Post Aw2Ddc4yT3thw0JmvA by playit@fediverse.dotslashplay.it
(DIR) More posts by playit@fediverse.dotslashplay.it
(DIR) Post #Aw2Ddc4yT3thw0JmvA by playit@fediverse.dotslashplay.it
2025-07-11T18:52:28Z
0 likes, 0 repeats
We have talked a couple times about our custom black hole system, used to trap LLM scraping bots and feed them poisoned data, cf. https://notes.vv221.fr/blackhole.xhtmlA legitimate wonder is, are bots actually falling into the trap? Won’t they notice something is amiss, and learn to avoid your server?First of all, they are bots. They can not notice nor learn anything.About the effectiveness of the trap, attached to this message is a short video clip of two minutes of Web requests activity in this trap, so you can see by yourself. Remember that this is on a server that is virtually unknown, and is not even referenced on search engines.The video has been generated with logstalgia: https://logstalgia.io/
(DIR) Post #Aw2DddUXDVwCJZHiOu by lanodan@queer.hacktivis.me
2025-07-11T20:26:34.450764Z
0 likes, 0 repeats
@playit cut -d. -f1 | cut -d':' -f1-2 | uniq -c | sort -rn | head my logs to get ones where there's been the most requests in a minute and the top two are rather fun:logstalgia_2025-06-03T11:38_fedi.mp4logstalgia_2025-06-21T00:49_fedi.mp4
(DIR) Post #Aw2M1RBNQrvWiqBTuK by playit@fediverse.dotslashplay.it
2025-07-11T21:58:50Z
0 likes, 0 repeats
I assume the IP getting almost only 404 in the first example is not a legit user? I recognise the IP and here it is already sent to the black hole.What about the two IPv6 in the second example? Their behaviour does not seem legit, but on the other hand I seldom see attackers using anything but IPv4.
(DIR) Post #Aw2M1SG1R5Ek3XMhmq by lanodan@queer.hacktivis.me
2025-07-11T22:00:41.298467Z
0 likes, 0 repeats
@playit Neither are legit, pretty sure first even got IP-blocked later, second one might have not but it uses a faked user-agent (no way Firefox on Windows 10 does a ton of requests like that, even with a mass-download addon).