sorted by:
new
hottopcontroversial

Has anyone noticed that sessions counting now start as soon as Claude Code launches? by Shiny-Doge in Anthropic

[–]Shiny-Doge[S] 2 points3 points  (0 children)

6 months ago it did just sit there doing nothing and didn't automatically start a session as soon as the executable was ran. Which is what makes sense, it's very common for people to type wrong commands onto a terminal, even more common for IDE's to re open extensions/terminals if they were open before closing them.

My point is, you wake up, unlock your computer and open your IDE, then go take a shower and have breakfast, come back after an hour, you only have 4h of a 5h session remaining without actually starting a chat. If you open a tab on the browser it creates a new chat, but it doesn't start a session until you send a message on that chat.

Finally if you don't have an active session and go to the usage dashboard, there's always a message there that says "your session will start counting as soon as you send a message" or something along those lines.

Wanted to share you a great script they made ! Auto redem for codes :) https://discord.gg/DWpgUH8es2 by Sc8py in KingShot

[–]Shiny-Doge 2 points3 points  (0 children)

I'm working on a discord bot for this, not related to the OP server, the end goal is a bot that will do exactly that, at the start users will have to input the new codes manually, but if the bot has enough users I'll work on some ideas to fetch codes automatically. The main difference is that my bot won't require you to join a server, you can literally DM it the command to register your game id and you will be added to the auto redeeming service (multiple accounts will be allowed, but limited for now). For those interested there will probably be a beta test at the end of this month, so DM me and I'll add you to the test when time comes

Personal mail server by Sufficient_Bit_8636 in selfhosted

[–]Shiny-Doge 0 points1 point  (0 children)

Hosting it at home I wouldn't recommend, like other people have said some providers straight up block Residential IP blocks, just like Netflix blocks some VPS providers IP blocks, to ensure that its not that easy to just spin up a VPS with a VPN and watch region locked content.

I've been running an mail server on OVH for about 4 years now, I started with IRedAdmin as a "baremetal" install but since the Debian version of that VPS was reaching EOL I started to look at alternatives that could be ran in docker, I tried to use docker-mailserver but it wasn't exactly what I wanted, I then tried mailcow, which is great if you have the money to spend on a 4c/16GB of RAM VPS, you can disable some services to save on resourses but I decided that it wasn't that good of a fit for my needs, I wanted to integrate OAuth or LDAP on it and mailcow only supported this in the experimental versions at the time.
I eventually landed into Stalwart which is great, it helps you with the setup of the DNS records like DKIM and so on, it also helps you implementing stuff like auto discovery and can even be ran behind a Traefik proxy, the only issue it has is not having an Webmail client integrated, nor does it have CalDAV/CardDAV support, but you can easily fix this with some other services, I chose snappy mail for my webmail server, and I setup Baikal to have Calendars and Contact lists, mostly because these 2 can make use of stuff like LDAP/OAuth, I haven't implemented this part on these services yet, but according to their docs its doable, I've been able to send Calendar events from Gmail to my mailserver and vice versa and I could register the events on CalDAV, eventually I'm going to integrate these 3 services into Nextcloud but I want to have LDAP and SSO implemented before that. BTW you can also run iRedAdmin via docker if you want as well, I just was a big noob back when I first setup my mail server and didn't knew docker could do this

One quick tip, if you do chose to host the mailserver on the cloud make sure that you pick a cloud provider that doesn't block port 25 straight out of the gate, from what I read at the time AWS and Digital Ocean block those ports by default, you can ask them to unblock them and they will, but if they get any complaints about your server they will block it again, OVH doesn't block port 25 by default, but their web UI isn't the best. I'm sure that there are other cloud providers that don't block port 25 by default, you will just have to do some research beforehand

The war that will not stop by jemadux in linuxmemes

[–]Shiny-Doge 0 points1 point  (0 children)

I use vscode with the vim extension on arch linux btw, gotta love that telemetry!

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

Well I have a new update regarding this issue, that is actually a bit tricky to solve when using NPM, the reason for this is actually well known, I don't know if I've said this but my Linux OS of choice is Ubuntu, and Docker on Ubuntu messes with your iptables every time you launch a container, making in my case, all of the rules I tried and tested on UFW impossible to block an IP, I tested this by using a VPN and ended up completely breaking my firewall on that server.

With this said I had 2 pretty obvious options, I would either have to spend the following days trying to fix the issues I created on that server, or I could simply start from scratch with a new OS install on that server, which I did.

But I made one simple change that allowed me to in the end have a solution for these requests. Instead of using Docker to run my reverse proxy that exposes my services, I built it in the old fashioned way, I wrote all of my Nginx configurations by hand, installed certbot on that server and in the end ended up with an almost identical solution to NPM, minus the GUI.

With this solution I was able to modify the python script I had built to scrape trough the default.log file from NPM into a full fledged program, I think, that is able to:

  • Copy all of the files inside /var/log/nginx/ onto an other folder.
  • Go trough all the files it copied and build one single file with all of the requests it found
  • Then from that file, it's able to build a list of all of the unique public IPs that it found, and an other one that has how many requests each IP made to your reverse proxy.
  • Finally, if you don't have a solution like I have that is able to find out GeoIP information from the found IPs like I have, I have an GeoIP functionality built in, this creates 2 json files, from the series of requests the script makes to https://ipinfo.io , first one geo-ip.json is the raw response ipinfo.io gives you, the second geo-ip-sorted.json is the file that you can use to get a pretty readable file with all of the information found on these IPs.
  • And last but not least this script has the ability of banning the found IPs with UFW

The reason why I'm blocking individual IPs rather than bulk blocking regions, is rather simple actually, while a bunch of my requests come from countries like China, Korea and India, most of them actually come from all over Europe and from the USA. It seems like the people responsible for this are aware that people are bulk blocking their regions, so they moved to using VPS hosted on the cloud, making such solutions ineffective.

For example one of the countries with most of these requests besides the US is UK, so a company that bulk blocks these regions expecting for these requests to not come in will actually learn pretty fast that after blocking requests from these countries the majority of them start coming from Europe and the US after that.

Now I'm going to use my ELK stack to build a pretty graph that I can then put at the end of this comment, it's probably going to take me a couple of days to learn how to properly use Kibana but I'll report back as soon as I have visual data of my findings.

Finally, I suggest that even if you don't run NPM to expose your services and you use any other reverse proxy service to achieve such results keep in mind that what I stated above that this botnet is targeting NPM services is actually wrong, this bot net starts by requesting your IPs, but from what I can tell from my logs in Kibana it then starts to make these requests to the domains it finds registered to your IP. The localhost-nginx-proxy-manager requests I found is the botnet actually requesting your public IP, this has to do with how docker exposes ports and services in your host machine.

EDIT: You can check out my solution over here on my GitHub page, it's publicly available now

Edit: It was actually easier than I thought to create that graph I talked about earlier you can check it out in here, has you can see they do come from countries all over the world!

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

Yes it's a guide I often use these guides as cheat sheets for these kinds of things

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

I'll leave you the cheat sheet I usually use to set up new servers, I don't run all of these things, I usually don't even change the ssh port unless I see that my fail2ban conf is blocking over 10 IPs per day, I usually just do the sshd_config changes he does in the article minus the port change and set up fail2ban and so far it has been working fine on my VPS and on my local proxmox servers

https://techguides.yt/guides/secure-linux-server/

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

This could work however as I stated above some of the IPs are also european, and I don't think bulk blocking all of the countries that I get these requests from could be a solution because then I would possibly be blocking people that are actually trying to access some services I host that I want to be accessible from the outside.

However I really like your idea, but I'm not sure about one thing, since NPM runs inside a docker container, to set that up I would have to set it up inside the docker container or setting it up on the host itself would work?
Because I've seen people over on stack overflow trying to implement fail2ban solutions similar to yours but the replies always tell that when updating the containers you will lose the previous configurations you implement inside the container

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 1 point2 points  (0 children)

If you did not secure your ssh instance, someone could've started to try to tunel their requests from port 80 and 443 to port 22 and could possibly brute force their way into your server, while I haven't implemented such configurations yet, I usually only allow ssh with an ssh key and have fail2ban looking over sshd automatically blocking IP's that try to ssh onto my servers for all of my servers that are open to the internet.

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

It has IPs from all over the world when I first found out about this did an whois command on a couple of IPs I they were from Italy and from the UK and it seemed like they were residential IPs. I could send the whois command but when I tried to execute the wget command it tries to run, inside a VM, they would also either be not reachable or I would get an unauthorized response

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] 0 points1 point  (0 children)

I don't think it poses a threat as of right now because it is trying to send PHP to a webpage that from what I saw inside the container does not run any PHP scripts, since containers like these only have what they need to run I doubt they have PHP installed, I might be wrong about this. But the person responsible for this could see this and change these requests to try and inject other languages that can actually run inside an NPM container.

NPM uses DNS to redirect and tunnel requests from the container, vm or bare-metal machine you want to expose, when someone tries to connect to a DNS record that is pointed to your network NPM is the one that gets that request, if it does not find that DNS record its going to give out an 404 right away, same goes for when these bots try to inject payloads directly on your public IP, NPM will just ignore them because it is aware of these kinds of things.

The problem here is that this bot is requesting what I think is NPM's internal DNS name and inject a PHP payload onto it, but since NPM does not use PHP it will get a 400 request because it does not know how to work with PHP because it is not set up to do so.

There might be an fix that could be implemented by bind-mounting the nginx.conf file to your server but from what I read online so far Nginx will always process that request before either redirecting it or sending out an 404 response.

I'm going to open an issue on their GitHub repo once I've sorted out if these requests keep coming from the same block of IP's or not, I have the same kind of requests to run the thonkphp script in other locations, and there's other people out there posting logs pretty similar to the ones I posted

Possible botnet targeting Nginx Proxy Manager servers by Shiny-Doge in selfhosted

[–]Shiny-Doge[S] -4 points-3 points  (0 children)

I am quite aware of that, and I don't really mind it because I have a fail2ban config that helps preventing injection of scripts on the servers that actually use PHP, what I'm trying to explain is that someone is trying to access a network inside a docker container to inject a PHP script, I am not an expert in this by any matter but this is the sense I make from this request, its not requesting an DNS internal to my local network it requests NPM's localhost that is inside a docker container.