this post was submitted on 22 Nov 2022
6 points (100.0% liked)

Asklemmy

43849 readers
685 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy 🔍

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 

Especially with the rush from Twitter, there are more and more bots and crawlers coming up from the Fediverse that just can't manage to send a correct UserAgent.
Many apps, which want to make usage of several platforms, just submit the framework they use for their connection. Like python/1.2.3, Dart/1.23 or http.rb/1.2.3.
The biggest problem with this behavior is, that I as the operator and administrator want to secure the system, but I would lock out legitimate software by targeting only the UserAgent. Especially the python/1.2.3 in particular, but has also attracted malicious attention many times in my log files.
I'm really grateful, that Lemmy developer decided to use a customized UserAgent, so that I as admin can directly see what request it is and where it comes from. That makes it so much easier to make the decision of harm or no harm.
On my servers, I started to block all requests with a “default” or empty UserAgent, but I wonder, how it's possible to fix this issue in general? Any ideas?

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here