Inkbunny

"	The issue is that spammers (posting link-heavy profiles, journals, comment and submissions) are also making extensive use of VPNs, and we can not afford to be tolerant of such spam, nor spend hours each day deleting it only for as much of it to return the next day.

I suspected this ( But I did not think that the situation with the shitty spammers had become so critical.

"	like a private VPN organized via a technical member of the Russian Inkbunny community which they guarantee will not be used for SEO of Vietnamese betting sites, Bitcoin, etc.

WHOA, what is that thing? Sounds very interesting. And technical members of the Russian Inkbunny exists?

GreenReaper

4 months, 3 weeks ago

link

Well, I admit that most of them have probably emigrated by now if they can... you might want to, too, it looks like inflation's not going to get much better, and furries are perilously close to being deemed extremists.

I'm not saying such a thing exists now, but I guess it could be created.

MADJerk

4 months, 3 weeks ago

link

Oh, it's a pity.
Well, maybe I would have moved from the Russian Federation if there were tempting prospects in another country and if all my relatives and pals did not live in Russia...
By the way, furries in Russia are not touched yet. Gays have been hit, whom the fucking right-wing conservative bastards now want to recognize as almost extremists. Brr, I have a feeling that American McCarthyism of the 50s of the last century has reached Russia in 2023.

Btw, speaking about moderation system for VPN addresses
in this case, I like the Rule34.Paheal site's system. You can log in there from any VPN address. However, if the IP is discredited, then a window appears on Rule34.Paheal with the notification "This IP address recognise as "ghost user" and the functionality of the site is limited. You cannot create a new profile from this address. To use all the features of the site, log in to your profile."

In my opinion, this is a good filter against spammers. And at the same time, Rule 34.Paheal gives bona fide users the opportunity to log in to the site. Is it possible to adopt this system from Rule 34.Paheal for Inkbunny?
Cause it`s pretty convenient.

GreenReaper

4 months, 3 weeks ago

link

There is nothing much wrong with the idea (although identifying such IPs is a challenge even with DNSBLs, since they use botnets now) but in practice we probably do not have the development bandwidth to implement it.

There is no concept of being "banned because of proxy" right now, just "banned" - and it is not based on any automatic system, because we don't object to proxies per-se, just spam. It just happens that proxies are often spammer IPs.

MADJerk

4 months, 2 weeks ago

link

Ah ok.
Thanks for answers :)

Autorun

5 months ago

link

хорошо, что мой древний браузер более менее работает с новым сервером inkbunny и без VPN.

MADJerk

5 months ago

link

@ Autorun

Это из тех случаев когда "Старое работает лучше" XD

Autorun

4 months, 4 weeks ago

link

MADJerk

хоть и купил новую мобилу, она может предоставить много возможностей, я продолжаю упорно использовать устаревший софт. старушку opera mini 7.5 2012 года.
в ней незначительные функции inkbunny не работают "reply" "+watch"
у меня с vpn все в порядке, chrome с vpn шустро летает по inkbunny, были моменты на компе в Firefox+ vpn browsec загружалась страница без миниатюр.. а так в принципе норм

MADJerk

4 months, 4 weeks ago

link

@ Autorun

тру-фанат ретро, уважаю ;)

alphamule

4 months, 3 weeks ago

link

An alternative is to setup your own proxy/VPN that won't get IP banned.
Stuff like bots spraying passwords or the like, is precisely why I disabled passwords for SSHd... Interestingly, on E-Hentai, having an account overrides IP limits (except for login, obviously). So if your ISP is behind a huge NAT gateway, then only the anonymous users get blocked... but you still have to login, somehow.

MADJerk

4 months, 3 weeks ago

link

To be honest, I don't really understand how to set up a personal VPN with its own unique IP
.
In general, in this case, I like the Rule34.Paheal site's system. You can log in there from any VPN address. However, if the IP is discredited, then a window appears on Rule34.Paheal with the notification "This IP address recognise as "ghost user" and the functionality of the site is limited. You cannot create a new profile from this address. To use all the features of the site, log in to your profile."

In my opinion, this is a good filter against spammers. And at the same time, Rule 34.Paheal gives bona fide users the opportunity to log in to the site. Is it possible to adopt this system from Rule 34.Paheal for Inkbunny?
Cause it`s pretty convenient.

alphamule

4 months, 3 weeks ago

link

Edited 4 months, 3 weeks ago by Owner

https://www.math.ucla.edu/computing/kb/creating-ssh-pro...  Windows example for creating a SOCKS5 proxy for your browser (secure).  In Linux, you'd use the SSH command which is mostly the same.  There's tons of ways besides this.  Basically, you need A)  Program installed on server.  B)  Browser or VPN client running on you home system.

Literally, any server with Debian installed can do the PuTTY example, assuming you have the permissions.  It's also why you REALLY don't want to use passwords for SSH.  Moving SSHd to a different port than 22 is more to not have a huge log file from random idiots poking at it.  You'll want to use Fail2ban.  ;)

Tricky thing is some configurations leak requests even though the proxy is being used.  DNS leaks can be prevented, though.  If you're really paranoid, you'd be using a (virtual?) machine configured to only allow packets to the known IP address of the proxy, and blocking ALL others.  Configuring a firewall or gateway is a bit too involved for this comment.  ;)  Might as well learn how to do it right way now, than later.

https://airvpn.org/ssh/  These people show an example for OpenVPN and SSHd.  There are ways to verify the last step without being vulnerable to MITM.  Again, this is too much detail for this comment.

MADJerk

4 months, 2 weeks ago

link

Thank you... I think I'm going to need a lot of YouTube videos to get into this topic.
But thanks for sharing anyway! :)

alphamule

4 months, 1 week ago

link

Meh, YT videos are just going to link to those tools. ;)

GreenReaper

4 months, 2 weeks ago

link

We used to use fail2ban but the way Debian had it setup the ban database was taking ages and lots of CPU and space relative to the size of our caches. At least the logs weren't essentially permanent.

MADJerk

4 months, 2 weeks ago

link

Have you updated the configuration? Over the past week, logging in to Inkbunny via VPN has become as convenient as before.

GreenReaper

4 months, 2 weeks ago

link

No. But maybe the people who were spamming us using your particular VPN got tired of being banned, or took a break for the holidays.

MADJerk

4 months, 2 weeks ago

link

Well, in that case, I sincerely wish all the spammers who bother us to die of a heart attack or diarrhea in the New Year)

alphamule

4 months, 1 week ago

link

Edited 4 months, 1 week ago by Owner

Well damn, considering the entire point of it was to help scale banning in a sensible way... That's a hard failure. Makes me wonder if there's a better way, or if it was Debian itself that was the problem. Some OSes/distros are really lousy at handling a lot of low-latency threads.

I suspect that having a non-standard port would slow it down, immensely, though. I mean the amount of log growth.

GreenReaper

4 months, 1 week ago

link