December 16, 2022

Twitter is no longer allowing you to link to your Mastodon profile? Let's bypass that!

A quick and dirty, err, I mean, fast and furious url forwarding service.

So, it seems like Elon Musk has decreed that links to Mastodon profiles are malicious urls now, i.e. you can leave Twitter if you want to, but you cannot leave a forwarding address for your followers any more. Sure, easy to fix problem. Just use my new url bouncer service (works pretty much like an url shortener) instead:

http://dev.onyxbits.de/forwardto/raccoon/home.social

Replace forwardto with any parting message (or leave it out entirely) and raccoon/home.social with your server handle (the @ symbol turns to a / to look more innocent). For example, the following will work too:

http://dev.onyxbits.de/byebye/raimalarter/writing.exchange

I really wonder who at Twitter even thought, blacklisting Mastodon servers was a good idea.

Self hosting

Please do! The power of this service lies in there being to many bouncers to block.

Save the following script as 🗋 index.php in the document root of your webserver (a subfolder will work, but then you have to modify the webserver rewrite rules accordingly):

<?php

function is_url_checker() {
  return strpos($_SERVER['HTTP_USER_AGENT'], "witter")> -1;
}

function forward() {
  $tmp = explode('/',$_SERVER['REQUEST_URI']);
  $len = sizeof($tmp);
  if ($len >= 3) {
    header('Location: https://'. $tmp[$len-1] . '/@' . $tmp[$len-2], true, 301 );
  }
  exit();
}

if (is_url_checker()) {
  echo 'This is fine!';
}
else {
  forward();
} 
?>

Your webserver must be configured with a rewrite rule to handle requests through the script:

RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L,QSA]

Have fun!

Technical notes on TwitterBot

Whenever you post an URL to Twitter, that url is spidered by TwitterBot. The script above just checks the browser useragent and if if contains the string “witter”, simply prints “This is fine!”. For now that seems to be sufficient, but in the future, an IP range check may be needed. So far, TwitterBot/1.0 has been visiting me from the following IP addresses:

192.133.77.16
192.133.77.18
199.16.157.180
199.16.157.181
199.16.157.182
199.16.157.183
199.59.150.180
199.59.150.181
199.59.150.182

I may update the script with further obfuscation, once I get a more data.