Post AVimOC6q2jee0IT1iS by flappypaddle@hijacked.download
 (DIR) More posts by flappypaddle@hijacked.download
 (DIR) Post #AViRvXjeQ2N8H3Z4Ma by ahmad@bassam.social
       2023-05-16T14:57:27.785548Z
       
       1 likes, 0 repeats
       
       @alexSo, today after the spam attack, I've deactivated 2 accounts by mistake. For some reason that also removed all content related to them. No idea why!!Anyway, can I restore them from a data base backup and just have whatever they had to appear again?I don't think it would be nice to tell them that everything is lost 😬
       
 (DIR) Post #AViRvYNi16PmHIJ3nk by alex@gleasonator.com
       2023-05-16T14:58:03.925458Z
       
       0 likes, 0 repeats
       
       @ahmad Local or remote accounts?
       
 (DIR) Post #AViS6CUFlBoHYiRbdI by ahmad@bassam.social
       2023-05-16T14:58:35.802163Z
       
       0 likes, 0 repeats
       
       Local.Can I delete remote accounts too??
       
 (DIR) Post #AViS6D2dhLJdHMX4EK by alex@gleasonator.com
       2023-05-16T14:59:57.840471Z
       
       0 likes, 0 repeats
       
       @ahmad It is possible, but it's really not easy. You would restore their data in the users table, then restore their data in "objects" and "activities"
       
 (DIR) Post #AViSAuA9JhEKAvHfpw by alex@gleasonator.com
       2023-05-16T15:00:45.121781Z
       
       0 likes, 0 repeats
       
       @ahmad Did you use AdminFE? We made it very difficult to accidentally delete a local user in Soapbox 🤔
       
 (DIR) Post #AViTNF0xiRT6H7QuuG by flappypaddle@hijacked.download
       2023-05-16T15:10:53.064768Z
       
       1 likes, 0 repeats
       
       I got hit too. In wondering if there's an issue with the captcha config being figured out because that was never disabled.. or a possible logic flaw with account creation of registration is next open.
       
 (DIR) Post #AViTNFjz13TsWkUs52 by alex@gleasonator.com
       2023-05-16T15:14:13.740708Z
       
       1 likes, 0 repeats
       
       @flappypaddle @ahmad Yeah, they're clearly getting around the captcha. The solution is to require approval, not to close registrations entirely. We've made this the default in Soapbox.
       
 (DIR) Post #AViTlyUkGxAqHQ9qfA by ahmad@bassam.social
       2023-05-16T15:17:07.957439Z
       
       0 likes, 0 repeats
       
       This way I'll have hundreds of waiting approval accounts with no good way to filter the good ones. I've also closed registration till I'm home and reported the ip address used to attack us. Hopefully it'll slow them down.
       
 (DIR) Post #AViTlz7jvyMkEMOzRY by alex@gleasonator.com
       2023-05-16T15:18:43.306228Z
       
       0 likes, 0 repeats
       
       @ahmad @flappypaddle I assume you also don't have rate limiting enabled, or it's not working correctly.
       
 (DIR) Post #AViUBHlJm3hdHAyjpI by flappypaddle@hijacked.download
       2023-05-16T15:21:20.821422Z
       
       0 likes, 0 repeats
       
       Via nginx or otherwise?  I thought I had a basic rate limit via nginx but I might have disabled that for LE updates.
       
 (DIR) Post #AViUBIKleG3j37Z356 by alex@gleasonator.com
       2023-05-16T15:23:17.675100Z
       
       0 likes, 0 repeats
       
       @flappypaddle @ahmad Pleroma has a built-in rate limiter, but you need to configure it for the real IP correctly if you use one or more proxies (being Nginx, Cloudflare, etc)
       
 (DIR) Post #AViZlPKNcfJMw5QFEW by graf@poa.st
       2023-05-16T16:25:55.624859Z
       
       0 likes, 0 repeats
       
       @alex @ahmad @flappypaddle i text you a solution to this last night
       
 (DIR) Post #AVia5YFy8QuuQ5xrGK by ahmad@bassam.social
       2023-05-16T16:26:43.068954Z
       
       0 likes, 0 repeats
       
       Are we keeping secrets now?
       
 (DIR) Post #AVia5Yq7xzqAEEsjce by graf@poa.st
       2023-05-16T16:29:34.300258Z
       
       0 likes, 0 repeats
       
       @ahmad @alex @flappypaddle poast goes over and above to mitigate this with other measures that are a secret, yes however you can do the following:/etc/nginx/conf.d/ratelimit.conf:limit_req_zone $request_uri zone=register_rate:1m rate=10r/m;/etc/nginx/sites-enabled/pleroma.conf (or whatever you named itserver {   [...]    location = /api/v1/accounts {        limit_req zone=register_rate;        proxy_pass         http://phoenix;    }}this will limit hits to the endpoint used for registration to 3 maximum in a minute. lower rate=10r/m to rate=3r/m to restrict to one registration per minute, increase by three per registration you want (3 calls are made each registration attempt)
       
 (DIR) Post #AVimO9cHJO1MGw9anw by matty@nicecrew.digital
       2023-05-16T16:50:13.186916Z
       
       0 likes, 0 repeats
       
       How does this work with Cloudflare?
       
 (DIR) Post #AVimOBC7RcHhANvjJA by graf@poa.st
       2023-05-16T16:50:36.206549Z
       
       0 likes, 0 repeats
       
       @matty @ahmad @alex @flappypaddle are you not revealing real IPs in your nginx config?
       
 (DIR) Post #AVimOC6q2jee0IT1iS by flappypaddle@hijacked.download
       2023-05-16T16:51:34.973023Z
       
       0 likes, 0 repeats
       
       I tried alex's writeup on using CF and never got it to work, so maybe this thread will be doubly-useful.
       
 (DIR) Post #AVimOCqDK1x0H1hGRU by graf@poa.st
       2023-05-16T16:55:29.252782Z
       
       0 likes, 0 repeats
       
       @flappypaddle @ahmad @alex i dont think this is related, what issue did you have with cloudflare? (also you shouldnt use cloudflare but im not going to preach) @matty if you aren’t revealing IPs (for whatever reason) but still want it to work just replace limit_req_zone with limit_req_zone "$http_x_forwarded_for" zone=register_rate:1m rate=10r/m;or something similar. CF sends headers with the clients IP already, leverage them to your advantage
       
 (DIR) Post #AVimODb0W3Ngc9adNY by matty@nicecrew.digital
       2023-05-16T16:57:19.602868Z
       
       0 likes, 0 repeats
       
       Huh. I didn't know that. No, all traffic is just the CF IPs
       
 (DIR) Post #AVimOEK1ofOSrmeaYK by graf@poa.st
       2023-05-16T17:01:43.650209Z
       
       0 likes, 0 repeats
       
       @matty @ahmad @alex @flappypaddle do you pass the CF connecting IP header to pleroma? how are you ratelimiting?
       
 (DIR) Post #AVimOF1dCYGv313PW4 by matty@nicecrew.digital
       2023-05-16T17:03:50.655588Z
       
       0 likes, 0 repeats
       
       I just ratelimit based on the IP shown to Nginx and hope that not everyone is getting the same CF IP lmao
       
 (DIR) Post #AVimOFwhmLvRu1kzTc by ahmad@bassam.social
       2023-05-16T17:06:27.066806Z
       
       0 likes, 0 repeats
       
       whole country can have the same IP 🤣
       
 (DIR) Post #AVimOHRwBiVEZBNRnU by matty@nicecrew.digital
       2023-05-16T17:09:50.327233Z
       
       0 likes, 0 repeats
       
       This is why I don't do this as a profession :whoaaaa:
       
 (DIR) Post #AVimOKFHnDAJEoTszg by flappypaddle@hijacked.download
       2023-05-16T17:12:58.919055Z
       
       0 likes, 0 repeats
       
       I used to, but no longer.  Now its just to keep some skills semi-available should I ever want to join the rat race again (I don't).
       
 (DIR) Post #AVimOLEc7CDoJ1AraK by matty@nicecrew.digital
       2023-05-16T17:13:28.452919Z
       
       0 likes, 0 repeats
       
       Every day is a learning experience. How could I find out what headers CF is sending using only the terminal?
       
 (DIR) Post #AVimOM8GmGk15dDJKq by ahmad@bassam.social
       2023-05-16T17:15:13.770877Z
       
       1 likes, 0 repeats
       
       RTFM:developers.cloudflare.com/fundamentals/get-started/reference/http-request-headers/
       
 (DIR) Post #AVjCwQeD5uBDkP3s2q by matty@nicecrew.digital
       2023-05-16T23:44:56.105919Z
       
       0 likes, 0 repeats
       
       Why do you use $request_uri versus $binary_remote_addr?