dual_sport_dork 🐧🗡️

In my case the pattern appears to be some manner of DDoS botnet, probably not an AI scraper. The request origins are way too widespread and none of them resolve down to anything that’s obviously datacenters or any sort of commercial enterprise. It seems to be a horde of devices in consumer IP ranges that have probably be compromised by some malware package or another, and whoever is controlling it directed it at our site for some reason. It’s possible that some bad actor is using a similar malware/bot farm arrangement to scrape for AI training, but I’d doubt it. It doesn’t fit the pattern from that sort of thing from what I’ve seen.

Anyway, my script’s been playing automated whack-a-mole with their addresses and steadily filtering them all out, and I geoblocked the countries where the largest numbers of offenders were. (“This is a bad practice!” I hear the hue and cry from specific strains of bearded louts on the Internet. That says maybe, but I don’t ship to Brazil or Singapore or India, so I don’t particularly care. If someone insists on connecting through a VPN from one of those regions for some reason, that’s their own lookout.)

They seem to have more or less run out of compromised devices to throw at our server, so now I only see one such request every few minutes rather than hundreds per second. I shudder to think how long my firewall’s block list is by now.

I have and there’s nothing noteworthy, other than tons of other retailers selling the same thing of course.

It doesn’t quite work that way, since the URL is also the model number/SKU which comes from the manufacturer. I suppose I could write an alias for just that product but it would become rather confusing.

What I did experiment with was temporarily deleting the product altogether for a day or two. (We barely ever sell it. Maybe 1 or 2 units of it a year. This is no great loss in the name of science.) This causes our page to return a 404 when you try to request it. The bots blithely ignored this, and continued attempting to hammer that nonexistent page all the same. Puzzling.

Maybe, but I also carry literally hundreds of other products from that same brand including several that are basically identical with trivial differences, and they’re only picking on that one particular SKU.

Negative. Our solution is completely home grown. All artisinal-like, from scratch. I can’t imagine I reveal anything anyone would care about much except product specs, and our inventory and pricing really doesn’t change very frequently.

Even so, you think someone bothering to run a botnet to hound our site would distribute page loads across all of our products, right? Not just one. It’s nonsensical.

I run an ecommerce site and lately they’ve latched onto one very specific product with attempts to hammer its page and any of those branching from it for no readily identifiable reason, at the rate of several hundred times every second. I found out pretty quickly, because suddenly our view stats for that page in particular rocketed into the millions.

I had to insert a little script to IP ban these fuckers, which kicks in if I see a malformed user agent string or if you try to hit this page specifically more than 100 times. Through this I discovered that the requests are coming from hundreds of thousands of individual random IP addresses, many of which are located in Singapore, Brazil, and India, and mostly resolve down into those owned by local ISPs and cell phone carriers.

Of course they ignore your robots.txt as well. This smells like some kind of botnet thing to me.

This is the only correct answer in this entire thread.

I personally do not trust ISP provided routers to be secure and up to date, nor free of purposefully built in back doors for either tech support or surveillance purposes (or both). You can expect patches and updates on those somewhere on the timescale between late and never.

Therefore I always put those straight into bridge mode and serve my network with my own router, which I can trust and control. Bad actors (or David from the ISP help desk) may be able to have their way with my ISP router, but all that will let them do is talk to my own router, which will then summarily invite them to fuck off.

Likewise, I would not be keen on using an ISP provided router’s inbuilt VPN capability, which is probably limited to plain old PTPP – it has been on all of the examples I’ve touched so far – and thus should not be treated as secure.

You can configure an OpenWRT based router to act as an L2TP/IPSec gateway to provide VPN access on your network without the need for any additional hardware. It’s kind of a faff at the moment and requires manually installing packages and editing config files, but it can be done.

I’m not saying nobody has that requirement, I’m just predicting that most people actually don’t if they sit down and think about it for a minute.

Also, what jaroni just said about cover art and position saving is still patently false and has been since, like, 1994.

Artwork

Yes they can, via images embedded in their ID3 tags. This is supported by a huge array of players in terms of both physical hardware and software.

Keep your place

Yes they can, via many players (including both VLC which is what I use, and also my car stereo).

Sync across devices

This much is true, at least in the players I use. There’s probably a solution with some specific player somewhere.

But specifically for audiobooks, I don’t… need… to play across multiple devices. I listen via only two methods: My headphones (which are driven by my phone) and in my car (which works with my phone). I only actually use one player. It goes with me everywhere. Ours go with most of us everywhere; we’re naked without 'em.

If your use case requires a networked solution, you do you. I’m just saying, don’t automatically get blinded by how the Streaming Era has kind of fucked up everyone’s brain.

Edit: Downvoting me doesn’t change the fact that what you said was false.

Yes, I am aware of where this is posted and am prepared for my inevitable crucifixion as a result of this observation. But, like… is this really a problem that requires a self hosting solution? That seems like quite the overcomplication to me unless you absolutely require access to your entire selection on multiple devices that will have 24/7 network connections for some reason. I imagine most people actually don’t. And if you do, a simple file share is probably a less convoluted solution, and surely already exists on the server you already have.

MP3’s take up negligible amounts of storage space on modern devices and can be played on anything, and can be easily taken with you anywhere including out of network range.

I guess teaching people how to drag-and-drop audio files onto their phone and open them with VLC would be a much shorter article.

(Ed: Punctuation.)

You’re in the same boat as me, except swap 70’s for 1920’s. I have to tear down all the plaster – not drywall, actual literal plaster, on lath – to get at the ground floor wiring. I decided it’s fine where it is for now.

You used the magic word, “modern.”

Lots of houses in this world are not modern, and some of them are old enough that they were retrofitted to have electricity, as mine was, rather than even being built with it to begin with. And done so in a haphazard manner when electrical codes were either much more lax than now or didn’t exist. And further when the expected power draw for a household was considerably lower, because basically all of it in the 1920’s or whatever was only used for lighting and we didn’t have all of our current appliances, TV’s, computers, 3D printers, or even indoor space heaters.

So moaning about what ought to be rather than what is really doesn’t accomplish anything, especially in OP’s case.

My small house has basically the entire ground floor wired to only two 15 amp circuits.

I can only conjecture it must have cost a mint.

Crikey. I have to wonder what that ~2TB unit must have cost in 2016.

Interesting that the one has such large capacitors in it. I imagine that is as last-ditch effort to keep the board powered long enough to finish flushing all of its caches in the event of a power failure.

Yeah, they can fuck off. When their opening salvo was threats and legal bluster, I don’t see why anyone should trust an alleged olive branch now. The right thing to do was not to send this email second.

I have to work with Haier in my business now as well ever since they bought GE. They’re a shitty company that goes back on their word constantly (at least within the B2B space), and nobody should be giving them one thin dime.