Table of Contents
Opt-Out: Guide for Fediverse Administrators
Overview
The Cyber Circle Creator is a tool designed to leverage public APIs to gather information from Fediverse instances. This guide outlines how administrators of Fediverse instances can prevent the Cyber Circle Creator from accessing or fetching data from their instances.
The Functionality
One of the core functions within the Cyber Circle Creator is apiRequestWithHeaders. This asynchronous JavaScript function is responsible for making HTTP requests to the Fediverse instances, including a custom User-Agent header named cyber-circle-creator. It attempts to fetch data from specified URLs and handles errors with fallback mechanisms.
Relevant Code Snippet
async function apiRequestWithHeaders(url, options = null) {
console.log(`Fetching :: ${url}`);
const defaultUserAgent = { 'User-Agent': 'cyber-circle-creator' };
// Merge headers
options = options || {};
options.headers = { ...(options.headers || {}), ...defaultUserAgent };
if (options.body) {
options.body = JSON.stringify(options.body);
}
try {
const response = await fetch(url, options);
if (response.ok) {
return { response: { headers: response.headers, body: await response.json(), error: undefined }};
}
throw new Error(`Error fetching ${url}: ${response.status} ${response.statusText}`);
} catch (error) {
console.error(`Error fetching with User-Agent "cyber-circle":`, error);
try {
const fallbackResponse = await fetch(url, { ...(options ?? {}), headers: undefined });
if (fallbackResponse.ok) {
return { response: { headers: fallbackResponse.headers, body: await fallbackResponse.json(), error: undefined }};
}
throw new Error(`Error fetching ${url}: ${fallbackResponse.status} ${fallbackResponse.statusText}`);
} catch (fallbackError) {
console.error(`Fallback fetching without User-Agent failed:`, fallbackError);
return {
response: undefined,
error: `Error fetching ${url}: ${fallbackError}`
};
}
}
}
How to Block Cyber Circle Creator
Administrators who wish to restrict or prevent the Cyber Circle Creator tool from accessing their instance's data can follow these strategies:
User-Agent Blocking
-
Configure Web Server Rules: Most web servers allow configuration to block requests based on the User-Agent string. You can set up rules to block requests where
User-Agentiscyber-circle-creator. -
Web Application Firewalls (WAF): Utilize a WAF to detect and block requests containing this specific User-Agent.
Blocking User-Agent in Apache
To block a specific User-Agent, such as cyber-circle-creator, you can use the mod_rewrite module in the Apache configuration.
- Enable the
mod_rewritemodule (if not already enabled):
sudo a2enmod rewrite
- Add the following directives to your Apache configuration file (usually in
/etc/apache2/sites-available/your-site.conf) or.htaccessfile:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} cyber-circle-creator [NC]
RewriteRule .* - [F,L]
This configuration checks for requests with the User-Agent cyber-circle-creator and returns a 403 Forbidden response.
- Restart Apache to apply changes:
sudo systemctl restart apache2
Blocking User-Agent in Nginx
To block a User-Agent in Nginx, you can use the if directive within the server block of your Nginx configuration.
- Edit the Nginx configuration file (usually located at
/etc/nginx/sites-available/your-siteor/etc/nginx/nginx.conf):
if ($http_user_agent ~* "cyber-circle-creator") {
return 403;
}
This will block any requests with the User-Agent cyber-circle-creator by returning a 403 Forbidden response.
- Test the Nginx configuration for syntax errors:
sudo nginx -t
- Reload Nginx to apply changes:
sudo systemctl reload nginx
Blocking User-Agent in HAProxy
For HAProxy, you can use ACLs to block requests based on the User-Agent string.
- Edit the HAProxy configuration file (usually located at
/etc/haproxy/haproxy.cfg):
frontend http_in
bind *:80
acl bad_user_agent hdr_sub(User-Agent) -i cyber-circle-creator
http-request deny if bad_user_agent
This configuration will deny any HTTP requests with a User-Agent containing cyber-circle-creator.
- Restart HAProxy to apply changes:
sudo systemctl restart haproxy
Public API Restrictions
The tool fetches data using public APIs defined in Fediverse node software. Some potential methods to restrict access include:
-
Rate Limiting: Implement rate limiting on the APIs to reduce the efficiency of the tool in gathering large amounts of data.
-
Access Control: Configure the instance to restrict API access to authenticated users or specific IP addresses.
-
API Configuration: Refer to the specific documentation for the Fediverse software running on your instance. There might be built-in options to customize which public data API endpoints are available or to add additional layers of authentication.
Important Note on Request Origin
The API requests made by the Cyber Circle Creator are not sent directly from a centralized server like ccc.cyber.to. Instead, they are initiated by the users who visit the webpage using the tool. This means that simply blocking the server will not prevent the requests, as they originate from the users' browsers. Therefore, focusing on tactics like User-Agent blocking and API configuration will be more effective.
Further Information
For detailed instructions about configuring these settings and further possibilities for securing your instance, consult the documentation related to your specific Fediverse software (e.g., Mastodon, Misskey, Pleroma). Administrator guides generally include essential best practices for enhancing privacy and security on an instance-wide level.