DDoS attacks jump 358% compared to last year https://www.helpnetsecurity.com/2025/04/29/cloudflare-ddos-attacks-q1-2025/ #cybersecurity #Cloudflare #cybercrime #Don'tmiss #attacks #threats #News #DDoS

Hey #NixOS #Cloudflare #ZeroTrust

edit: I have not yet sorted out getting Docker running on NixOS yet, so for the moment I'm gonna get that installed and use the available container, which has latest build. I would like to stick to pure Nix on everything, but there is a need to be, umm, clean on opsec.

I was trying to install cloudflared from unstable repo. It installed and works from 24.11, but when I ran the command to create the credentialsFile it complained about the older version and suggested upgrading to 2025.4.0 rather than the 2024.10.0 that is in nixos.

Unstable has 2025.2.1, which is better, but is not 2025.4.0. Two branching questions from here.

1 - the unstable package returned that error: Package ‘cloudflared-2025.2.1’ in /nix/store/vxwsnfg5mys9v1qrxvim13ddmnhd4z1g-unstable/unstable/pkgs/applications/networking/cloudflared/default.nix:97 is marked as broken, refusing to evaluate.

Conveniently, it included instructions for allowing packages marked broken through. Is that considered normal in dealing with Cloudflare on NixOS? Cause it reads to me like an outtake from "How To Get Your Website Pwned By L33t H4krz".

2 - considering that even if I allow the "broken" package in, I'm still not getting the version recommended by cloudflared's error message, perhaps there's a flake or something I should try, that would get the daily build or whatever?

I'm off to do more searches and maybe poke my head into one of the actual support forums, but this seems like a pretty common task for NixOS admins to be doing, so it's probably an easy answer that I just haven't found yet.

Probably been looking at nixos.wiki again or something.

If you know someone who works on/at #RoyalRoad Tell them their SSL Certificate just expired!

#CloudFlare

Cloudflare open sources OPKSSH to bring Single Sign-On to SSH https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/ #authentication #Cloudflare #opensource #GitHub #News #SSH

Over the past 24-hours, #Facebook has been the most determined #AI crawler to scrape data from this server, by far. They never succeed. #Cloudflare always blocks them for being one of the unwanted AI bots.

What is interesting though is its determination to read one particular user invite. I wonder how it picks the other posts it wants to read.

#aicrawlers

Alt...

Fairewall image of the Facebook BOT activity over the past 24-hours showing 846 blocked attempts to scrape data.

Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) https://www.helpnetsecurity.com/2025/03/24/critical-next-js-auth-bypass-vulnerability-opens-web-apps-to-compromise-cve-2025-29927/ #webapplicationsecurity #ProjectDiscovery #webdevelopment #vulnerability #Cloudflare #opensource #Don'tmiss #framework #Hotstuff #Next.js #News #PoC

Over the past 24-hours, the #Cloudflare firewall blocked over 34K requests on hear-me.social, about 7% of the traffic. This is a typical day. Some days, though, can be a lot more. I'm dodging some bullets.

I don't have the knowledge or time to build a firewall that recognizes bot behaviors, dynamically learns new abuse behaviors, does managed challenges when needed, and recognizes and blocks the hundreds of attack patterns hackers use. I would need a bigger server. I just couldn't do this myself.

And Cloudflare provides this service for free to hobbyists and small businesses.

Alt...

Graph showing traffic blocked by time

#Cloudflare now punishes #AI companies that purposely ignore their do-not-scan rules.

"... The content served to bots is deliberately irrelevant to the website being crawled, but it is carefully sourced or generated using real scientific facts—such as neutral information about biology, physics, or mathematics ... ". Cloudflare creates this content using its Workers AI service.

"No real human would go four links deep into a maze of AI-generated nonsense," Cloudflare explains. "Any visitor that does is very likely to be a bot, so this gives us a brand-new tool to identify and fingerprint bad bots."

https://arstechnica.com/ai/2025/03/cloudflare-turns-ai-against-itself-with-endless-maze-of-irrelevant-facts/?utm_social-type=owned

#AI

Cloudflare Shifts to HTTPS-Only for APIs, Closing All HTTP Ports https://gbhackers.com/cloudflare-shifts-to-https-only-for-apis/ #CyberSecurityNews #cybersecurity #Cloudflare

I'm curious to hear what others are #SelfHosting! Here's my current setup:

Hardware & OS

• Hardware: #RaspberryPi500 (8 GB RAM, 512 GB SD card) #RPi #RPi500 #SingleBoardComputers #HomeLab
• OS: #Stormux, an accessible #Linux distro based on #ArchLinuxARM #LinuxAccessibility #AccessibleTech

Infrastructure & Networking

• Dashboard: #Glance (#Docker) #DockerApps
• Reverse Proxy: #Caddy
• DNS: #Cloudflare
• Domain Registrar: #Porkbun
• Networking & Remote Access: #Tailscale (non-Docker), love its SSH agent and magic DNS features. #NetworkSecurity

Security & Monitoring

• Ad Blocking: #AdGuardHome (non-Docker). Previously used PiHole but find AdGuardHome slightly faster. #PrivacyTools
• Server Monitoring: #Beszel (non-Docker). Tried Grafana/Prometheus/Alertmanager (accessible but overkill) and Netdata (poor screen reader accessibility). Beszel isn't perfect but best compromise so far. #ServerMonitoring
• Server Overview: #Cockpit (non-Docker)
• Security Tools: #Fail2ban, #FirewallD, #ClamAV, and #Rkhunter (non-Docker). Tried CrowdSec but couldn't get it working on Stormux. #CyberSecurity
• Service Uptime Monitoring: #UptimeKuma (Docker), accessible and easy to use. #MonitoringTools

Authentication & Identity Management

• Authelia (Docker): Just set this up for two-factor authentication and single sign-on. Seems to be working well so far!
  
• LLDAP (Docker): Lightweight LDAP server for managing authentication. Also seems to be working pretty well!
  #AuthenticationTools #IdentityManagement

Productivity & Personal Tools

• Docker Management: #Dockge (Docker). More accessible than Portainer; main issue is built-in terminal isn't readable with screen readers. #DockerCompose
• Docker Logs Viewer: #Dozzle (Docker), great web interface and easy searching.
• Git Hosting: #Forgejo (non-Docker), my personal Git server. #GitServer
• Backups: #IDrive (non-Docker), backs up all my devices easily. #BackupSolutions
• Notes: #Joplin server (Docker). Accessibility improving; love the VSCode extension. #NoteTakingApps
• Bookmarks: #Linkding (Docker). Accessible bookmark manager with good browser extension support. #BookmarkManager
• Recipes: #Mealie (Docker), starting to learn cooking! 🍳📖  #CookingApps
• RSS Feeds: #Miniflux (non-Docker), excellent accessibility. Originally wanted better podcast support but other options had major accessibility issues. #RSSReader
• Automation & Workflows: #N8N (Docker). Haven't explored deeply yet—open to ideas! #AutomationTools #WorkflowAutomation
• Pastebin Service: #PrivateBin (non-Docker). Considering alternatives or CLI tool for easier console access. #PastebinAlternative
• File Sharing & Editing: #Samba (non-Docker), easy file management from my Windows 11 mini PC. #FileSharing #Windows11
• Search Engine: #SearXNG (non-Docker), accessible and searches multiple engines at once. #PrivacySearchEngine
• IRC Client: #TheLounge (non-Docker). Some accessibility issues but best I've found so far for always-connected IRC. #IRCClient
• Read Later Service: #Wallabag (Docker). Biggest issue is Wallabagger Chrome extension doesn't work for me yet. #ReadItLater

Notifications & Development Workflow

• Notifications via: #Ntfy (Docker) and Zoho's ZeptoMail (#Zoho)
• Development Environment: Mostly using VSCode connected to my server via Remote-SSH extension. #VSCodeRemote

Accessibility Focus ♿️🖥️

Accessibility heavily influences my choices—I use a screen reader full-time (#ScreenReader), so I prioritize services usable without sight (#InclusiveDesign, #DigitalAccessibility). Always open to discussing accessibility experiences or recommendations!

I've also experimented with:

• Ollama (#Ollama): Not enough RAM on my Pi.
• Habit trackers like Beaver Habit Tracker (#HabitTracking): Accessibility issues made it unusable for me.

I don't really have a media collection, so no Plex or Jellyfin here (#MediaServer)—but I'm always open to suggestions! I've gotten a bit addicted to exploring new self-hosted services! 😄

What's your setup like? Any cool services you'd recommend I try?

#SelfHosted #LinuxSelfHost #OpenSource #TechCommunity #FOSS #TechDIY

@selfhost @selfhosted @selfhosting

Cloudflare Introduces E2E Post-Quantum Cryptography Protections – Source: www.infosecurity-magazine.com https://ciso2ciso.com/cloudflare-introduces-e2e-post-quantum-cryptography-protections-source-www-infosecurity-magazine-com/ #rssfeedpostgeneratorecho #InfoSecurityMagazine #InfosecurityMagazine #CyberSecurityNews #Cloudflare

ChatGPT Down as Users Report “Gateway Time-out” Error – Source:hackread.com https://ciso2ciso.com/chatgpt-down-as-users-report-gateway-time-out-error-sourcehackread-com/ #1CyberSecurityNewsPost #artificialintelligence #CyberSecurityNews #CloudFlare #Technology #Hackread #security #Chatbot #Chatgpt #DDOS #AI

ChatGPT Down as Users Report “Gateway Time-out” Error https://hackread.com/chatgpt-down-as-users-report-gateway-time-out-error/ #ArtificialIntelligence #CloudFlare #Technology #Security #Chatbot #ChatGPT #DDOS #AI

Help Needed with Cloudflare Zero Trust, Pages, and Workers for ReactFlux + MiniFlux Setup

Hi everyone,

I'm new to #Cloudflare and have been trying to set up a #SelfHosted project on my #RaspberryPi 500. I'm mostly self-taught, so I apologize if I misunderstand anything or miss important details. Here's my situation:

Current Setup

• I'm running the self-hosted #RSS feed reader #MiniFlux on my Raspberry Pi 500 (#ArchLinuxARM, installed via Pacman).
  
• The setup uses #Caddy as a reverse proxy, a #CloudflareZeroTrust tunnel, and Cloudflare Access for SSO.
  
• My #CloudflareAccess application is configured to allow all origins, methods, and headers. It has a policy that allows specific emails or login methods (e.g., GitHub).
  

What I'm Trying to Do

• I want to deploy ReactFlux, an alternative frontend for MiniFlux, on #CloudflarePages.
  
• Before setting it up fully, I tested the ReactFlux demo with my MiniFlux instance at https://rss.laniecarmelo.tech. However, ReactFlux couldn't log in.
  

Suspected Issue

I believe the issue is caused by Cloudflare Access protection blocking ReactFlux from accessing the MiniFlux API (https://rss.laniecarmelo.tech/v1/*).

What I've Tried So Far

1. I added another hostname (rss.laniecarmelo.tech/v1/*) to my tunnel configuration and created a new Cloudflare Access application with a policy set to "Bypass" for everyone. However, this didn't work—when testing the API endpoint in a private browser window, I'm still asked to sign into Cloudflare.
   
2. I also tried setting up the hostname with "Protect with Access" turned off but got the same results.
   
3. Next, I attempted to use a #CloudflareWorker written in JavaScript to bypass authentication for /v1/*, but it doesn't seem to be doing anything (or isn't being triggered).
   

What I Need Help With

• How can I properly configure Cloudflare so ReactFlux can access the MiniFlux API (/v1/*) while keeping the rest of my MiniFlux instance protected by Cloudflare Access?
  
• I've been stuck on this for a couple of days and would really appreciate any guidance or suggestions!
  

Thanks in advance for your help!

#SelfHosting #ArchLinux #Linux #RSSReader #tech #technology #RaspberryPi #RPi #RPi500 #RaspberryPi500
@selfhosting @selfhost @selfhosted

#MiniFlux users, can anyone help?

Hi all. I'm having some issues with MiniFlux, a #SelfHosted #RSSReader, and hoping someone can help. MiniFlux was working fine until I tried to deploy ReactFlux on the same domain as it, rss.laniecarmelo.tech, on a subpath, /reactflux. This didn't work so I removed ReactFlux. I also migrated MiniFlux from #Docker to #Pacman package, thinking it would be easier on my system. This problem, or a similar one, was occurring before I did that though.

Now, rss.laniecarmelo.tech loads the MiniFlux login page, but when I login, it redirects to a blank page at rss.laniecarmelo.tech/login. I've added trusted proxies and cookie configuration to my miniflux.conf and headers to my Caddyfile, but I still have the issue.

I'm using #Caddy for #ReverseProxy and #Cloudflare for #SSO. Has anyone seen anything like this before? This is on a #RaspberryPi500 running #ArchLinuxARM.

I've checked MiniFlux logs, and it's getting the login requests and creating sessions. I'm not sure what's happening after that. Cloudflared and Caddy seem to be working normally.

#SelFhosting #Linux #RSS #RaspberryPi #RPi #tech #technology
@selfhost @selfhosted @selfhosting

🚨 Help Needed: #CORS and #Cloudflare Access Issues with #Nextflux + #MiniFlux Setup 🚨

Hi everyone! I’m struggling with a #SelfHosted setup and could really use some advice from the self-hosting community. Lol I've been trying to figure this out for hours with no luck. Here’s my situation:

Setup

• MiniFlux: Running in #Docker on a #RaspberryPi500 (#Stormux, based on #ArchLinuxARM).
• Nextflux: Hosted on Cloudflare Pages.
• Reverse Proxy: #Caddy (installed via AUR).
• Cloudflare Access: Enabled for security and SSO.
• Cloudflared: Also installed via AUR.
• CORS Settings in Cloudflare Access: Configured to allow all origins, methods, and headers.

What’s Working

• MiniFlux is accessible from my home network after removing restrictive CORS settings in both Caddy and MiniFlux.
• Nextflux is properly deployed on Cloudflare Pages.

The Problem

Nextflux cannot connect to MiniFlux due to persistent CORS errors and authentication issues with Cloudflare Access. Here are the errors I’m seeing in the browser console:

1. CORS Error:Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' from origin 'https://nextflux.laniecarmelo.tech' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

2. Cloudflare Access Redirection:

   Request redirected to 'https://lifeofararebird.cloudflareaccess.com/cdn-cgi/access/login/rss.laniecarmelo.tech'.
   

3. Failed to Fetch:

   Failed to fetch: TypeError: Failed to fetch.
   

What I’ve Tried

1. Service Token Authentication:

   • Generated a service token in Cloudflare Access for Nextflux.
   • Added CF-Access-Client-Id and CF-Access-Client-Secret headers in Caddy for rss.laniecarmelo.tech.
   • Updated Cloudflare Access policies to include a bypass rule for this service token.

2. CORS Configuration:

   • Tried permissive settings (Access-Control-Allow-Origin: *) in both Caddy and MiniFlux.
   • Configured Cloudflare Access CORS settings to allow all origins, methods, and headers.

3. Policy Adjustments:

   • Created a bypass policy for my home IP range and public IP.
   • Added an "Allow" policy for authenticated users via email/login methods.

4. Debugging Logs:

   • Checked Cloudflared logs, which show requests being blocked due to missing access tokens (AccessJWTValidator errors).

Current State

Despite these efforts:

• Requests from Nextflux are still being blocked by Cloudflare Access or failing due to CORS issues.
• The browser console consistently shows "No 'Access-Control-Allow-Origin' header" errors.

Goals

1. Allow Nextflux (hosted on Cloudflare Pages) to connect seamlessly to MiniFlux (behind Cloudflare Access).
2. Maintain secure access to MiniFlux for other devices (e.g., my home network or mobile devices).

My Environment

• Raspberry Pi 500 running Arch Linux ARM.
• Both Caddy and Cloudflared are installed via AUR packages.
• MiniFlux is running in Docker with the following environment variables:CLOUDFLARE_SERVICE_AUTH_ENABLED=trueCLOUDFLARE_CLIENT_ID=<client-id>CLOUDFLARE_CLIENT_SECRET=<client-secret>

Relevant Logs

From cloudflared:

ERR error="request filtered by middleware handler (AccessJWTValidator) due to: no access token in request"

From the browser console:

Access to fetch at 'https://rss.laniecarmelo.tech/v1/me' has been blocked by CORS policy.

Questions

1. Is there a better way to configure CORS for this setup?
2. Should I be handling authentication differently between Nextflux and MiniFlux?
3. How can I ensure that requests from Nextflux include valid access tokens?

Any help or advice would be greatly appreciated! 🙏

#SelfHosting #Cloudflare #CaddyServer #Docker #RSS #CORS #Linux #ArchLinuxARM #CloudflarePages #tech #technology

Gisterenavond heb #Firefox geüpdated naar de laatste versie, dus ik vermoed dat het "probleem" ergens anders ligt.

Waarschijnlijk bij het blokkeren en negeren van alle tracking-shite die ze in hun pagina's stoppen. Ik vermoed dat dat ook de reden is dat #Dominos een blanco pagina geeft zodra ik op iets klik.

Nou ja, your loss, ik kom toch wel aan een pizza hoor. My way or the highway.

#enshittification

AsyncRAT Abusing Python and TryCloudflare For Stealthy Malware Delivery https://gbhackers.com/asyncrat-abusing-python-and-trycloudflare/ #CyberSecurityNews #cybersecurity #Cloudflare #Malware #Python