Hi all. Fedia.io has for a long time been subject to ddos attacks, including many that are "accidental", caused by myriad scrapers constantly hammering the site. I gave up on trying to play whack-a-mole with blocking them based on IP address (they do not honor robots.txt and do not use a conspicuous user agent string) since I was inadvertently blocking some legitimate users. So, I've restricted access to the content of fedia.io to only those that are logged in. That will mean we don't show up in search engines and whatnot, which for some will considered a good thing and will likely cause others to leave.
There is a remaining problem related to the login form. Calls to the login page are breathtakingly expensive, computationally speaking, and so I also have a script that monitors unusual numbers of calls to that form and blocks at the firewall any offenders. I strongly suspect I'm catching some legitimate users with this too, and so I continue to try to tune it, but it's maddening, y'all.
These issues have been causing performance problems for everyone (despite the fedia.io app running on a dedicated 96 core, 256GB server with nvme disks), and became unavailable for certain people that accidentally tripped various thresholds. I'm hoping most of this is resolved now.
Thanks for the patience.
I’d say it’s crippled but not useless, just as old-fashioned non-federated forums are still useful despite limitations. And as it is now we still have some of the fedi benefits.
bug 1
One bug comes to mind, which should perhaps be reported against kbin. Is the current locked down state something that is facilitated by the software, or did you hack it to redirect outsiders to login screens? If it’s the former, then the software is disservicing users who unwittingly post a link back to the access-restricted resource. If I cross-post by posting a link to fedia.io/yadayada, I should ideally get a warning to say “are you sure you want to post a link that is inaccessible to outsiders?”
bug 2 (more of an enhancement)
One work around is for a Fedia user to create a post, wait for a non-fedia response, then dig up the cached version on the non-fedia host and publicise that link in other places. That’s already possible with a bit of navigation effort. It would be useful if users could obtain a link farm of cached versions of any post or comment. Not just for the situation at hand but with small hosts coming and going coupled with censorship as well, users of mastodon, lemmy, and [km]bin all suffer from dataloss. A sophisticated client could use caching info to locally build/recover a complete thread, as well as track points of data loss.
Anyway, just brainstorming here.