Do you have a proper robots.txt file?

Do they do weird things like invalid url, invalid post tries? Weird user agents?

Millions of times by the same ip sound much more like vulnerability proving than crawler.

If that’s the case fail to ban or crowdsec. Should be easy to set up a rule to ban an inhumane number of hits per second on certain resources.

How do you know it’s “AI” scrappers?

I’ve have my server up before AI was a thing.

It’s totally normal to get thousands of bot hits and to get scraped.

I use crowdsec to mitigate it. But you will always get bot hits.

I have it on docker with two volumes, ./config and ./cache

I back up those before each update.

A bad Jellyfin update should not mess with your media folder in anyway. Though you should have backups of those aswell as a rule of thumb.

I’ve been using jellyfin for years.

My best recommendation is DELAY UPDATES and back up before you update.

I have a history of updates breaking everything so you should be careful about them.

All software recommends backing up before an update, but for jellyfin the shit is real, you really want to back up.

How does it differentiate an “AI crawler”, from any other crawler? Search engine crawler? Someone monitoring data to offer statistics? Archiving?

This is not good. They are most likely doing the crawling themselves and them selling the data to the best bidder. That bidder could obviously be openAI for all we know.

They just know that introducing the sentence “this is anti AI” a lot of people is not going to question anything.

Google CO2 emissions were 1.5 MTo in 2010. By 2018 they were 13 MTo. In 2023 they were 14 MTo.

I’m sorry but there’s more to the story that what’s being told in the article. For starters any dataset that takes 2019/2020 as their base line is skewed, we all know what happened that year.

And, on the other hand, Google emissions increased by almost a 1000% in ten years before AI.

Truth is more important than that agenda or the dogma. That article does the wild assumption that a big share of the increase in electricity usage is because AI. It may be, or it may not be, but the article presents zero evidences for that claim. And data in hand we know that google can use a ton of electricity without AI. So the impact of AI may or may not be as big as portrayed by the article. And it also disregards completely the massive increases in google emissions before 2019.

And you also need enough self control not to just disable it each time you want to enter.

So… Are there any cryptocurrencies that the owners hold in mass and are trying to get profit by selling them to users in a “pay to win” system?

Last time I checked bot IPFS and plebbit had those… Which is why I steered away from those projects.

I wish just by having my jellyfin server up media companies would actually get hurt, like fiscally hurt.

Isn’t there already a mobile app?

Developers can focus on whatever they seem appropriate.

But I think content discover and community (lack of) are the biggest issues of peertube right now.

I hop once in a while to the main peertube site and I can never find anything remotely interesting to watch. There may be some good content, but it’s impossible to find.

I second the N100. It’s what I use and it’s ridiculously powerful for the small amount of power it drains. And barely needs refrigeration.

I used to get the light prices on my phone widget via a public api. Some years ago they closed the api and started asking for full name and id in order to get api access. So I just made a scrapper that takes the numbers I want from their website and serves an API for the widget.

That’s the only self made app I self host, but I’m quite proud of it.

This is just right. Massive amounts of corporations have a complete dependency on Microsoft Office. In a way that cannot be substituted by Libreoffice or similar.

Change need to happen. But there need to be a viable alternative before it.

IP addresses are fairly public.

In order to get that kind of infection there need to be a serious vulnerability. None of the services I expose have those kind of vulnerabilities, and I keep them updated.

A Zero-day may be possible, but it can happen with any software.

Any way, even if some of my services got infected that way, I have them all in docker containers. If they managed somehow to insert any malicious software it would have disappeared in the next restart of the container.

And in order to have a software that breaks out of the container it would need to also have some sort of zero-day docker exploit. Two zero-days needed for accomplish that…

Every expose software I have is running on a caddy reverse proxy. And caddy is the only authorized author on my firewall so it gets more difficult to try to run an unexpected malicious software through it.

Any software can have zero-day exploits for that matter.

I don’t think jellyfin vulnerabilities could lead to a zombified machine. At least I’ve not read about something like that happening.

Most Jellyfin issues I know are related to unauthorized API calls of the backend.

I have had jellyfin exposed to the net for multiple years now.

Countless bots probing everyday, some banned by my security measures some don’t. There have never been a breach. Not even close.

To begin with, of you look at what this bots are doing most of them try to target vulnerabilities from older software. I have never even seen a bot targeting jellyfin at all. It’s vulnerabilities are not worth attacking, too complex to get it right and very little reward as what can mostly be done is to stream some content or messing around with someo database. No monetary gain. AFAIK there’s not a jellyfin vulnerability that would allow running anything on the host. Most vulnerabilities are related to unauthorized actions of the jellyfin API.

Most bots, if not all, target other systems, mostly in search of outdated software with very bad vulnerabilities where they could really get some profit.

You can share jellyfin over the net.

The security issues that tend to be quoted are less important than some people claim them to be.

For instance the unauthorized streaming bug, often quoted as one of the worst jellyfin security issues, in order to work the attacker need to know the exact id of the item they want to stream, which is virtually impossible unless they are or have been an authorized client at some point.

Just set it up with the typical bruteforce protections and you’ll be fine.

Not at all. I have my instance sitting on 100MG of RAM and 0% cpu usage. There’s only 3 users that barely use it, but there it is.

It scales by number of users.

It’s true that it’s a resource hog, due to being written in python (who the hell though that), but it all depends on usage.

I selfhost a matrix instance just for myself and my bots. And send myself notifications to the phone client element. I can even trigger a fake VoIP phone call for really important stuff.

Notifications come through as any other message app notification. And calls do the same.

In order to get all notifications and not destroy your phone battery I found out that you need to download the google play version as you need google services for notifications.