this post was submitted on 22 Jul 2023
128 points (93.8% liked)

Lemmy.World Announcements

29063 readers
3 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news ๐Ÿ˜

Outages ๐Ÿ”ฅ

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations ๐Ÿ’—

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 1 year ago
MODERATORS
 

Today, like the past few days, we have had some downtime. Apparently some script kids are enjoying themselves by targeting our server (and others). Sorry for the inconvenience.

Most of these 'attacks' are targeted at the database, but some are more ddos-like and can be mitigated by using a CDN. Some other Lemmy servers are using Cloudflare, so we know that works. Therefore we have chosen Cloudflare as CDN / DDOS protection platform for now. We will look into other options, but we needed something to be implemented asap.

For the other attacks, we are using them to investigate and implement measures like rate limiting etc.

top 50 comments
sorted by: hot top controversial new old
[โ€“] stevestevesteve@lemmy.world 24 points 1 year ago (1 children)

Cloudflare isnโ€™t bad per se, but having huge amounts of the public internet behind a centralized provider is bad for the flexibility and resiliency of the internet as a whole.

[โ€“] linearchaos@lemmy.world 3 points 1 year ago

Maybe one day we'll work out a distributed version. The upside is, they're a filter, not the actual site. If we work out better long term strats they're disposable. If they're worse than not having them at any point, it's just a dns change to kick em to the curb

[โ€“] kn33@lemmy.world 19 points 1 year ago

It's not. People hate large companies that have a dominant position in their industry. Usually, that's fair. However, in the case of DDoS protection, you have to have a large overbearing presence to be able to have the capacity to withstand such attacks. People don't know how to see through what's typically true for what's true in this case. Do I like having a dominant player in an industry? Not particularly. Do I understand why it's necessary in this case? Yes.

[โ€“] ulu_mulu@lemmy.world 16 points 1 year ago (60 children)

Thank you for the amazing job, as always! Cloudflare is a solid solution :)

load more comments (60 replies)
[โ€“] zikk_transport2@lemmy.world 16 points 1 year ago* (last edited 1 year ago) (13 children)

Imagine hosting a service for anyone else to use it, free of charge, no ads, free & open API, yet some idiots think it's fair to (D)DOS it.

There are more "interesting" targets, worst case - Reddit, who thinks everyone is just a number/noise.

Just leave Lemmy alone. :(

[โ€“] leapingleopard@lemmy.world 7 points 1 year ago (1 children)

we will all still be here when their hyperactivity wears off.

with the old Reddit simulator, personally I'm not going anywhere anytime soon. This place has a great user base and it feels so old-school.

[โ€“] SupraMario@lemmy.world 2 points 1 year ago

The new layout with old.lemmy I came back, and new apps coming out for it. It's been a good replacement. Was on tildes, but got banned for just discussing difficult topics....the admin there is just ban happy and yea he owns the site but will just ban people for no reason. Not to mention that the users over there, assuming new people are using the malicious tag as a down vote button which probably goes right to the admin. So you step out of line and you get banned. I really liked the place too, but it's not wanting to be a serious place to discuss topics with an admin like that.

load more comments (12 replies)
[โ€“] Tag365@lemmy.world 12 points 1 year ago (1 children)
load more comments (1 replies)
[โ€“] pickman_model@lemmy.world 11 points 1 year ago

Thanks a lot for all the work you folks are doing to keep this instance up.

[โ€“] BarterClub@sh.itjust.works 8 points 1 year ago (5 children)

Don't forget. Donate to them. There are no ads here. So we have to maintain the staff and servers.

Lemmy World

https://www.patreon.com/mastodonworld?utm_campaign=creatorshare_fan

Lemmy Devs

https://www.patreon.com/dessalines?utm_campaign=creatorshare_fan

load more comments (5 replies)
[โ€“] Noneo@lemmy.world 7 points 1 year ago (6 children)

Obviously cloudflares ddosing lemmy just to get some extra money

load more comments (6 replies)
[โ€“] md5crypto@lemmy.world 6 points 1 year ago

Also when will CloudFlare drop lemmy as a 'Nazi' site?

[โ€“] AphoticDev@lemmy.dbzer0.com 5 points 1 year ago (1 children)

It's not ideal, but there's not a whole lot of options out there for DDoS mitigation.

load more comments (1 replies)
[โ€“] Nerrad@lemmy.world 5 points 1 year ago

My biggest problem with CloudFlare is that very often they don't play nicely with VPN.

[โ€“] drmoose@lemmy.world 3 points 1 year ago (10 children)

I hope lemmy.world can avoid using Cloudflare which goes against the spirit of Fediverse as it's just an objectively evil company.

[โ€“] ruud@lemmy.world 7 points 1 year ago

Agreed. This is an emergency fix. Will look for final solution later.

load more comments (9 replies)
[โ€“] solrize@lemmy.world 3 points 1 year ago

Any news? I'm still seeing empty pages sometimes (db errors I think), s6 wonder if the kiddies are somehow getting through despite cloudflare.

[โ€“] Bosa@lemmy.world 3 points 1 year ago* (last edited 1 year ago) (1 children)

That's for for always keeping everyone up date. Sucks that you have these people wanting to DDOS a free community of people, I don't get it.

Either way thank you. Now to just somehow find a decentralized version of CloudFlare so we don't have to deal with there trackers that they have.

[โ€“] gnarly@lemmy.world 3 points 1 year ago

Commercial interest wants to see free communities like this die out. I won't name names.

[โ€“] chomusuke@lemmy.world 2 points 1 year ago (2 children)

old.lemmy.world still exposes your hetzner server to the internet, just a quick heads up.

load more comments (2 replies)
[โ€“] Noneo@lemmy.world 2 points 1 year ago* (last edited 1 year ago) (1 children)

Well I signed today and I got an error saying rate limit earlier for using these types of symbols "รฎยฆรขรถ)รฉรฉรครซ((ยบรœรยจยฟรฃยฟรฏ" I'm assuming It has nothing to do with this but just In case I'm making a comment about it edit:also just realized It may have been from how long the password was (33 characters)

[โ€“] abhibeckert@lemmy.world 2 points 1 year ago* (last edited 1 year ago)

This might be related. Encrypting passwords is resource intensive, and longer passwords need more resources.

Specifying really long passwords, repeatedly, is one way to DDoS a server. Maybe they're blocking unnecessarily long passwords.

[โ€“] ItsMyFirstDay@lemmy.world 2 points 1 year ago (1 children)

In case you haven't considered this, some helpful advice. To keep them from the lemmy.world door after the CDN installation

  • Change the public IP addresses
  • rotate your certificates
  • block all traffic appart from the CDN and only allow a limited known good IP addresses (like yours and your support team). These steps will make your server harder to find, hopefully they move on.
[โ€“] daniyyel@lemmy.world 2 points 1 year ago (1 children)

You might have Cloudflare add a request header to the origin request, like x-cloudflare-key: <somesecret>, and then configure nginx on the server to block everything not containing that header.

load more comments (1 replies)
[โ€“] thatguydude@lemmy.world 2 points 1 year ago

I joined July 1 for obvious reasons, I love it here.

I'm asking how many times has lemmy had to deal with these kinds of attacks prior to the "Date shall not be named"

Cause it kinda seems pretty coincidental for the amount of times I've been forced to be "offline" on this platform is gd laughable.

I thumbs up good content always.

[โ€“] michael@lemmy.perthchat.org 2 points 1 year ago (5 children)

Hmmm, we're getting a fuckload of web requests on our Lemmy too... I think I'll enable CloudFlare too! :)

load more comments (5 replies)
[โ€“] Jackthelad@lemmy.world 2 points 1 year ago (2 children)

I don't understand why people want to take down websites. Especially sites like Lemmy, which isn't exactly sticking it to anyone because no one owns it!

Are they just Reddit groupies?

[โ€“] RightHandOfIkaros@lemmy.world 5 points 1 year ago (2 children)

For most hackers or wanna-bes (often called Script Kiddies, that is, people (generally young, even children thus the "Kiddies") who are not technologically inclined enough to be real hackers and see a tutorial online on how to run pre-written scripts that repeatedly perform various functions), the answer to "Why do you do it?" is often:

  1. "Because I was bored."

  2. "Because I can."

Very rarely are other reasons given.

load more comments (2 replies)
load more comments (1 replies)
[โ€“] spookedbyroaches@lemm.ee 2 points 1 year ago (4 children)

Come on everyone, let's be better than this. Ruud literally said script kids, why do yall have to go and blame reddit? The Lemmy gets more attention, and chaotic dumbasses do their thing. You don't have to do any mental gymnastics to tie it back to spez.

load more comments (4 replies)
[โ€“] tabular@lemmy.world 2 points 1 year ago

I would like to know the answer too.

load more comments
view more: next โ€บ