On 2021-10-27 08:40, Alex Schroeder wrote:
> I kept working on this page on how to deal with bots, and I'd be happy
> to add more ideas, or refine the existing sections. If anybody is
> interested in how to get fail2ban to work with their server, I'd be
> happy to add pages explaining how to do this if you provide me with a
> log file snippet, for example.
>
> => //transjovian.org:1965/gemini/page/Dealing%20with%20bots
>
> Feel free to copy and use elsewhere.
>
> Feel free to mail me directly with comments.
Good job!
> ### Banning IP numbers is problematic
> It’s true. Perhaps there’s a shared server at that IP number. One of
> the users on that server writes a misbehaving bot and all are
> punished. If you are concerned about that, your server needs to move
> the dynamic content behind a client certificate requirement. There is
> no other way to identify particular users using Gemini.
I'm concerned about that, so I have Tor exit nodes explicitly ignored
from blocking. That's what I have in my jail.d files (except for sshd):
> ignorecommand = /bin/grep <ip> /etc/tor/torbulkexitlist
/etc/tor/torbulkexitlist is updated daily by a cronjob from
https://check.torproject.org/torbulkexitlist
![Atom Feed](data:image/svg+xml,<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg"
id="RSSicon"
viewBox="0 0 8 8" width="16" height="16">
<title>RSS feed icon</title>
<style type="text/css">
.button {stroke: none; fill: orange;}
.symbol {stroke: none; fill: white;}
</style>
<rect class="button" width="8" height="8" rx="1.5" />
<circle class="symbol" cx="2" cy="6" r="1" />
<path class="symbol" d="m 1,4 a 3,3 0 0 1 3,3 h 1 a 4,4 0 0 0 -4,-4 z" />
<path class="symbol" d="m 1,2 a 5,5 0 0 1 5,5 h 1 a 6,6 0 0 0 -6,-6 z" />
</svg>)