On Wed 22 Jun 2022, at 22:42, gene heskett <ghesk...@shentel.net> wrote: > On 6/22/22 16:51, Gareth Evans wrote: >> On Wed 22 Jun 2022, at 21:16, gene heskett <ghesk...@shentel.net> wrote: >>> On 6/22/22 10:45, Gareth Evans wrote: >>> [and I sniped a few kilobytes of.] >>> >>> I think I've got it, but I did find what may be a bug in mod auth_plain. >>> >>> Its asking for a username and pw, but nothing seems to satisfy it >> I didn't see you had replied before sending my previous message, please >> ignore. >> >> Can't find anything about mod_auth_plain but if you mean mod_auth_basic this >> requires usernames/passwords to be set up, not looking at /etc/passwd >> >> https://www.howtogeek.com/devops/how-to-setup-basic-http-authentication-on-apache/ >> >> This also has a link to setting up LetsEncrypt. >> >>> , so >>> I disabled it, no man page hat I can find, and now its showing me >>> the directory I want as the root of this server, with one subdir >>> I can click on, and the first file I put there. >>> >>> However I need to compose an explanatory README to go with it as >>> I had to invent my own method of installing it on a u-booting rpi. Its a >>> preempt-rt kernel needed to run the armhf version of linuxcnc from >>> the buildbot. I run the bleeding edge development version on all 4 >>> of my machines I've built or rebuilt. I play the part of the caged >>> canary in the coal mine, checking for showstoppers as development >>> is ongoing and has been since the net arrived. Its a NIST project, re- >>> done in gpl and was once on the no export list. See at linuxcnc.org. >>> >>> So the plain text version is working and you should be able to see it at >>> <http:6309/geneslinuxbox.net> (or something like that) >> Yes. > Good, so I'll quit tinkering for today. >> >>> That file in the armhf subdir is just under 30 megabytes, so if paying >>> for the bandwidth, don't click on it. >>> >>> Making progress, I think, Thanks Gareth. >>> >>> However, if there is a way to implement a OTP so I can keep track of the >>> users, >>> I could use some help with that as long as I don't setup a universal pw >>> the bots >>> can use. What I'd like is a true OTP with a 2 week lifetime. Can that >>> be done? >> I see there are various offerings (web search for "apache otp") but there >> doesn't seem to be an official offering. >>
>> I would imagine just using a password would keep the bots away. Are they >> that determined? > > Some are, bing and mj12 seem to be the untrainable offenders. mj12 moves > theirs around > in their huge address space about weekly so they got the /16 treatment > several times. > > bing moves heirs about monthly. By the time those two seacrate drives > puked, my iptables > rules were about 200 lines deep. OK, but I mean do the non-robots.txt-compliant bots actually try to submit passwords? I was wondering why you are interested in OTP/scheduled password regeneration for this use case, and whether a simple (or not so simple) password may be sufficient for bandwidth preservation purposes. Thanks G > > I think its called netfilter now, so I expect I better find out how to > use it. > > In the meantime, a man page for robots.txt would be nice but I expect > DDG can find that.. >> Best wishes, >> Gareth > Take care and stay well. > > Cheers, Gene Heskett. > -- > "There are four boxes to be used in defense of liberty: > soap, ballot, jury, and ammo. Please use in that order." > -Ed Howdershelt (Author, 1940) > If we desire respect for the law, we must first make the law respectable. > - Louis D. Brandeis