High on Crime / Tar Pit
Bands: High on Crime Tar Pit More T.B.A. Venue: 410 Webster The Mall#tarpit
@technomancy also #tarpit, #CompressionBomb , #IPban & #cryptojacking "#AI" should be fair game, even tho I can't endorse.the last one for legal reasons.
Okay #fedi: looking for a computer to run a #tarpit for a couple of small #selfhosted static websites.
A cheap refurbished desktop from an office supplies retailer is cheaper than just the DDR4 RAM for a DiY scratch build. All are Intel chips, though.
I could probably build with new SBC and parts I have on hand for slightly less.
For this application, probably running #Iocaine or similar, better to work with SBC or refurb little desktop? Intel vs. Arm?
@dnsprincess @Walker in any event you should always opt to build the monster app or apps that wring out not only many opsec oversights but also work together in gestalt catalyzing manner - good examples of this could be cve in a wiki or diy shodan plus maltego or a graph #tarpit #artillery by dave kennedy #osint #dfir #tags #arroyo cluster #firehose #version number
I was playing around with fail2ban and started thinking.
If I ban bots, is that actually a net negative to the health of the internet?
When you ban bots, they just go to the next server. Because your server does not have default or dumb passwords it was unlikely to be breached anyways, the bot was just wasting its resources.
When you ban it, it moves to the next one where it has a higher chance to succeed.
The two ideas I have to impose higher costs on bots is
- Tarpit
Tying up resources indefinitely seems more useful than just blocking it. Although compute is so cheap it probably doesn't matter nowadays. Maybe more effective back when bots were simpler.
- Report it to abuseipdb and similar
I'm not sure if the aipdb et al are actually annoying enough that bots would spend time avoid getting on those lists?
I have an idea for doing a test, I'll take two IP:s and put fail2ban on them.
On one, we don't ban, just report it to abuseipdb.
On the other we just ban.
I'm curious if this will affect the amount of scans hitting it.
It's been wild watching the crazy array of obvious AI bots working their way deeper into my iocaine tarpit.
They are taking the greatest care to not burden my system (rate is holding at about 5 pages per minute, on average, for the last 30 days straight). The site they are chewing through is statically generated, so it can handle a lot more.
It's just such a weird feeling watching them, like when a toddler thinks you can't see them because *their* head is covered.
@bendelarre any tips for making a good #Tarpit ?
Did a Python implementation of my new display idea and I love it.
Whenever someone sends data to the nuclear reactor honeypot, that data is used to generate a bunch of cells immediately, then while it's waiting for new connections it's just slowly generating cells based on whatever cellular automata rule it was left on.
This is gonna look so good on an Inkplate, some of the screens I've seen could be Game Boy graphics :-D
#projects #tarpit #honeypot #cellularautomata
Whenever someone sends data to the nuclear reactor honeypot, that data is used to generate a bunch of cells immediately, then while it's waiting for new connections it's just slowly generating cells based on whatever cellular automata rule it was left on.
This is gonna look so good on an Inkplate, some of the screens I've seen could be Game Boy graphics :-D
#projects #tarpit #honeypot #cellularautomata
Remember that nuclear reactor honeypot I made? I lost interest in the cloud chamber display pretty quickly but I just had a better idea!
A slowly scrolling cellular automata (like, real slow, one pixel per minute?) When new data comes in it takes each byte, sets the current CA rule as the byte's value, and processes a bunch of cells. Then goes back to 1 cell per minute, except the rule is now whatever the last byte of data was.
Depending on how this looks in practice I might use my XOR method instead of using the bytes directly.
#tarpit #ideas
A slowly scrolling cellular automata (like, real slow, one pixel per minute?) When new data comes in it takes each byte, sets the current CA rule as the byte's value, and processes a bunch of cells. Then goes back to 1 cell per minute, except the rule is now whatever the last byte of data was.
Depending on how this looks in practice I might use my XOR method instead of using the bytes directly.
#tarpit #ideas
OpenAI is directly ignoring my robots.txt file which disallows indexing of /trash/ on my website. Their loss I guess.
Or it's some other actor impersonating OpenAI.
aktueller Stand meiner ssh Teergrube... mit knapp 2000 Verbindungen innerhalb von 24 Stunden mein bisheriger Spitzenwert.
Interested in fighting the LLM training data scrapers?
https://forge.hackers.town/hackers.town/nepenthes
Nepenthes is a text-generating tar pit creating endless pages with dozens of links pointing to itself.
Kyle Hill med eit #kritisk blikk på #KI: https://www.youtube.com/watch?v=vC2mlCtuJiU #AI #tarpit #growspikes
"Rage against the machine"
I haven't realized this war was already happening, but I think it was inevitable. Funny to combat new shiny AI crawlers with old techniques.
"Be indigestible. Grow spikes."
By the way, I'm not telling anyone to do anything, as a disclaimer. I find this very interesting myself.
We could probably make significant damage to all those "Dark Net" scraper bullshit tools if we'd use the Trademark registrars, the German Handelsregister, etc. and created bullshit database entries from it, bullshit GitHub (they only care about GitHub, they don't even scan others lol) commits with some XML containing references to those names, crap websites, etc. We could even combine this with #Tarpit and other anti-AI stuff.
~ signed, a person who has to wade through thousands of bullshit alerts for generic terms.
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst