More attacks by dump AI-bots
Makarius
makarius at sketis.net
Mon Nov 17 11:20:02 CET 2025
On 17/11/2025 00:04, Makarius wrote:
> In the past few days we've had more attacks on our servers, presumably by dumb
> AI-bots that cannot read robots.txt
>
> This happens mainly in the late evening (Royal Bavarian Time).
In the past few days the situation had improved in the morning, but not today.
> Notable services that are compromised:
>
> https://isabelle.sketis.net/components
> https://isabelle.sketis.net/repos/isabelle
> https://isabelle.sketis.net/repos/isabelle-release
The problem are our hgweb servers (via Apache and its builtin Python engine),
this also applies to https://isabelle.in.tum.de/repos which is presently unusable.
We need to find a proper solution for hgweb + Apache specifically.
For now I have disabled https://isabelle.sketis.net/repos altogether. The main
Isabelle repositories are still available via https://isabelle-dev.sketis.net
--- but that is for members only: I had to close it some months ago due to
dumb AI-bots (Phorge is even more vunerable due to its use of PHP + MySQL).
It should be possible to work with isabelle-dev.sketis.net under program
control using SSH URLs, after suitable SSH public keys have been uploaded. I
will see how to change the important isabelle_cronjob (nightly builds)
accordingly.
In the mid 1990ies the Open Internet has emerged, where everybody could
participate easily with self-hosted servers. The AI War that started in
Jan-2025 has destroyed that --- but I am not going to participate in any war
of any kind.
Makarius
More information about the isabelle-dev
mailing list