this post was submitted on 19 May 2025
56 points (100.0% liked)

Fedia Discussions

17 readers
2 users here now

founded 2 years ago
MODERATORS
 

Hi all. Fedia.io has for a long time been subject to ddos attacks, including many that are "accidental", caused by myriad scrapers constantly hammering the site. I gave up on trying to play whack-a-mole with blocking them based on IP address (they do not honor robots.txt and do not use a conspicuous user agent string) since I was inadvertently blocking some legitimate users. So, I've restricted access to the content of fedia.io to only those that are logged in. That will mean we don't show up in search engines and whatnot, which for some will considered a good thing and will likely cause others to leave.

There is a remaining problem related to the login form. Calls to the login page are breathtakingly expensive, computationally speaking, and so I also have a script that monitors unusual numbers of calls to that form and blocks at the firewall any offenders. I strongly suspect I'm catching some legitimate users with this too, and so I continue to try to tune it, but it's maddening, y'all.

These issues have been causing performance problems for everyone (despite the fedia.io app running on a dedicated 96 core, 256GB server with nvme disks), and became unavailable for certain people that accidentally tripped various thresholds. I'm hoping most of this is resolved now.

Thanks for the patience.

you are viewing a single comment's thread
view the rest of the comments
[–] MHLoppy@fedia.io 1 points 2 weeks ago (3 children)
[–] jerry@fedia.io 2 points 2 weeks ago (1 children)

Apologies for the delay, but this is fixed now

[–] MHLoppy@fedia.io 2 points 2 weeks ago

Fedia.io celebrates We Love The King Day

load more comments (1 replies)