2025-07-17 Bringing the Butlerian Jihad to Gemini
A long time ago I was very enthusiastic about Gemini. I wrote a wiki engine called Phoebe with many plugins for all sorts of things. Then I got disillusioned and dropped it all. Then I put some stuff back online using a patched satellite. It adds on-the-fly Markdown to Gemtext transformation, handles all the certificates transparently and just works.
Thank you, Gustavo Heinz! Your satellite is great.
I recently added logging to it. It does some rudimentary logging of all requests, including the IP number of the client making the request. You know where this is heading. `fail2ban` is coming to town and it's bringing the Butlerian Jihad! We're going to fight bots.
If you run the patched Satellite as a `systemd` service, this allows you to contain bots using `fail2ban` monitoring the `systemd` journal.
Use the following for `/etc/fail2ban/jail.d/satellite.conf`:
[satellite] enabled = true port = 1965 findtime = 40 maxretry = 20
Use the following for `/etc/fail2ban/filter.d/satellite.conf`:
[Definition] failregex = (OK|ERROR|REDIRECT)journalmatch = _SYSTEMD_UNIT=satellite.service
The result is that all requests are logged and any IP number that makes more than 20 requests in 40 seconds is banned. By default, `fail2ban` bans IP numbers for 10 minutes.
The result:
# fail2ban-regex systemd-journal satellite Running tests ============= Use failregex filter file : satellite, basedir: /etc/fail2ban Use systemd journal Use encoding : UTF-8 Use journal match : _SYSTEMD_UNIT=satellite.service Results ======= Failregex: 443 total |- #) [# of hits] regular expression | 1) [443] (OK|ERROR|REDIRECT)`-
Ignoreregex: 0 total Lines: 468 lines, 0 ignored, 443 matched, 25 missed [processed in 0.05 sec] Missed line(s): too many to print. Use --print-all-missed to print all 25 lines
Use the various options to see what gets matched.
# fail2ban-client status satellite Status for the jail: satellite |- Filter | |- Currently failed: 0 | |- Total failed: 0 | `- File list:`- Actions
|- Currently banned: 0 |- Total banned: 0 `- Banned IP list: