From 9d82c7ce1e3ca74bbd51ac773d80337eee059497 Mon Sep 17 00:00:00 2001
From: choldgraf <choldgraf@gmail.com>
Date: Wed, 8 Oct 2025 11:45:54 -0700
Subject: [PATCH 1/2] Add blog about the TCP scanning fix

---
 .../mybinder-antiabuse-scanning/featured.png  | Bin 0 -> 4368 bytes
 .../2025/mybinder-antiabuse-scanning/index.md |  36 ++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 content/blog/2025/mybinder-antiabuse-scanning/featured.png
 create mode 100644 content/blog/2025/mybinder-antiabuse-scanning/index.md

diff --git a/content/blog/2025/mybinder-antiabuse-scanning/featured.png b/content/blog/2025/mybinder-antiabuse-scanning/featured.png
new file mode 100644
index 0000000000000000000000000000000000000000..685cc404b57d14a761cabfb23b004e0e976da0bd
GIT binary patch
literal 4368
zcma)<Ra6uVw1vr;p?+%U8fqw!1}S0a7#gIc8R?Dz1f)w^x;s=tkxoegX^@VgK~Oq|
zy586ObicLE-Y@6joR_`Uj@8ywCc>x1$H2fKQdLpV{pYj)Mh*n{r+lazB@7Jg0|$9|
zZ3i103=F@e^mJ2udIRdAr(E%NQnEdmqn@5Bkk5tFVX>?PuW_mq(Qw>mEZRN=fQdHP
zAuA-a8SLK7d;>GZL1HZRPgGAHU!ADNTwe`P>d<oPgu%dp_MJLa7mB^;F+@YSFPHRa
z_U-ZY!`@T=`Is@~ey6@DVU02trO)!SvaM;Mp}q1oqKl1}7gi)eh($r`+dxVTdfrDd
z*We@)jMw5DyMLW83|iQ+i`!%9DAdi_%mKZ8qfrjnorFC%s>|*-9-9nM-sBg5-N&}#
z`Un{L+H<U#VfXl7IC*yPPfhz-2}1pNd;ZXNd|@5)asBvp`+~(y^yA0DPWbf&Ly}?*
z*If%xw%edk8emBc>NMiwU<i)6$$PCihVE!88{Y|hT&~~3-RzW|sD0B3W?j>gG8U;+
zOC<hMB3!xL;c3G4QX`P~)Ung!vuwwQ8@eE7v8}uNXQr|Kn?MZak`s7_UyR>^Gx$wM
zTd#g3hh9HxKZm}g-o<^SSWWq&{_@_p)F1wh5qw%{NxQMY*!h->=QoetG`?$fqi7%A
z%*((9>Sp`y;FVW#Gv;QZZn=t2##eF%`6D-IB-pEM<D6aIYhoXC>eFD%>5o2nc+GcP
zfExaqt#<eN`|B#gL;z(Ev-}Vx8#q}h?+*YzqF*dm3X0a8DXVsI`VUeyEa{(w{aoaF
z_!B?Zb5?;1<{YrW2~aUT<T+-fpoF7YU<bwP^B`L15XD92oM__=2CFS+EV8#@(!)^W
z)DrTeldFc?aoW|(*UMM_j2iBSV#;j<Y0Wwnzxm4Sd)j>XUIB9Z%<n(n=5bpDU!n(u
z3jZG3&o3S}7^3+K@GjtykpY>tV=J}SD2qPBzTe)fAU9tyim5O6V)4XxzWn#f-&gUT
zIdrCF)onC9^#w)B$#iB6bOu3)$x(5J4Za=MU3cHI(xgX{2cb5`ATc!T0*N9**`Nqe
z<S0FqsY<UuD(ocvr12!>#MpHG;Rt74+&a`udpCn&XR^Pg#WYYG9{09Cdcb)|i=ISz
zz`=tF;oH2fS#R$CS2#)jylt)~qmrO&Z*sLt{`icJ8&-LzYUt3q2Op|Vgtj0>`<0A$
zWhw(!#DBXe)^l$^f4h;Q&qfmqi#tk!D=4ul$2O;@1f}H`IpNpeekH<)jq(`LcZ%ap
zP%KSS73iC6Nt@aUXVo>HVG~2BLYrG!`+0z<d#zpuF?<jv=(uAgc2Nsc`4KCkQPa5#
zFRvjaR9WH+3bwJ<96G1GQ_+g!79qEe`RZ~q>$*nfzle8^jjl(y0T#d}bEn2f|GK%Q
z045UA(DSA4Cw4yqxquZD3=G0eRRx&7-_p^%j6Jy(_0XxFyS53C>iYmJk7BcA^PNIJ
zv~{mQOaj1MxxqF*VD9dvD<LWp^fykf`B|GmzX49ll9}@?OUzAIroNK}A1!#f{kKTd
zWZF6~*xNoeT)nF!7WZGm{9jBn{k?-NI1h?5X5)YTnid$TWM^k6XB&%xoz^<gGkyCN
z>aq-sATjTaI(5C!1bIjttO<J2Ann702%`RTP_0X2D-GiC>1Jd-Xr+;Co<|e^41|HK
zHV1#YbntZk9<(950we9Q4^%%M-Xu?p!DLKQM?m;6m?5<`t8~T1LvU>n5XQ`z2T!e-
z4ln+*4!6J_eE{oM>(g59ntW@XTADIfYL71};wZM@WG{q+qo!$GZoNm~<}0fo^H-VB
zR~pC5LaH8Is_!d&y|rX;(kJ$i0_V=XK5opMMnXF?do6WtYSZ7cxsSh*eX~WypB<<>
z$An5x6T<|~?MI?rQnHCzIDf!_k?MFHAHE6lZ$-k`RgtXmS9@t_+xW&B;;?|#R;7`~
zI_7^{8j}rKSzWXfO9kR;g-P~>y*qU?_;DPfZ?)xOkW=uHC{nPk;JZFLZQ}mkGm_aC
z>&?GZ?lh%$n`b*;f)0ndVHBj`GW14(yjSgf)+axLkIx^a^ADYK{`|PEFb$$lsEOB?
zH8ce5z}>Ej=!e9If2!ln7Yy%sN|J#4bC8{VV``U*;JAaMhs)(Ria0ig5>I#SYL{cm
z^OA3BN*M0b3h^_#7Gh!f#U#EQn8&xVZ}!A3-+W+V*rCHU`reQhRa9A>ur8a8V-bax
z;>CZS)I-!=SSbwMWC$qS<9p98&%kg`ga0LiB<)K`3sy`JOk`$XYL>GHzkow5ip7qk
zLu9sN@@ZoF@X5xYa5^j2&U%4qbYpO7DxIv9#?cQ^F$;Zb*>FtUM2Pjdu>c#${#arc
zA!cy<xBipcJ@9AV+5(Uri|&hURofJyNKSDS(ari~&xLULDWEAHv&^nT^Kkp2jekRG
zx6E}Cu~DQbR$qNhWyUwzq5LFIx1fDwOwCD{w-FTT`k(vnX!b9zM1+Li17b^2qRAUX
zKW)iFH-|zl)a@(UvHML!UqFS0(>~z56*+aL<Lavz`u;r>H>m(1BO}ALp9&3z$PmPc
zVXgX*tGoklQpsNFKwL4cUGOv1X|OM~FmsRqm2S-G^^gl6h&gt@xU4@Oi_ok&*>O7d
zp(=1mfGQ>l`;=AtiF_LX=>pl-VQpgRJ^=I!LwTe^eRD!*{Q?5MV$UJ4PVtIvBq0xk
zDs_NJu}-vxfKje%HIbDHd3!eJ?@LNRub@1sc8#RyLr<5{bGVHC8KrPebotW-E}QZg
zA#Pbs$c<Et7DhKfQ6i-rNy6y0w)sPw{^khy#!nA&4CtS*vi5Ua&+ftLgUh`*z`i_Y
zwtX&q{!1^fnB?js=4u<L>XA=@$%-)Hll{N*aiw;*vHDaPRMvYa)-Hy%tBImhgs_S_
zKP4rU#B5Tq#(_#8jyHXL@g>QYvesZMEC&SzbyTflQCLqbpekWD4zr`_hcb^M|HFcl
zI#>As3pJs36^_a63$M3SYPT^&IQ6K$GXzO><D^6v72lDEm}JA-PP2CY?(LoFc7LIU
zhV$j?-Lc%7^)a4=GkIp5GDeC!ymF)JSM?IcvR%&j)rm!}dJaeA+HZ)Z&!wOmm8N84
z+4M}|B+_A8+AX9>S#Zv@fdD8Ybk~u-RI85$`{t+3{rK|IJ_aJS_{c|53&}K6T3RaE
z9ICzWG#ZZv(ss`ai#G@%j=le!DcH>?OP5V&J*q%x1uPQ`-a!P;lk&a1R1WSNx9|KT
zZ7rs`H^&PM0TLQuhO`f5*0Y^P&E^D%kl7?gX>_p)8NS(wJG%FaqemWI^Gea_;sEoh
z<Hv$v-G>Nbmch%p!>Wlu0-tddJ^YI%&z#Ws5EM6cbAc9UY*e4p-!8>A&aQ_@9o5i1
z9~~avbimI}wso=wM7#~`gDfts;o;7|i=P_O0VHZrl&&t)UgSR1u6nFM_FmhhAn@k+
zr9~3uswRvjHqZ$3=ZPF#x4E%qa?|z{#KyYXYPB^9F0RjF4N5`=jjMPdbHS}e9=%--
zF{49n*N~Wa7&Z~2(C}c(IN{j;-o~@4h7y1N8MPVW;*uY}ZRq|$<p&1v^0w_e255K5
z%<OEb^ZYP>@+lA*+v!U%!Y_VlbFk2Ldig$c<sGYPZwiwA`qqlav5iKBlfL7bHww#*
zC9tp-=9V-Z(FRB*;fG0Xn#7)$<-;d7H^{mCbiX6rthR-o$(?%9PxQ20TN*VXsoUtN
zBR1O-LWvpJgp|~$<g!!isA%)OY7NK0$^Xfaa}3WfmZ9FS?z9Sit~z|l3c^K133;BG
zZyodz?YjVq?`ySG+9*@;dAa4?@XFu0YMQPK%B|$PmmIQ#Q_E|VP2A5u?XQKLAPqYs
zdVws7>ra`E7hPTu1aWnu#L1#E69!A3p&8FktE$N$Wol+yLEyuVlHk)Pe9>yQ2^coW
z;4=zJ>F%nQs_Imw5np*N5w+G<Byce76(ph{U@@o48Tdj2wf`Bz!?P^TgK2P|O`iZ!
zH~c!U3E`vbc@4fDOF;*?8@IDn-qsMPK?HvMG-yZ8N=}=GiAI^GHuw@Je2^MC(w7^y
z4eYX0!3ig`&qq5#5ElOxkH9@|$*9Q#1?1}l?cqviD;5bhJPl!F9WQA~LbByq!RK9#
zz>xQbn#RickOsq5LI<tnK<N;S1Tj2jOy)<{8H=s2+f?aC7qT9&*68m8|56pV2|jkp
zq()5ZOb}%(TSi5OtpkP7&B={QAa18U_;@w#5St;exW2=dzgUn)=Vh(kRPf46#n=7J
zt6R;QUSYiPV>=E_I|0DZ_gSzRx2!+(!J}nAKa8fpnJ>Wsg+h?a7(C6{y1~zIJf$Z}
ze(z7=&_x_gNj+gQ$7;q*;#H?`y!7%JxiLrOAyM5?eHEYWm5Xnf8=J=<XqeYx6Jfop
z2sd8ivi-5FbUWwo>V6ec{3JvBs#3|lH?CsCazt?vkzs$8+@ZTH3B=iB&*TnP6$a@Q
zvB%5i1kL)d!i4bNw}-#?Rg2W$-d7$qK|=SEQzO~S1jRGybJ9cCKgFDHmS?{Yn8Mp(
zP-fQGDFa0w@X@-CMAOUd7{_QET^WyG&N`^P38Fr9m~|+AiTWlPKL=Ght&h*ycooh5
zztME@QZ|MM!WQTu+N(oiU^oc9MeBr-FSAnbIQ3Lf*=^?SCJPP<M(Cmq*Q0#EO_`-)
zBhk5a^!ao2?_Z=B-*GUmeG@Jwp{fvn+b7AE7%dN-lq9mXuGks^&v_H9en^!L_+Vok
z7Eyd0w}pgsdwSPdhgGnH%4MS6LPrRs)M+GsZW~Ft_D<3D`PJuJ?x&md?`&-$ho*s6
zL~IAl<Y|1N9X*U4ZK1M!(Jg_gmD3^cSS1p}o^Bg1?dgE5)Uact1a15D)0{@zupYa%
zcW}Xlhz&cnkViHm7bwc;MrgVa;GeX|UUb<&U3}A%S&N|)H}~vUHjTsONo%c@$swr5
zXHa#Gm{UA>AOH`MJZoh;?)mTA7gP~hc`j?1r6r_^e<)0(IKL~)CAM4t8sSd;+L5}k
z*S}Ke;f2gDkZ`8^vFbbQl_poUcnn$Yz=PfpEJPXLMfR-!92bqQzu!8!8wNEt;A%;%
zUqyuZj1#K8G#_oj`m4V5`=o4AH`!V7%!V}n?3j2@Nv_k)^5GQ+7>XlLW0Cct)ucI6
zx3)1;aIr7Lnw{rClw)?gu`&NRH87T}SQ2dE7m_Q3@EVpsP;D$2gDXDVX|JA`VM(mK
z*K;S2wqE_kkw%snB}n(>bK>PL&LgScWA|OC=eo|g<momGZ}=KIV$-y`l{<UOaErYz
zyyD!~%8cqpn%MgZZz_HJm3amZuWq!KF2$|DiALQCvS~#9F}MD6LB0>COvKb5Vs7%!
ztn!t#N!0vH>X!Sb7G^c^-zf(bu29snat>7Ni|K1nA*N(Th$`0N5X2Dshq-ehnE?VS
zDl{l8I-=&T()Bik`i>e1qT6TyjVz#qNXxLi9%e_DnY;N$a4d^3=anDBT{}zu@MBmp
z60HdjWL9TQi87vo9Gi(>+V{5)-c#qAF3&vYQhw1(QDx%<W=6)6QnYN57Mh;3wK#Q0
zs6!`LZI?Ixuqo-vZv5(tLZCGdM#iWQ$V)jOAw?YRi8v)cs4Xp%4``Lnoo@>&`(yAx
z_C3_Y$ahkCU5$IgAMWooVw(d0`mI!YN~i(_<gorfAYVM<>bc(bWZPsE{%;9URn%0d
Im9q@{AIqplKmY&$

literal 0
HcmV?d00001

diff --git a/content/blog/2025/mybinder-antiabuse-scanning/index.md b/content/blog/2025/mybinder-antiabuse-scanning/index.md
new file mode 100644
index 000000000..0eb828291
--- /dev/null
+++ b/content/blog/2025/mybinder-antiabuse-scanning/index.md
@@ -0,0 +1,36 @@
+---
+title: Combating tcp scanning on mybinder.org with the tcpflowkiller
+date: 2025-10-08
+authors:
+  - Yuvi Panda
+categories:
+  - upstream-impact
+tags:
+  - open-source
+  - binder
+  - reliability
+---
+
+We've deployed a new tool to `mybinder.org` that automatically detects and stops port scanning activity, helping us maintain service reliability while being responsible citizens of the internet.
+
+Port scanning is a common part of network-based exploits, and many server hosts prohibit this activity (including Hetzner, where the 2i2c `mybinder.org` infrastructure lives). We developed a little tool called [tcpflowkiller](https://github.com/cryptnono/cryptnono/pull/46) as part of the [cryptnono](https://github.com/cryptnono/cryptnono) project (our anti-abuse set of tools for hosted JupyterHub and Binder infrastructure) to automatically kill processes that exhibit port scanning behavior. This reduces the likelihood of triggering our server host's abuse policies and helps keep `mybinder.org` running reliably.
+
+## Why this matters
+
+As providers of public compute, it's our responsibility to make sure people can't use our infrastructure to abuse others. This is part of being responsible citizens of the internet. It also saves us time in dealing with outages because cloud providers (understandably) block access because they suspect there is abuse.
+
+Hetzner and similar hosts have many benefits (including [significant cost savings](../binder-singlenode/)), and tools like tcpflowkiller help keep hubs and binders running smoothly on such hosts, which have different abuse policies than the big commercial cloud providers.
+
+AWS and other cloud providers have proprietary ways to combat abuse (like [AWS GuardDuty](https://docs.aws.amazon.com/guardduty/latest/ug/what-is-guardduty.html)). We could have spent our time investing in developing rules there. Instead, contributing to cryptnono helps provide the same set of features in a cloud-agnostic way, in line with [our principles](https://2i2c.org/open-practices/) of supporting open infrastructure that gives communities control over their infrastructure.
+
+This tool [has now been deployed to mybinder.org](https://github.com/jupyterhub/mybinder.org-deploy/pull/3436), and we'll monitor its effectiveness over time. We may roll this out to 2i2c public BinderHubs in the future based on patterns we observe.
+
+## Learn more
+
+- [tcpflowkiller pull request](https://github.com/cryptnono/cryptnono/pull/46)
+- [mybinder.org deployment](https://github.com/jupyterhub/mybinder.org-deploy/pull/3436)
+- [Port scanning on Wikipedia](https://en.wikipedia.org/wiki/Port_scanner)
+
+## Acknowledgements
+
+- Thanks to [GESIS](../../../collaborators/gesis/) for their continued support of `mybinder.org` and to [Raniere Silva](https://github.com/rgaiacs) for collaborating on this deployment with us.

From 377d52224fcbdfc9c5e37b5b7448b93e283aadfe Mon Sep 17 00:00:00 2001
From: Chris Holdgraf <choldgraf@gmail.com>
Date: Wed, 8 Oct 2025 17:53:34 -0700
Subject: [PATCH 2/2] Update
 content/blog/2025/mybinder-antiabuse-scanning/index.md

Co-authored-by: aprilmj <147750733+aprilmj@users.noreply.github.com>
---
 content/blog/2025/mybinder-antiabuse-scanning/index.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/content/blog/2025/mybinder-antiabuse-scanning/index.md b/content/blog/2025/mybinder-antiabuse-scanning/index.md
index 0eb828291..07d4b4a58 100644
--- a/content/blog/2025/mybinder-antiabuse-scanning/index.md
+++ b/content/blog/2025/mybinder-antiabuse-scanning/index.md
@@ -17,7 +17,7 @@ Port scanning is a common part of network-based exploits, and many server hosts
 
 ## Why this matters
 
-As providers of public compute, it's our responsibility to make sure people can't use our infrastructure to abuse others. This is part of being responsible citizens of the internet. It also saves us time in dealing with outages because cloud providers (understandably) block access because they suspect there is abuse.
+As providers of public compute, it's our responsibility to make sure people can't use our infrastructure to abuse others. This is part of being responsible citizens of the internet. It also saves us time in dealing with outages because cloud providers (understandably) block access when they suspect there is abuse.
 
 Hetzner and similar hosts have many benefits (including [significant cost savings](../binder-singlenode/)), and tools like tcpflowkiller help keep hubs and binders running smoothly on such hosts, which have different abuse policies than the big commercial cloud providers.