alexa-rank/

  14. On my machines, I have begun to disable SSH on IPv4 and replaced it with a tarpit instead. :drgn_comfy_evil:

    #SSH #SysAdmin #Tarpit #EndlesSSH

  15. Бородатый обманщик. Методика TARPIT в защите и нападении

    Существует стратегия информационной безопасности, суть которой сводится к непропорциональному расходованию ресурсов атакующей стороны. Ресурсов вычислительных, временных и человеческих. Добро пожаловать под кат если вас интересует: Как затруднить атакующему фазу разведки? Отчего nmap может серьезно тормозить? Откуда берутся хосты с тысячами открытых портов? Как выявлять tarpit хосты и что с ними делать если вы занимаетесь аудитом ИБ. Что это вообще такое этот ваш tarpit? )

    habr.com/ru/companies/webmonit

    #информационная_безопасность #уязвимости #кибербезопасность #взлом #атаки #tarpit #firewall #системное_администрирование #ловушка #honeypot

  16. I am proud to announce that I have wasted half a Gig of script kiddie network traffic :blobyeengrin:​

    #Tarpit is an #SSH server that pretends to be extremely slow. Slow enough to not waste my time, but fast enough to let the other side now that SSH is actually working.

  17. is a .

    Endlessh (Endless SSH) is a barebones SSH server that traps any clients that attempt to connect. When a connection is made Endlessh sends an endless stream of junk data at a slow rate that forces the client to wait. Endlessh can trap hundreds of clients for days or weeks with minimal performance impact. Endlessh is useful for trapping bots on false SSH ports.

    Website 🔗️: github.com/skeeto/endlessh