Closed futzle closed 1 year ago
Ah yes, you're totally right, we should not be doing outgoing requests to them at all - I must have overlooked the "is the remote server alive" check when adding the blocking code.
I can fix that and I'll look into it as soon as I can, but we also have the option of entirely blocking even outbound calls to anything under the domain and making it an error - maybe that would be good as a backup. I can't think of anything you'd want to do with a blocked domain that would be stopped by that.
About the blocklist, I was following the discussion this weekend and thought the same. I'll prepare a PR adding the import feature 🙂
Yeah, especially as it seems like there's an effort to have a common block list format, which I'd like to support.
Agree that if I've defederated example.com
, this should extend to sub.example.com
and sub.sub.example.com
and so on automatically, to prevent playing whack-a-mole with bad actors spinning up subdomains, and to prevent fork-bomb DoS attacks like we saw *.misskey-forkbomb.cf do in 2022. This is also how Mastodon does defederation so it should satisfy the principle of least surprise.
I've fixed the immediate bug here which was poking blocked servers periodically as part of the "are they alive" check - I'll go see if I can make blocking function for subdomains too. That's going to be a little harder to do efficiently as "query for right substring" is not something we have an index for, but I suspect I know how to do it.
Alright, recursive blocking of subdomains is also in (for reference, any blocked domain that tries to send Takahē any content will be told it was successful, but it's just thrown away instead).
As a member of a visible minority, the first thing I did with my instance was to insert the 400 or so instances on the Oliphant Tier0 list into the users.domain model as Blocked. I consider this SOP for any Fedi instance deployment. (Side note: it'd be nice if I could import block lists on the web interface, or even to pre-emptively add blocked domains without messing with Django scripting.)
Yet I think my instance is still announcing itself to those blocked instances when the stator tries to fetch instance information from it.
This feels less than ideal: if the admin of that instance trawls through their webserver logs (they do), they're going to find periodic proof that my server exists.
I wonder if there's an argument for not attempting a state transition on users.Domain objects that have blocked = true, or having a dedicated
blocked
state so that our instance doesn't try to talk to that server.What does everyone think?