lodion

Seeing what appears to be a distributed scrape or AZ coming from multiple network from multiple overseas locations. From what I can tell predominantly bon English speaking countries.

I've had to be pretty heavy handed with the catpcha challenges for those countries for now. It seems to have helped, will keep an eye on things. Hopefully not too much collateral damage to legitimate users....

Seems to have been more malicious traffic today, causing issues for the site. I've put a block in place, which seems to have helped.
I'll keep an eye on it.

We've seen some issues with AZ again today. On investigating it looks like more DDOS/abuse traffic from overseas. I've applied the same sort of block as last time we saw this, and things appear to have returned to normal..

The sharp drop is when the "attack" started, the jump is when it was blocked... the red line is blocked requests.

Lemmy 0.19.11 (which I've just upgraded AZ to) has a new feature to allow regular federation, but require users be logged in to view content.

I'd like to gauge feedback from users on this. It will not add privacy, or limit the propagation of posts/comments etc. But it will limit AZ server resource consumption by bots or users that are not logged in.

Thoughts/concerns on enabling this feature?

Update: thank you all for your thoughts and feedback on this. We'll leave AZ as it is, though may use this feature in future if we need to mitigate attacks or other malicious traffic.

Not entirely clear to me what is going on, but we've seen a large influx in traffic from oversea today. This has lead to high CPU and performance issues.

I've put in place a block to what seems to be the source of the traffic, but its not perfect and may cause other issues. If you see/hear of any please let me know here.

I'm about to restart services for this upgrade. Shouldn't be down longer than a few minutes.

I'll be working on upgrading aussie.zone to lemmy 0.19.6 today. All going well disruption will be brief, but there may be some performance issues related to back end DB changes required as part of the upgrade.

I'll unpin this once complete.

I've spun this up for fun, to see how it compares to the base lemmy UI. Give it a whirl, and post any feedback in this thread. Enjoy!

It could go down at any time, as it looks as though the dev is no longer maintining it...

edit: using this https://github.com/rystaf/mlmym

UPDATE Tuesday 12/11: I've killed this off for now. Unclear of why, but was seeing a huge number of requests from this frontend to the lemmy server back end. Today it alone sent ~40% more requests than all clients and federation messages combined.

Its been 6 months or so... figure its time for another of these. Keep in mind there have been some major config changes in the last week, which has resulted in the oddities below.

Graphs below cover 2 months, except Cloudflare which only goes to 30 days on free accounts.

CPU:

Memory:

Network:

Storage:

Cloudflare caching:

Comments: The server is still happily chugging along. Looking even happier now that I've properly migrated pict-rs to its integrated object storage config, rather than the bodged up setup.

RAM/CPU are all fine. Storage use is growing slowly as various databases grow. Still a long way from needing to purge old posts, if ever.

Cloudflare is saving less traffic these days, since Lemmy added support to proxy all images. Not a concern, well under the bandwidth cap for the server.

As usual feel free to ask any questions.

testing

I'm in the process of migrating images to a properly configured object storage setup. This involves an offline migration of files. Once complete, I'll start up pict-rs again. Until then, most images will be broken.

All going well this will finish by morning Perth time, and once up and running again may help with the ongoing issues we've had with images.

After some users have had issues recently, I've finally gotten around to putting in place a better solution for outbound email from this instance. It now sends out via Amazon SES, rather than directly from our OVH VPS.

The result is emails should actually get to more people now, rather than being blocked by over-enthusiastic spam filters... looking at you Outlook and Gmail.