I've had to turn on Cloudflare under attack mode, which is why you may see a cloudflare page with a checkbox. The site was down this morning due to more unique traffic than normal that was causing the database to bottleneck. The amount of traffic isn't enough for me to consider it a DDoS, but we may be getting scraped by a bot that isn't playing nice. I'll be leaving the under attack mode on for a day or two and then I will turn it off an reevaluate if it's still needed.

Now that it's been a few days, I've turn it back off to see if it's safe to leave off.

Cloudflare's analytics caught up enough to actually show how bad it was while this was happening. We had 1.3 million hits on the 13th, well above our usual ~150 thousand hits. The unique visitors went well about our usual ~5 thousand to 205 thousand.

This was indeed a DDoS, and it probably was from some mass scraping to feed some new LLM or something. If it happens again I may need to do more investigation into where the requests are coming from to see if there are any dodgy user agents, or enough requests from individual IPs to be able to rate limit. Unfortunately from what I know has been happening out there, proof of work is the only current solution that appears to really work well.