2025-01-04 SSH app bots
=======================

A long time ago I wrote a program that is accessible via ssh. Use the
arrows to move around on the map, use u and d to raise and lower the
land. The program recomputes water flow, forests, swamps, settlements,
and so on. It's cute.

I called it hex-populate, in honour of Populous.

If you "save" the map, an SVG rendering is saved on the server which
you can download via scp.

Since this application is a bit like a web site, there are not
credentials to provide. Anybody can give it a try:

    ssh campaignwiki.org -p 2022

Recently I wondered why load on the server was up to 3. The virtual
server only has two cores so so it was overloaded. I checked with htop
 and hex-populate was eating 50% of the CPU. Really? Was somebody
fuzzing the application, sending it random input?

Let's check using lsof. The option -i :2022 lists all the activity
concerning the port I'm interested in. -n means I don't need the
hostname. (The hostname was "inspector-apps.com".)

    # lsof -i :2022 -n
    COMMAND       PID         USER   FD   TYPE    DEVICE SIZE/OFF NODE NAME
    hex-popul 3601254 hex-populate    3u  IPv4 107999449      0t0  TCP 178.209.50.237:2022 (LISTEN)
    hex-popul 3601254 hex-populate    7u  IPv4 107999454      0t0  TCP 178.209.50.237:2022->159.203.81.114:57528 (ESTABLISHED)

You know what comes next.

    root@sibirocobombus ~# whois 159.203.81.114

And based on the info, ban the whole network, and add it to ban-cidr
as a warning for all to see.

    ipset add banlist 159.203.0.0/16
    echo "# " (date --iso) >> bin/admin/ban-cidr
    echo "ipset add banlist 159.203.0.0/16" >> bin/admin/ban-cidr
    systemctl restart hex-populate.service

#Administration #Hex_Populate #Butlerian_Jihad