Skip Navigation

User banner

Jerry on PieFed

@ Jerry @feddit.online

Posts
23
Comments
141
Joined
2 yr. ago

Just a techie guy running feddit.online to allow people to communicate, make friends and acquaintances. Odd coming from a happy introvert, right? (https://jerry.hear-me.blog/about)

I also own these publicly available applications:Mastodon: https://hear-me.social/Alternative Mastodon UI: https://phanpy.hear-me.social/Peertube: https://my-sunshine.video/Friendica: https://my-place.social/Matrix: https://element.secure-channel.net/XMPP/Jabber: https://between-us.online/Bluesky PDS: https://blue-ocean.social/ (jerry.blue-ocean.social) Mobilizon (Facebook Events Alt): https://my-group.events/and more...

  • A honeypot that binds to a large range of dummy TCP and UDP ports to frustrate network fingerprinting.

    Jump

  • Things like this that play games scare me. This itself opens a wider attack vector on your server. I'm thinking of possibilities:

    1. In Linux, each TCP connection is a file descriptor. PortTripper holds connections to waste scanner threads, which means it's holding file descriptors. This could be a good DDOS attack vector. Hit every port with connection requests, requiring a slew of file descriptor creations, and boom, you cause the server to hit the server ulimit cap. New connections cannot be made. The server is half dead.

    2. Memory and CPU consumption. Maintaining thousands of open TCP states takes RAM and CPU. A massive flood can consume all memory. And for what? To annoy a hacker?

    Interestingly enough, just these 2 things can make PortTripper a hacker's tool.

    1. If a service crashes or reboots, is down for maintenance, or is slow to come up, PortTripper might grab the port before the application comes back up. And then it can't come back up.

    2. Who's to say there won't be vulnerabilities in PortTripper that can cause a buffer overflow, memory leak, or parsing vulnerability in PortTripper's code or a library it uses? Playing this game opens another attack vector into your server.

    3. If PortTripper can bind to ports 1 through 1023, then it's running as root or has elevated capabilities. If an attacker exploits a bug in PortTripper or a library it uses, they can get high-level control of the server.

    4. While PortTripper "discards datagrams without replying" in a reflected DDOS attack, millions of discarded packets come in, which means millions of CPU interrupts at the kernel level. This can choke the NIC.

    I think PortTripper is too risky to run just to become a nuisance to someone, IMHO.

  • Scammer Used an AI-Generated MAGA Girl to Grift 'Super Dumb' Men

    Jump

  • He made thousands of dollars a month off MAGA men who believed she was real. But when he tried to create an AI woman for the Democrats, it bombed because they knew it was just AI slop.

    Any questions?

  • Got message about suspect activity on my Mastadon account, whatever that is? And the msg says only the post i can only view. The link it gives to do whatever comes back as 500 Internal Errror

    Jump

  • It sounds like you were targeted by a scammer, and the 500 error may have saved you some misery. Never click on a random link.

    I run a Mastodon server, and there is no mechanism to notify anyone about suspicious activity, let alone any link that would point back to the server to provide any such information to a user.

  • Quantum Computers Are Not a Threat to 128-Bit Symmetric Keys

    Jump

  • I think the article basically says current symmetric key encryption, even 128-bit, but especially 256-bit, is safe from quantum computers, maybe forever. It's the asymmetric encryption that's going to be easily broken, and this is what Google says needs to be addressed by 2029.

  • WireGuard VPN developer can't ship software updates after Microsoft locks account

    Jump

  • Welcome to Microsoft's co-pilot dream.

  • I am in the fediverse now!

    Jump

  • We're glad you are here!

  • White House App Found Tracking Users' Exact Location Every 4.5 Minutes via Third-Party Server

    Jump

  • According to the Google Play Store, there are 467 reviews (4.8 stars) but "0+" downloads. Like everything else about the White House, it doesn't add up.

    And maybe most people know to keep it off their phones.

  • Reminder: Clear your Connect cache!

    Jump

  • Is this only for people using Garmen Connect or something else?

  • Newish to Fediverse - do I use one account across all services?

    Jump

  • You are asking a reasonable question that many ask.

    Each account will be a unique and separate account on each instance. Instances do not share accounts.

    Although you can, on some applications, authenticate with a federated account, like Google or even a Mastodon account, you still will have an entirely different account on the server.

  • A refreshing Zorin review. No, it doesn't match the hype.

    Jump

  • Wine requires Linux knowledge to get the configurations correct. I don't think many Windows users will be able to get any Windows applications running under Wine. And it's the same Wine that any Linux user can install for free.

    If Zorin came packaged with Crossover, then maybe it would run Windows apps better because Crossover would manage the Wine configurations and the required Windows infrastructure installs.

    Maybe.

    But not many old machines will have the capacity to run Linux, Wine, and a Windows application. But Zorin's hype leads one to believe that a 15-year-old machine won't struggle.

  • A refreshing Zorin review. No, it doesn't match the hype.

    Jump

  • I tried it about a month ago and found it had nothing more than what you get with an Ubuntu install, save for the look of the screen. I couldn't understand why the media was making a big deal about it. And I saw no reason why anyone should pay for Pro. My conclusions matched what is in the article.

  • Linux @programming.dev
    Jerry on PieFed @feddit.online

    A refreshing Zorin review. No, it doesn't match the hype.

  • 7zip.com Is Serving Malware

    Jump

  • The headline of this post is technically accurate but purposely provocative. The article's headline is more informative: " Fake 7-Zip downloads are turning home PCs into proxy nodes".

    The point is that 7zip.com is not the official website, and this is where many people are going for it, and getting malware.

  • Deleted

    Permanently Deleted

    Jump

  • @rimu@piefed.socialBut the logins from Voyager are returning 400 (Bad Request), although the username and password are correct, and to me, the request looks good.

    I posted what is coming into the server. The only anomaly I saw was that the session cookie referrer seemed odd. Can you look at the request I posted? Do you see any reason it would be seen as a bad request?

    The odd thing is that while I get an error 95% of the time trying to log into Voyager, twice it did let me log in. I don't know what was different about those 2 times.

    Nothing gets logged to syslog, any nginx logs, pyfedi.log, or journalctl.

  • Deleted

    Permanently Deleted

    Jump

  • Nope. I posted below what is coming into the server. The only thing I can think of is that the referrer is coming in as https://localhost/inbox which might explain the 400 error (Bad Request). Does your nginx configuration drop incoming cookies for the login endpoint?

  • Deleted

    Permanently Deleted

    Jump

  • Help me here. I'm not an expert. Here is the request going into the server. The error code is 400 (Bad Request) 

       
        
@x..@x..  
18:24:10.580462 IP 127.0.0.1.49126 > 127.0.0.1.5000: Flags [P.], seq 5107:5771, ack 1755, win 8143, options [nop,nop,TS val 1081650450 ecr 1081650382], length 664  
E....3@.@...............kz.....n...........  
@x..@x..POST /api/alpha/user/login HTTP/1.1  
X-Forwarded-For: 162.120.199.186, 172.70.111.121  
X-Forwarded-Proto: https  
Host: feddit.online  
Content-Length: 56  
accept-language: en-US,en;q=0.5  
content-type: application/json  
accept-encoding: gzip, br  
cf-ray: 9c85ae25b9720f65-EWR  
user-agent: Dalvik/2.1.0 (Linux; U; Android 16; Pixel 10 Pro XL Build/BP4A.260105.004.E1)  
cdn-loop: cloudflare; loops=1  
cf-connecting-ip: 162.120.199.186  
cf-ipcountry: US  
cf-visitor: {"scheme":"https"}  
cookie: session=eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQ.aYJgEQ.nMo4SDt0iKOrzFvSItQuquLp4qo  

{"password":"<hidden>","username":"testuser"}  
18:24:10.584409 IP 127.0.0.1.49120 > 127.0.0.1.5000: Flags [P.], seq 8671:10383, ack 2866, win 22123, options [nop,nop,TS val 1081650454 ecr 1081650338], length 1712  
E.....@.@.CB.............BO.+Ngj..Vk.......

    The session string is: eyJSZWZlcmVyIjoiaHR0cHM6Ly9sb2NhbGhvc3QvaW5ib3giLCJfZnJlc2giOmZhbHNlfQThis decodes to a referrer of: https://localhost/inbox

    I wonder if this is the issue. Will Piefed accept a session claiming to be from localhost? Will it see this as a potential attack or misconfiguration? Should I reconfigure nginx to drop incoming cookies for the login endpoint?

    I'm grasping at straws.

  • Deleted

    Permanently Deleted

    Jump

  • Very odd thing. Sometimes I am able to log in via Voyager. Mostly not.

    At one point I put a space after the user name, and then it logged me in. Once I didn't, and it logged me in. But it isn't consistent. The server is complaining that there's a problem in the request format. i don't see anything different that allowed the log in those 2 times.

  • Deleted

    Permanently Deleted

    Jump

  • The Cloudflare WAF log shows that it allowed the login request to go through. I'll have to look more this evening.

  • Deleted

    Permanently Deleted

    Jump
  • Deleted

    Permanently Deleted

    Jump

  • I have to look again because it was a while ago, but I do block some user agent strings, but if I'm blocking Voyager this way, I really screwed up.

    Another possibility is that Cloudflare is presenting a managed challenge during sign up.

  • Today I Learned @lemmy.world
    Jerry on PieFed @feddit.online

    TIL that in 1820 some 20,000 pigs roamed NYC to clean up the streets

    www.nypl.org /blog/2024/07/17/views-digital-collection-milestones-nycs-trash-revolution
  • Today I Learned (TIL) @lemmy.ca
    Jerry on PieFed @feddit.online

    TIL the guillotine was named after a man who neither invented it nor believed in the death penalty

  • Today I Learned @lemmy.world
    Jerry on PieFed @feddit.online

    TIL the Guillotine was named after a man who neither invented it nor believed in the death penalty

  • Cybersecurity @sh.itjust.works
    Jerry on PieFed @feddit.online

    AI hacking. Downloading images can allow your computer to be hijacked

  • Cybersecurity @sh.itjust.works
    Jerry on PieFed @feddit.online

    My Pixel 10 warned me 8 times in 30-minutes that there was a rogue connection made. Deeply concerning

  • Ubuntu Linux @lemmy.ml
    Jerry on PieFed @feddit.online

    Upgrading to 24.02.3 left my system unusable. Could happen to you too.

  • Facepalm @lemmy.world
    Jerry on PieFed @feddit.online

    Hackers got Clorox passwords by simply asking for them?

  • Facepalm @lemmy.world
    Jerry on PieFed @feddit.online

    Chicago Sun-Times Ripped For AI Summer Reading List - Comic Sands

    www.comicsands.com /sun-times-ai-list
  • Privacy @lemmy.world
    Jerry on PieFed @feddit.online

    Big win for States, and you, for stopping corporations who violate state privacy laws

  • Fediverse @lemmy.world
    Jerry on PieFed @feddit.online

    Short video that show what Friendica can do

  • Selfhosted @lemmy.world
    Jerry on PieFed @feddit.online

    mysql or postgresql? Which is better for an Internet-facing application

  • Community Promo @lemmy.ca
    Jerry on PieFed @feddit.online

    Antisocial Media

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    The elf in the swamp

  • Technology @lemmy.world
    Jerry on PieFed @feddit.online

    Digital Ocean's long outage on 28-Nov-2024 caused by a Network Solutions blunder they [NS] didn't know how to fix

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    It could be worse

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    This Building Looks Like It Was Designed In Microsoft Word

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    Different perspectives on dogs

  • memes @lemmy.world
    Jerry on PieFed @feddit.online

    Depends what you base it on