Post · bonfire.cafe

@ltning@pleroma.anduin.net · 4 months ago

Yay! Or maybe AIEEE! Seems like I'm giving a talk at #EuroBSDCon again this year!

Anyone who has been following me here for a while will know I'm a hopeless #retrocomputing nerd, and I will make no attempt at hiding it during my talk:

Dirty Tricks: Using nginx and Lua to thwart bots and skript kiddies

I'll (try to) show how you can protect your #BBS from drive-by portscans and your production systems from #DDoS attacks using all the wrong tools.

Dietary warning: may contain traces of floppies.

https://events.eurobsdcon.org/2025/talk/review/RHDFBQWZEVC833T3WDLDEXYFQVRWJKMN #FreeBSD #BSD #Unix #DOS #RunBSD

Anduin.net

Dirty Tricks: Using nginx and Lua to thwart bots and skript kiddies EuroBSDCon 2025

(Or: Fighting denial-of-service for fun and profit.) ### For fun: I want to run a BBS on an old 386 machine, but exposing it to the Internet via Telnet will turn any drive-by portscan into a potential DoS (not DOS). I'm sure we've all been there. Right? ### For profit: Someone realises that throwing hundreds of thousands of TLS handshakes per second at us is worth it, and I don't have more CPU to throw at the problem. That's what we get for placing ourselves in the line of fire, I guess? ### Dirty tricks So what can be done about this? Well it turns out that with Lua and Nginx, I can solve both problems. Join me for a brief excursion into the world of retro-BBSes, an introduction to some Internet Scumbags and their shenanigans, and some possible solutions to these problems. I'm not an active Lua coder, and I don't know nginx nearly well enough despite having used it for 15 years. So here's fair warning: Anyone who actually knows these things may catch a bout of nausea.

Anduin.net

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.21 no JS en

Automatic federation enabled