2025-07-17 Bringing the Butlerian Jihad to Gemini
=================================================

A long time ago I was very enthusiastic about Gemini. I wrote a wiki
engine called Phoebe with many plugins for all sorts of things. Then
I got disillusioned and dropped it all. Then I put some stuff back
online using a patched satellite. It adds on-the-fly Markdown to
Gemtext transformation, handles all the certificates transparently and
just works.

Thank you, Gustavo Heinz! Your satellite is great.

I recently added logging to it. It does some rudimentary logging of
all requests, including the IP number of the client making the
request. You know where this is heading. fail2ban is coming to town
and it's bringing the Butlerian Jihad! We're going to fight bots.

If you run the patched Satellite as a systemd service, this allows
you to contain bots using fail2ban monitoring the systemd journal.

Use the following for /etc/fail2ban/jail.d/satellite.conf:

    [satellite]
    enabled = true
    port    = 1965
    findtime = 40
    maxretry = 20

Use the following for /etc/fail2ban/filter.d/satellite.conf:

    [Definition]
    failregex = (OK|ERROR|REDIRECT) <HOST>
    journalmatch = _SYSTEMD_UNIT=satellite.service

The result is that all requests are logged and any IP number that
makes more than 20 requests in 40 seconds is banned. By default,
fail2ban bans IP numbers for 10 minutes.

The result:

    # fail2ban-regex systemd-journal satellite
    
    Running tests
    =============
    
    Use   failregex filter file : satellite, basedir: /etc/fail2ban
    Use         systemd journal
    Use         encoding : UTF-8
    Use    journal match : _SYSTEMD_UNIT=satellite.service
    
    
    Results
    =======
    
    Failregex: 443 total
    |-  #) [# of hits] regular expression
    |   1) [443] (OK|ERROR|REDIRECT) <HOST>
    `-
    
    Ignoreregex: 0 total
    
    Lines: 468 lines, 0 ignored, 443 matched, 25 missed
    [processed in 0.05 sec]
    
    Missed line(s): too many to print.  Use --print-all-missed to print all 25 lines

Use the various options to see what gets matched.

    # fail2ban-client status satellite
    Status for the jail: satellite
    |- Filter
    |  |- Currently failed:	0
    |  |- Total failed:	0
    |  `- File list:	
    `- Actions
       |- Currently banned:	0
       |- Total banned:	0
       `- Banned IP list:	

#Gemini #Satellite #fail2ban