A weird and disturbing thing is happening on my home network. I’d like some advice on how to diagnose it. My mastodon host (chaos.social) keeps blocking my IP address. I reached out to the admins and they told me it’s because they are getting HTTP requests with user agent string claiming it’s a Google bot. They shared a following log line with me.

[12/Mar/2025:08:55:14 +0100] my.ipv4.add.ress "GET /@lazurski HTTP/2.0" 403 Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)

It is my IP address indeed, and the path is pointing to my profile, so it’s not random. It also happened while I was browsing Mastodon using Firefox on my laptop. The 403 response is strange, as I was logged in and also my profile is public and viewing it doesn’t require authentication. Maybe they blocked it because of the bot signature?

I have no idea what can be making these requests. Certainly not anything I run on purpose. My Firefox uses it’s standard user agent header. At home I have a few devices. At the time of this request I believe only the following were on:

  • my laptop running NixOS and Firefox (I was actively using it when I got blocked)
  • a RaspberryPi home server running NixOS
  • my Android phone running Tusky (a 3rd party Mastodon client)
  • a broadband router with stock software

I think I can exclude the phone from the suspects, because while the home IP is blocked I use my mobile network connection to access chaos.social and this IP is never blocked. I don’t think it’s the home server or the router. My suspicion is on Firefox extensions. I only use a few of them:

How can I troubleshoot it? I tried about:logging with networking preset, collected a ton of logs, but couldn’t figure out what to do with it. Or maybe it’s something completely different? 🤔

  • tonyn@lemmy.ml
    link
    fedilink
    English
    arrow-up
    15
    ·
    2 days ago

    Is it possible you have some IoT devices on your network such as smart outlets, light bulbs, I don’t know, smart toasters, whatever? IoT devices are notorious for zero day exploits and become zombies frequently.

    • supernicepojo@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 day ago

      Second this! At this point your cats litter box has a cryptominer malware installed and it is pushing that SoC to its very limit.