-
OrIdow6
datechnoman: (Reviving a discussion from a few weeks ago) For your CC scrape did you extract img src='s? The thing that I saw that was lost specifically looked like <img alt="" src="
cdn.discordapp.com/attachments/[numbers]/[numbers]/[filename].png" style="width: 400px; height: 234px;">
-
OrIdow6
And that Discord URL wasn't saved anywhere (accessible by the WBM anyway)
-
nyany
Ooh, got my first abuse report in a while from Hetzner
-
datechnoman
-
eggdrop
-
nyany
datechnoman: no idea
-
nyany
Was the subject line :AbuseUrgent: Auffällig viele Zugriffe von Hetzner IPs auf unser Onlineshop:
-
datechnoman
Yup same person lol
-
datechnoman
AbuseUrgent: Auffällig viele Zugriffe von Hetzner IPs auf unser Onlineshop
-
nyany
-
nyany
In case you were curious, that's how I responded
-
datechnoman
Hopefully they accept it :)
-
nyany
I've sent them a similar response in the past and they've accepted it just fine
-
datechnoman
Nice! Keep up the great work! When you have 20-30 nodes and get multiple abuse notices you get this....
transfer.archivete.am/L6bI7/perm_ban_notice.txt
-
eggdrop
-
nyany
I have three servers with Hetzner, two bare metal and one cloud
-
nyany
I'm dropping the cloud because that's just stupid
-
datechnoman
You'll fly under the radar just fine then
-
datechnoman
I'm not so good at doing that.... lol
-
nyany
Incidentally
-
nyany
-
nyany
two servers hit the server on 4/25
-
nyany
the other hit the server today
-
datechnoman
All my nodes were 4/25 so we must have hit them pretty hard lol
-
nyany
Maybe it's a blessing that my OVH servers are still out of commission for this project
-
nyany
I've got a great relationship with OVH, but their abuse department is SLOW compared to Hetzner
-
datechnoman
Well that is a welcomed benefit
-
datechnoman
For once slow is good haha
-
nyany
I very much want to go full Nyany
-
nyany
In fact, I have two nodes that I need to add in
-
nyany
they'll be 1 concurrency workers but they're still resources I can use
-
datechnoman
I've moved over to netcup which seems to be doing well for my needs. Also isnt "cloud" and makes me pay up front so will keep the credit card in check
-
datechnoman
Im just milking Hetzner dry before the perm ban kicks in at the end of the month
-
nyany
ouch
-
nyany
You know, we're ever closer to actually clearing to-do here for once..
-
Medowar
Lul, same here about the abuse message.
-
Medowar
Hetzner locked the server after 50 min...
-
JAA
wut
-
JAA
Which domain is this?
-
nyany
that's just it
-
nyany
nobody really knows
-
JAA
Right
-
Medowar
-
nyany
Ah
-
nyany
I got fuck all from Hetzner in my report - They gave me an IP and a timestamp lol
-
Medowar
the url currently 404s
-
JAA
I got something like that from OVH once. 'Your server is spamming requests. start of technical details end of technical details'.
-
Medowar
Yeah, same here, I just googled the part of the request and found the page, where it matched
-
JAA
I told them they fucked up and never heard anything again. :-)
-
Medowar
We just got a second one...
-
nyany
Target must be going brr. Noticing bunches of speed-up and slow-down
-
nyany
Medowar: you just got a second abuse report?
-
Medowar
Nun hat die IP 144.76.76.107 unsere Seite heute 172 mal aufgerufen (von heute 08:07:57 bis 09:36:42, also ca. ein mal die Sekunde immer die URL /gefahrstoffe/Bauer-Gasflaschen-Depot-GFD-G-L-R-fuer-Innen-und-Aussenbereiche-nach-TRGS-510.html).
-
Medowar
Aber alleine diese URL wurde heute insgesamt schon 39.401 mal aufgerufen (von 08:07:57 bis 12:00).
-
Medowar
--
-
Medowar
Now the IP 144.76.76.107 has accessed our page 172 times today (from 08:07:57 to 09:36:42, i.e. about once a second always the URL /gefahrstoffe/Bauer-Gasflaschen-Depot-GFD-G-L-R-fuer-Innen-und-Aussenbereiche-nach-TRGS-510.html).
-
Medowar
But this URL alone has already been accessed 39,401 times today (from 08:07:57 to 12:00).
-
Medowar
nyany: yes
-
Medowar
or an answer to the request.
-
JAA
I'm not seeing anything from hubheld.de in todo:backfeed based on some quick sampling.
-
nyany
probably for the best
-
JAA
I am seeing it in claims, yeah.
-
JAA
Approximately 0.5% of claims is hubheld.de. At 80M claims, that's a fair bit.
-
nyany
I'm not sure how feasible it'd be, but perhaps it would be best to stop indexing them?
-
nyany
By the sounds of it, we've gotten what we came for, 39,401 times over
-
JAA
The problem here is likely the force_sid parameter with a random value.
-
JAA
I.e. shitty site
-
nyany
fair
-
nyany
ah, so you're saying every time the site is crawled there's a different value there
-
nyany
and that number just so happened to be in the vicinity of 39401
-
nyany
that's stupid
-
JAA
-
nyany
sigh
-
JAA
arkiver: ^
-
nyany
-
JAA
arkiver: TL;DR: hubheld.de is being stupid with a force_sid (session ID, probably) parameter, and they send aggressive abuse notices.
-
JAA
Paused for now
-
nyany
ah ok
-
JAA
But it was already napping before.
-
nyany
yeah, my traffic graph looked like \/\/\/\/\/\/\/\/\ so I was assuming a full target first
-
kiska
datechnoman: If you spam call them, they will quickly reverse that decision :D
-
nyany
There, I've got a new box set up for when this project resumes
-
AK
Number of servers that got shut down after 50 minutes and not 24 ++;
-
AK
Server and 2 of the 4 ips associated to it got locked
-
JAA
Very not pleased with how they're handling this.
-
JAA
Only realised now that the abuse report above is nonsense, too. 172 accesses in 1.5 hours is not once a second. At all.
-
nyany
If I gave 0 fucks I'd probably just respond back going "sorry, I just really like this particular german power tool"
-
AK
-
AK
There's so many things wrong. Email mentions only 1 ip, but then the text below has both (And both were locked). That's also 1 hit per ip by me 🤷♂️
-
AK
I'm assuming Hetzner got sent a massive list and had to parse through to find us all, then someone got bored of it and just started locking us instead
-
nyany
right
-
kiska
Hrm.... I think I would start calling them at this point :D
-
kiska
They have a number in that email :D
-
AK
Next time it gets locked I probably will, normally 24 hour is more than enough time (And they tend to give a bit after that too)
-
AK
I just didn't manage to reply within 50 minutes today lol
-
fireonlive
two get requests that ended in a 403 😱 call the military
-
nyany
fireonlive: they probably killed that page
-
nyany
because we went there
-
nyany
we touched their no no square
-
fireonlive
ah i read up more lol
-
fireonlive
nyany: 3
-
fireonlive
nyany: x3
-
JAA
arkiver: Please reduce the limit on #down-the-tube again when resuming this.