Seeing what appears to be a distributed scrape or AZ coming from multiple network from multiple overseas locations. From what I can tell predominantly bon English speaking countries.
I've had to be pretty heavy handed with the catpcha challenges for those countries for now. It seems to have helped, will keep an eye on things. Hopefully not too much collateral damage to legitimate users....
Lodion 🇦🇺 - 4mon
I've expanded the cloudflare challenges to all non Australian requests. This has made a massive impact.. I'll look at ways to relax this tonight.
For now users outside Australia will receive a cloudflare challenge in their browser. Lemmy apps will likely not function.
11
skribe - 4mon
It looks like I'm leaving. I'm in Singapore and the site is almost unusable. Thanks for a great 2 years. It's been a pleasure.
2
Lodion 🇦🇺 - 4mon
I'm still working to relax the restrictions.. unfortunately it's very difficult to differentiate legitimate users traffic from the bots.
5
spiffmeister - 4mon
That'd be sweet. I'm in Germany and so far none of the apps work. Just using my phones browser at this point.
3
Lodion 🇦🇺 - 4mon
I've made further changes... what app do you usually use? Worth trying again now, please let me know how it goes.
2
spiffmeister - 4mon
I use jerboa. I have just tried and it seems like it's working. Cheers. I'll keep you posted if things change though.
Thanks for the hard work mate.
4
Lodion 🇦🇺 - 4mon
Thanks, that confirms some of the changes I've made are working.
4
MisterFrog - 4mon
Dang, perhaps time to start singapore.zone? (I jest, it's unfortunate that a few bad actors ruin it for everyone)
1
Lodion 🇦🇺 - 4mon
How is everyone finding AZ performance for the last hour or so?
6
Dimand - 4mon
Much improved compared to earlier today. Many thanks for your work.
5
maniacalmanicmania - 4mon
Snappy on laptop and phone. Thanks!
3
eatham 🇦🇺 - 4mon
Way faster. Thank you for fixing it
3
maniacalmanicmania - 4mon
Think it's the same AI scraping crap everyone is getting smashed by?
6
Nath - 4mon
Possibly. It'd be a terrible way to get that data if so. You could just spin up a Lemmy instance and federate with all of Lemmy far easier than trying to scrape all the web front-ends. Also, we try to fly under the radar from the Internet a bit. We opt out of Google searches, Amazon, Apple and GPTBot for example.
While our data is all human-generated (attractive), we're a pretty small userbase. There are shinier web sites to scrape than us.
8
Gorgritch_Umie_Killa - 4mon
Whats the difference between this event and a DDoS event?
I was able to access AZ on the browser during the downtime period, i'd assume that wouldn't be the case with a DDoS?
1
Lodion 🇦🇺 - 4mon
Recent issues appear to be AI bots scraping lemmy content, posing as legitimate user traffic.
The difference between this and a regular DDoS is the intent behind it. I don't believe the traffic we're seeing is intended to be malicious as with a DDoS, but due to the incompetence of those behind the scraping... it effectively is a DDoS.
2
Schwenckenator - 4mon
I'm lurking from Japan! I'm getting a challenge, but it works fine.
It probably helps that I always use the browser haha
5
Lodion 🇦🇺 - 4mon
Thanks for posting, good to confirm it's working as expected.
3
Zagorath - 4mon
We're behind Cloudflare, right? Do we have their new AI blocking features enabled?
4
Lodion 🇦🇺 - 4mon
Yes, amongst other things.
5
Lodion 🇦🇺 - 4mon
Cloudflare's security features are serving us very well:
The red line shows the blocks put in place stopping a recent surge in hits. If the blocks weren't in place, AZ would likely be almost entirely offline.
lodion in meta
More AZ issues 19/8/25
Seeing what appears to be a distributed scrape or AZ coming from multiple network from multiple overseas locations. From what I can tell predominantly bon English speaking countries.
I've had to be pretty heavy handed with the catpcha challenges for those countries for now. It seems to have helped, will keep an eye on things. Hopefully not too much collateral damage to legitimate users....
I've expanded the cloudflare challenges to all non Australian requests. This has made a massive impact.. I'll look at ways to relax this tonight.
For now users outside Australia will receive a cloudflare challenge in their browser. Lemmy apps will likely not function.
It looks like I'm leaving. I'm in Singapore and the site is almost unusable. Thanks for a great 2 years. It's been a pleasure.
I'm still working to relax the restrictions.. unfortunately it's very difficult to differentiate legitimate users traffic from the bots.
That'd be sweet. I'm in Germany and so far none of the apps work. Just using my phones browser at this point.
I've made further changes... what app do you usually use? Worth trying again now, please let me know how it goes.
I use jerboa. I have just tried and it seems like it's working. Cheers. I'll keep you posted if things change though.
Thanks for the hard work mate.
Thanks, that confirms some of the changes I've made are working.
Dang, perhaps time to start singapore.zone? (I jest, it's unfortunate that a few bad actors ruin it for everyone)
How is everyone finding AZ performance for the last hour or so?
Much improved compared to earlier today. Many thanks for your work.
Snappy on laptop and phone. Thanks!
Way faster. Thank you for fixing it
Think it's the same AI scraping crap everyone is getting smashed by?
Possibly. It'd be a terrible way to get that data if so. You could just spin up a Lemmy instance and federate with all of Lemmy far easier than trying to scrape all the web front-ends. Also, we try to fly under the radar from the Internet a bit. We opt out of Google searches, Amazon, Apple and GPTBot for example.
While our data is all human-generated (attractive), we're a pretty small userbase. There are shinier web sites to scrape than us.
Whats the difference between this event and a DDoS event?
I was able to access AZ on the browser during the downtime period, i'd assume that wouldn't be the case with a DDoS?
Recent issues appear to be AI bots scraping lemmy content, posing as legitimate user traffic.
The difference between this and a regular DDoS is the intent behind it. I don't believe the traffic we're seeing is intended to be malicious as with a DDoS, but due to the incompetence of those behind the scraping... it effectively is a DDoS.
I'm lurking from Japan! I'm getting a challenge, but it works fine.
It probably helps that I always use the browser haha
Thanks for posting, good to confirm it's working as expected.
We're behind Cloudflare, right? Do we have their new AI blocking features enabled?
Yes, amongst other things.
Cloudflare's security features are serving us very well:
The red line shows the blocks put in place stopping a recent surge in hits. If the blocks weren't in place, AZ would likely be almost entirely offline.