Continued abuse

[Moonchild]

As some may have noticed the forum continues to suffer from abuse causing irregular downtime (including this night/morning). The abuse slowly evolves to spread out over broader net ranges including wide-sweeping IPv6, making IP filtering ineffective.
I'm honestly sick of having to waste my limited time on administrative tasks just to keep Pale Moon sites accessible, so I will be installing a bot check and countermeasure shortly.
If this locks you out of the forum then I'm sorry, but it's absolutely becoming a necessity.

For reference here's a breakdown of the traffic for the past 5 hours:
Statistics - Status Codes
1xx: 0
2xx: 78393 (OK)
3xx: 1444 (redirect)
4xx: 145338 (bad client requests)
5xx: 127941 (server errors due to overload)

This is untenable in its current state.

[moonbat]

Where is this traffic originating?

[Moonchild]

Where is this traffic originating?

Constantly shifts. This latest bout was primarily Brazil, Vietnam, Argentina and the USA

log tail to illustrate:

tail1.jpg

[ron_1]

I hope you don't use Cloudflare.

[Moonchild]

I hope you don't use Cloudflare.

Nope. That ship has sailed. self-hosted only.

[BopBe]

Those "(IP)TV Boxes with hundreds of channels" sure made it easy for all sorts of bad actors like never before.

[back2themoon]

Haven't noticed any significant breakage but let's assume you ultimately find no reasonable solution and keep having to waste time on such matters:

Would making the forum accessible only after logging in solve or improve the situation in some way? This probably sounds nuclear and unfriendly but if it helps...

I assume there are expenses to be considered here too, for mitigating the abuse.

[Moonchild]

Haven't noticed any significant breakage

Mostly because I tend to be on top of things.

Would making the forum accessible only after logging in solve or improve the situation in some way? This probably sounds nuclear and unfriendly but if it helps...

It's a very nuclear option that I'd only do as a last resort if nothing else helps. The forum is supposed to be a publicly accessible resource for Pale Moon users.

[Lucio Chiappetti]

I appreciate your concern.
It depends, I guess, on the access frequency to the forum.

I frequent "regularly" three (phpBB) forums, which means I am permanently logged in on the "new posts" page, which I frequently Reload. Of course being permanently logged in, I can post at any time. Personally I think it is a reasonable way (I hope the login does not consume resources) and preferable to occasional browsing with login-just-to-post. By the way all three have been recently subject to "overload attacks" with different outcomes (among them Pale Moon forum has been the most efficient by many orders of magnitude)

I frequent less regularly a couple of discourse-based forums (essentially I receive a weekly summary by mail, then login, read, very rarely post and logout.
Possibly I could berowse without logging in (but that has the advantage which shoiws me the new messages sicne last visit).

Finally there are other forums which I might access in "archive mode", i.e. find an article via a search engine and read it. In the great majority of the case it is readonly, I'm not interested to post. In rare cases I might have registered to post an occasional question (and most likely forgotten username and password, were not for the browser remembering it )

I wonder whether phpBB allows to balance separately for instance the number of logged in users vs the number of guest users.
At worst requiring login (from a registered human) also to browse, would not be different from a mailing list where only members can access the archives.

[Kris_88]

log tail to illustrate:

What user agent strings are used for these requests?

[Moonchild]

What user agent strings are used for these requests?

Spoofed. Primarily legitimate Chrome UAs of various versions.

[Moonchild]

Anubis is now in place with proper weighing. Most legitimate users should barely notice it's in place.
I'm keeping the custom filtering rules in place in parallel for the time being and will investigate logs the coming days, and adjust more as-needed.

If there are specific issues with accessing the forum, please provide a detailed report.

[Mæstro]

I would like kindly to request some exemption to Anubis filtering for my own Pale Moon browser. It might be wise to discuss precise technical measures for this in private messages. I have always preferred to browse this forum (and the net generally, with limited exceptions) with scripts disabled, and I boycott most sites which have enabled Anubis or similar measures because they wrongly punish natural users who disable scripts if their site contents are static, ie should not otherwise require scripts. (This practise long antedates LLM scraping bots; it originally targetted the general use of JavaScript to render basic matter well within HTML and CSS’s scope. Challenges like Anubis condition access to a static site on using JavaScript in the same way.) I understand why so many sites are walling themselves up, but I am regularly treated as a false positive (and the Anubis documentation admits this is a flaw in its method), and it is deeply awkward to see this happening here.

[Moonchild]

Yeah, the problem is that it's exactly the sites with "static" content, i.e. the sites where compositing is done on the server-side, that are most impacted by bad scraping, AI hammering and DoS abuse, because they have heavier server load for each request. Whether something is historical or not matters not when responding to a dynamic landscape like the Internet. This is entirely reactive to the current situation. It's annoying that corner cases like your preferred browser use without scripting fall by the wayside but I'm not happy about being asked first thing to punch a hole into the setup I just spent time on configuring that could be abused by the very bots/scrapers I'm trying to keep out.
It is annoying that these challenges have to be JS-based. But that is the way it is for now.
I've sent you a PM to see if there is an option available.

[Mæstro]

In my private message, I have mentioned a possibility which others have used viably to guard their sites. In any case, I do not wish to ask you to compromise site security. I recognise how PHP does amazing things on the server side, and this is one of the reasons why I like it so much. I also recognise that you are moving house now, so this is coming at an especially awkward time. Meanwhile, I have found that I can disable JavaScript after Anubis clears me and continue browsing and posting here as normal. Because I have tolerated such intermittent JavaScript use on this board already when adding smilies, I can tolerate this additional ad hoc measure for the time being.

[Moonchild]

Sorry that it's inconvenient to pass the bot check for you. The "alternative" didn't actually give me any information as to what they are using. I'll have to use some off-the-shelf system for this one way or another because I may just as well keep manually filtering if I have to tailor-make some solution for this. Not what I want to (or can) spend my time on.

[Gemmaugr]

I just had a weird thing happen (https://pasteboard.co/eZ92Ls2BC9TH.png), but now it's back to normal (when I tried to make a post about it here, and clicked "submit").

[therube]

I have always preferred to browse this forum (and the net generally, with limited exceptions) with scripts disabled

You still can*.
I have JavaScript disabled at the moment.


*can.
JavaScript is only need be enabled during the initial site load, log in.
After that you can disable it.
(And there must be a session timeout limit, at which point you might have to toggle JS again, & back.
Similar applies to Private Windows.)


(Oh, I now see that you see that also.)

[therube]

I just had a weird thing happenj...

Looks like Styles were disabled.
Could have been you disabling in the browser, by various means, or maybe just a quirk in the board.
You can see what you screenshot shows by disabling Styles (in PM).

View | Page Styles -> No Style

[Gemmaugr]

I just had a weird thing happenj...

Looks like Styles were disabled.
Could have been you disabling in the browser, by various means, or maybe just a quirk in the board.
You can see what you screenshot shows by disabling Styles (in PM).

View | Page Styles -> No Style

I see. I've never disabled them myself, and I have no addon that does it either.
The same kind of thing has happened on a few sites before (4chan, anidb), but refreshing the page usually helped.
Hmm. I wonder why it happens by itself, and on specific sites.