Seeing what appears to be a distributed scrape or AZ coming from multiple network from multiple overseas locations. From what I can tell predominantly bon English speaking countries.
I’ve had to be pretty heavy handed with the catpcha challenges for those countries for now. It seems to have helped, will keep an eye on things. Hopefully not too much collateral damage to legitimate users…
I’ve expanded the cloudflare challenges to all non Australian requests. This has made a massive impact… I’ll look at ways to relax this tonight.
For now users outside Australia will receive a cloudflare challenge in their browser. Lemmy apps will likely not function.
It looks like I’m leaving. I’m in Singapore and the site is almost unusable. Thanks for a great 2 years. It’s been a pleasure.
I’m still working to relax the restrictions… unfortunately it’s very difficult to differentiate legitimate users traffic from the bots.
That’d be sweet. I’m in Germany and so far none of the apps work. Just using my phones browser at this point.
I’ve made further changes… what app do you usually use? Worth trying again now, please let me know how it goes.
I use jerboa. I have just tried and it seems like it’s working. Cheers. I’ll keep you posted if things change though.
Thanks for the hard work mate.
Thanks, that confirms some of the changes I’ve made are working.
Dang, perhaps time to start singapore.zone? (I jest, it’s unfortunate that a few bad actors ruin it for everyone)
Think it’s the same AI scraping crap everyone is getting smashed by?
Possibly. It’d be a terrible way to get that data if so. You could just spin up a Lemmy instance and federate with all of Lemmy far easier than trying to scrape all the web front-ends. Also, we try to fly under the radar from the Internet a bit. We opt out of Google searches, Amazon, Apple and GPTBot for example.
While our data is all human-generated (attractive), we’re a pretty small userbase. There are shinier web sites to scrape than us.
Whats the difference between this event and a DDoS event?
I was able to access AZ on the browser during the downtime period, i’d assume that wouldn’t be the case with a DDoS?
Recent issues appear to be AI bots scraping lemmy content, posing as legitimate user traffic.
The difference between this and a regular DDoS is the intent behind it. I don’t believe the traffic we’re seeing is intended to be malicious as with a DDoS, but due to the incompetence of those behind the scraping… it effectively is a DDoS.
How is everyone finding AZ performance for the last hour or so?
Much improved compared to earlier today. Many thanks for your work.
Way faster. Thank you for fixing it
Snappy on laptop and phone. Thanks!
I’m lurking from Japan! I’m getting a challenge, but it works fine.
It probably helps that I always use the browser haha
Thanks for posting, good to confirm it’s working as expected.
We’re behind Cloudflare, right? Do we have their new AI blocking features enabled?
Yes, amongst other things.
Cloudflare’s security features are serving us very well:
The red line shows the blocks put in place stopping a recent surge in hits. If the blocks weren’t in place, AZ would likely be almost entirely offline.
