2025-07-17 Bringing the Butlerian Jihad to Gemini

A long time ago I was very enthusiastic about Gemini. I wrote a wiki engine called Phoebe with many plugins for all sorts of things. Then I got disillusioned and dropped it all. Then I put some stuff back online using a patched satellite. It adds on-the-fly Markdown to Gemtext transformation, handles all the certificates transparently and just works.

Phoebe

patched satellite

Thank you, Gustavo Heinz! Your satellite is great.

Gustavo Heinz

satellite

I recently added logging to it. It does some rudimentary logging of all requests, including the IP number of the client making the request. You know where this is heading. `fail2ban` is coming to town and it's bringing the Butlerian Jihad! We're going to fight bots.

If you run the patched Satellite as a `systemd` service, this allows you to contain bots using `fail2ban` monitoring the `systemd` journal.

Use the following for `/etc/fail2ban/jail.d/satellite.conf`:

[satellite]
enabled = true
port    = 1965
findtime = 40
maxretry = 20

Use the following for `/etc/fail2ban/filter.d/satellite.conf`:

[Definition]
failregex = (OK|ERROR|REDIRECT) <HOST>
journalmatch = _SYSTEMD_UNIT=satellite.service

The result is that all requests are logged and any IP number that makes more than 20 requests in 40 seconds is banned. By default, `fail2ban` bans IP numbers for 10 minutes.

The result:

# fail2ban-regex systemd-journal satellite

Running tests
=============

Use   failregex filter file : satellite, basedir: /etc/fail2ban
Use         systemd journal
Use         encoding : UTF-8
Use    journal match : _SYSTEMD_UNIT=satellite.service


Results
=======

Failregex: 443 total
|-  #) [# of hits] regular expression
|   1) [443] (OK|ERROR|REDIRECT) <HOST>
`-

Ignoreregex: 0 total

Lines: 468 lines, 0 ignored, 443 matched, 25 missed
[processed in 0.05 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 25 lines

Use the various options to see what gets matched.

# fail2ban-client status satellite
Status for the jail: satellite
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:	

​#Gemini ​#Satellite ​#fail2ban