Omnimaga
Omnimaga => News => Topic started by: Eeems on April 13, 2025, 01:58:38 pm
-
I've had to turn on Cloudflare under attack mode, which is why you may see a cloudflare page with a checkbox. The site was down this morning due to more unique traffic than normal that was causing the database to bottleneck. The amount of traffic isn't enough for me to consider it a DDoS, but we may be getting scraped by a bot that isn't playing nice. I'll be leaving the under attack mode on for a day or two and then I will turn it off an reevaluate if it's still needed.
-
You totally did the right thing in turning on under attack mode – even if it's not a full-on DDoS, this sort of scraping can actually bring the DB to its knees. Maybe block some dodgy user agents or add some rate limiting rules? Stops them dead in their tracks short-term.
Had a similar issue on another board – a weird bot caused chaos but didn't set off normal alarms. Cloudflare was a lifesaver, though some genuine users complained. Thanks for acting so fast, the site's okay again! :) (https://projektowanie.art)
-
Now that it's been a few days, I've turn it back off to see if it's safe to leave off.
Cloudflare's analytics caught up enough to actually show how bad it was while this was happening. We had 1.3 million hits on the 13th, well above our usual ~150 thousand hits. The unique visitors went well about our usual ~5 thousand to 205 thousand.
This was indeed a DDoS, and it probably was from some mass scraping to feed some new LLM or something. If it happens again I may need to do more investigation into where the requests are coming from to see if there are any dodgy user agents, or enough requests from individual IPs to be able to rate limit. Unfortunately from what I know has been happening out there, proof of work is the only current solution that appears to really work well.