Hacker News with Generative AI: Server Security

Stopping AI scrapers from taking down my server (ellis.link)
In my earlier post about Forgejo and scraper bots, I mentioned that adding a robots.txt file helped reduce scraping. Well, it turns out the bots only disappeared because I’d set the repository to private, and they were receiving numerous 404 errors. They weren’t actually respecting robots.txt (although Google, at least, was).
Show HN: MCP-Shield – Detect security issues in MCP servers (github.com/riseandignite)
MCP-Shield scans your installed MCP (Model Context Protocol) servers and detects vulnerabilities like tool poisoning attacks, exfiltration channels and cross-origin escalations.
Exploiting exposed Portainer agent and using new SSH persistence (exatrack.com)
During an incident response for one of our clients, we stumbled upon a server compromised by the now relatively documented 1234 perfctl malware.
Over 660k Rsync servers exposed to code execution attacks (bleepingcomputer.com)
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers.
Russia-linked group is targeting Zimbra (securityaffairs.com)
U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale.