algernus nosleepus luddicus
@algernon@come-from.mad-scientist.club  ·  activity timestamp 6 days ago

Looking at the unclassified¹ requests #iocaine let through yesterday for a bit, because it still feels too damn high, and I can't seem to be able to let go.

There's exactly 191935 of those, excluding requests originating from my homelab, or from Aman. There were almost 2.4k uniqe IP addresses involved, the top three (all IPv6!) responsible for a mere 3k requests. There are only 1.2k addresses with over 100 requests, and only 20 over 200.

I'll be looking at those 20, starting from the top.

¹: unclassified is any request I let through that I can't put in either of the fedi-software/feed-reader/tools-and-services/communication-software buckets.
algernus nosleepus luddicus
@algernon@come-from.mad-scientist.club  ·  activity timestamp 6 days ago

Looking at the requested URLs:

2.6k are notifications, 1.6k are my profile on my old masto server, and a lot of them are assets linked from therein.

Ordering by host, 181k are against my old masto instance. Okay, lets have a quick look at the rest, to see if I can classify anything better, then we'll dig into what's happening over on trunk.mad-scientist.club.
algernus nosleepus luddicus
@algernon@come-from.mad-scientist.club  ·  activity timestamp 6 days ago

Looking at the rest of the URLs, the majority of them is notifications and requests against resources that make perfect sense. Not much to do here. We're talking about ~10k requests here total, out of 8.4 million.

That's 0.1%. I can understand my mind obsessing over 4%, but 0.1%? Fuck no.

So lets see what's up with trunk! If I can get rid of that 181k, we're golden. Some of it might be legit, mind you, but that's gonna be a small minority of these requests.

But first: food.
algernus nosleepus luddicus
@algernon@come-from.mad-scientist.club  ·  activity timestamp 6 days ago

Looking at unclassified traffic towards trunk.mad-scientist.club yesterday:

  • 181k requests total
  • 1.7k unique IP addresses
  • 1659 hits on /@algernon (~179k on anything else)
  • 3.6k requests excluding css, JS and emoji assets
  • 3.4k /api requests
  • 107 emoji asset requests

The number of /api requests is about twice that of /@algernon requests, which tracks. That tracks, there's two /api resources on the page.

So this kind of feels like a whole lot of IPs just loading my profile on the old instance.

But why?

1+ more replies (not shown)