Thinking out loud about spam and other abuse #106
Labels
No labels
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: mia/0x0#106
Loading…
Add table
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Foreword: feel free to close, or, what ever you feel like to do with this.
I'm not yet using 0x0 but looking around the self-hosted anon file-hosting solutions this one seems to be a nice one. I had to move from transfer.sh because it's half finished, and has ... well... other problems.
What I want to mention here is that you should be aware of the abuse of free hostings, or, in a different view, undesirable way of use.
"People" found my hosting a few years ago, and started using it for various stuff, which is fine.
After a while, however, I have noticed that my network traffic skyrocketed, even if if was limited it actually have used up that limit, blocking out the normal traffic.
And it was not porn, at least in my case, but warez APKs, and by the hundreds. And it was one upload and gazillion downloads.
The solution on transfer.sh was to limit maximum downloads, so it became not desirable to do that, but I can guess 0x0 should be prepared for admins do not intend to provide a free warez site (or porn, depending on the case).
I noticed that the development is not very active anymore, so this is not even a wishlist, just a reminder. I may check and patch up the code, though as far as I see pull requests linger up there already. :-)
Thanks for the code!
Well that’s most of what I’ve been focusing on in terms of development: Tools to fight abuse and unwanted behavior. There’s some upcoming stuff, just kinda busy with life.
And yes, 0x0.st has seen terabytes of that stuff uploaded over the years. The good news is that you can mitigate most of it by blocking VPNs and cloud hosting providers. I do that both at the firewall level (subscribing to public ipsets for malicious hosts and anonymizing networks) and with request filters.
I got spam and abuse under control pretty quickly with the tools I’ve written, and I want to continue working on them.
See also: https://movsw.0x0.st/notes/9zbbvbm3hvaa0f6e
But even so, 0x0.st got popular enough to generate a lot of traffic—between 10 and 40 TB a month. So it’s a very bad idea to run a public file hoster when you’re getting billed for egress traffic.