Hi all. Fedia.io has for a long time been subject to ddos attacks, including many that are "accidental", caused by myriad scrapers constantly hammering the site. I gave up on trying to play whack-a-mole with blocking them based on IP address (they do not honor robots.txt and do not use a conspicuous user agent string) since I was inadvertently blocking some legitimate users. So, I've restricted access to the content of fedia.io to only those that are logged in. That will mean we don't show up in search engines and whatnot, which for some will considered a good thing and will likely cause others to leave.
There is a remaining problem related to the login form. Calls to the login page are breathtakingly expensive, computationally speaking, and so I also have a script that monitors unusual numbers of calls to that form and blocks at the firewall any offenders. I strongly suspect I'm catching some legitimate users with this too, and so I continue to try to tune it, but it's maddening, y'all.
These issues have been causing performance problems for everyone (despite the fedia.io app running on a dedicated 96 core, 256GB server with nvme disks), and became unavailable for certain people that accidentally tripped various thresholds. I'm hoping most of this is resolved now.
Thanks for the patience.
Yes it should be as simple as twig html templating. And some basic db queries like checking if you are logged in already or not.
So we try to optimize where possible now. And find the root cause of the unwanted high resource usage. Reducing the amount of db queries as well as if we can get rid of csrf sessions and migrate to stateless csrf.
Then again, if your server is indeed getting ddosed, like 100k requests per second, almost any application, server or database will be unable to cope with that amount of load.
It’s an application level ddos. Blocking anonymous access helped a bunch, but I am still getting about 5-10 login requests per second from hundreds of different IPs
I heard the improvements on the main branch already helped you.
You and the mbin team continues to amaze me. Thank you so much!