>Out of curiosity, what UAs are they using? Tried SSL fingerprinting? You know why they'd be hitting your server, like did you check if DiscordBot or something is in your referrers, or someone linked to it from somewhere, or...?
Nitter is a Twitter proxy and there is only a few left after Elon's antics trying to make it a walled garden. The current design of Nitter requires us to make a large number of "guest accounts" that are created during an onboarding process using an old Android version of the Twitter account. These guest accounts give us access to most API features that used to exist because the walled garden. Each one has about 499 requests out of them before getting rate limited and only last 30.5 days before expiring.
As to why? Nitter is effectively the only way to scrape content from Twitter, the guest_account stuff can only be created 1 per IP per day, so a lot have to be generated via proxy service. All of the basic stuff like obvious bot user agents have been handled, these botnets never have a single IP make a request more than once every 7-11 seconds and always with a legitimate User Agent. Sometimes it looks like desktop windows Chrome sessions, sometimes Iphones, its all over the place no real pattern, same with the stuff being searched for.
I think I may come up with a way of 403ing anything that doesn't have a referrer to specific endpoints. In theory they should hit the root page, search from there and get referred to another page.
Salastil /
npub1rys…5m9t
2023-10-01 00:44:25
in reply to nevent1q…6srj
Author Public Key
npub1rysx3lwfv2d7x9c43l4gh0skvg4m70eekd2v47zvx89vafulem0qav5m9tPublished at
2023-10-01 00:44:25Event JSON
{
"id": "333e9ee0498fb33637a29599167d96c816dc28f94eedf3629c8e3e44b8d99816",
"pubkey": "192068fdc9629be317158fea8bbe16622bbf3f39b354caf84c31cacea79fcede",
"created_at": 1696113865,
"kind": 1,
"tags": [
[
"p",
"c5cf39149caebda4cdd61771c51f6ba91ef5645919004e5c4998a4ea69f00512",
"wss://relay.mostr.pub"
],
[
"e",
"c962466af3053eeaa4834e828ddb25a91bb932db869b94e12fecf63587b02b92",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://pleroma.salastil.com/objects/faec635a-db20-440a-8518-683e3dd1a124",
"activitypub"
]
],
"content": "\u003eOut of curiosity, what UAs are they using? Tried SSL fingerprinting? You know why they'd be hitting your server, like did you check if DiscordBot or something is in your referrers, or someone linked to it from somewhere, or...?\n\nNitter is a Twitter proxy and there is only a few left after Elon's antics trying to make it a walled garden. The current design of Nitter requires us to make a large number of \"guest accounts\" that are created during an onboarding process using an old Android version of the Twitter account. These guest accounts give us access to most API features that used to exist because the walled garden. Each one has about 499 requests out of them before getting rate limited and only last 30.5 days before expiring. \n\nAs to why? Nitter is effectively the only way to scrape content from Twitter, the guest_account stuff can only be created 1 per IP per day, so a lot have to be generated via proxy service. All of the basic stuff like obvious bot user agents have been handled, these botnets never have a single IP make a request more than once every 7-11 seconds and always with a legitimate User Agent. Sometimes it looks like desktop windows Chrome sessions, sometimes Iphones, its all over the place no real pattern, same with the stuff being searched for. \n\nI think I may come up with a way of 403ing anything that doesn't have a referrer to specific endpoints. In theory they should hit the root page, search from there and get referred to another page.",
"sig": "0611161a4ab169606da5b28695f330387b688560481a13897272ea0b6e5cb3503ad31e7fdb9fa41856beb4623fa7552b1844223ea5745be3e6d1ba0d2d3e35b5"
}