Black Hole
May contain traces of nut
That might be tricky...
DDoS?
- Thread starter Wildebeest
- Start date
EEPhil
Number 28
Against my better judgement I searched for an answer to this via DuckDuckGo's Search Assistant and got this:
If true, that suggests to me that the ban is stored in a server-side database and client-side cookies are irrelevant.
prpr
Well-Known Member
I can't believe anyone was ever in doubt about it.
EEPhil
Number 28
I wasn't - just unsure exactly how it might work. I didn't want to open my foot and put my mouth in it[sic]!
Black Hole
May contain traces of nut
OK, if not a cookie, then how? I don't understand how the server can tell which group the client it is serving (as a non-logged-in user) belongs to. It seems to me to only possibility (other than querying cookies) is to rely on IP address, which can hardly be considered reliable.
EEPhil
Number 28
Speculation.
A client-side cookie possibly contains the user/password (maybe group) for a valid logged in user. If a banned user has somehow managed to get this set, then every visit they are being logged in (in the background) as the banned user. Delete the cookie and you are presenting the server with no user - a guest. Try to login - You're banned.
Well, that's my guess. I'd need to poke around to see if I can find the cookie to be sure. Can I be bothered?
Edit: No, too damn difficult. Finding the cookie was the first problem. Then the contents are encrypted.
A client-side cookie possibly contains the user/password (maybe group) for a valid logged in user. If a banned user has somehow managed to get this set, then every visit they are being logged in (in the background) as the banned user. Delete the cookie and you are presenting the server with no user - a guest. Try to login - You're banned.
Well, that's my guess. I'd need to poke around to see if I can find the cookie to be sure. Can I be bothered?
Edit: No, too damn difficult. Finding the cookie was the first problem. Then the contents are encrypted.
Last edited:
This may have been mentioned but if you have problems with server load (90%+ of which is malicious or junk these days) go behind Cloudflare. And of course firewall existing server to accept traffic only from CF (or change its IP).
I run a community site (in general aviation) with 8k members, 400k posts in 13 years, and 95% of our server load is malicious, and this is after going behind CF
But it is donation funded (no adverts) so like you I don't want to pay over the top for hosting, so cutting down the CPU activity is key. Recently we got a lot of carefully structured attacks which targeted forum links which took extra time to generate HTML from.
LLM traffic is not big. They tend to hit and do 1000 URLs every time, at about 10Hz. This is not much of a server load.
The biggest thing was to block all IP ranges of some server farms. These are not ISPs so none of them should be browsing the forum (except for a few people who use a VPN terminating on some server farm). I blocked all of Hetzner, since the attackers were in Germany and used that one. Also Tencent and a few others. I know somebody who reduced his server load by 95% by blocking all of AWS
but that may be a bit OTT.
Cloudflare (free version, for nonprofit users) allows up to 10,000 IP ranges to be blocked, plus whole countries (I block China Russia India).
To cut down spam, we also have a system for manual approval of new signups. Present a pulldown menu for the country and if IP does not match, 90% it is a spammer if both in Europe and 99% if one is outside Europe. Also check email address against 2000 disposable email domains
I run a community site (in general aviation) with 8k members, 400k posts in 13 years, and 95% of our server load is malicious, and this is after going behind CF
But it is donation funded (no adverts) so like you I don't want to pay over the top for hosting, so cutting down the CPU activity is key. Recently we got a lot of carefully structured attacks which targeted forum links which took extra time to generate HTML from.LLM traffic is not big. They tend to hit and do 1000 URLs every time, at about 10Hz. This is not much of a server load.
The biggest thing was to block all IP ranges of some server farms. These are not ISPs so none of them should be browsing the forum (except for a few people who use a VPN terminating on some server farm). I blocked all of Hetzner, since the attackers were in Germany and used that one. Also Tencent and a few others. I know somebody who reduced his server load by 95% by blocking all of AWS
but that may be a bit OTT.Cloudflare (free version, for nonprofit users) allows up to 10,000 IP ranges to be blocked, plus whole countries (I block China Russia India).
To cut down spam, we also have a system for manual approval of new signups. Present a pulldown menu for the country and if IP does not match, 90% it is a spammer if both in Europe and 99% if one is outside Europe. Also check email address against 2000 disposable email domains
Black Hole
May contain traces of nut
AI crawlers need to be more respectful
We talk a bit about the AI crawler abuse we are seeing at Read the Docs, and warn that this behavior is not sustainable.
about.readthedocs.com
OP
Wildebeest
Member
Interesting article.
Owen Smith
Well-Known Member
That's a very recent change due to all the scraping.
I am still not convinced that that is correct, I asked Brian the other day why if you look at the Guests here now it says they are viewing various different threads while we have to log in to get past the log in screen. He was unable to give me an answer as to why this is, do you have one? Click on "Members Online" to get the Members/Guests list and see for yourself.
Do you not see what I see for members online, as seen in the screenshot in the following post?
They are seeing an error message, as indicated by an exclamation mark in a triangle, see screenshot below.
No I see no triangle. I still want to know how they even get as far as the thread when Members cannot even if that is a dead end for them.Do you not see what I see for members online, as seen in the screenshot in the following post?
They are seeing an error message, as indicated by an exclamation mark in a triangle, see screenshot below.
Owen Smith
Well-Known Member
I also see no triangle.
It must be an admin/mod thing, similar to banned members having their name struck-through, but only admin/mod can see this.
Owen Smith
Well-Known Member
I currently see 6 members and 523 guests online. Many, but far from all, of the guests have names like "Robot: Amazon".