Ahoy m@tes, the scraping bot situation has been escalating recently, as you all may have already noticed by the recent site instability and 5xx error responses. @tenchiken@anarchist.nexus has been scrambling to block new scraping subnets as they appear, but these assholes keep jumping providers so it's been an endless loop and constant firefighting.
I finally had enough and decided to onboard a Proof-of-Work countermeasure, very much like Anubis which has been very popular on the fediverse lately. However I went with Haphash which has been especially designed around haproxy (our reverse proxy of choice) and is hopefully much more lightweight.
The new PoW shield has already been activated on both Divisions by Zero on Fediseer as well. It's not active on all URLs,. but it should be protecting those which have the most impact on our database, which is what was causing the actual issue. You should notice a quick loading screen on occasion while it's verifying you.
We've already seen a significant reduction in 5xx HTTP errors, as well as a slight reduction in traffic, so we're hoping this will make a good impact in our situation.
Please do let us know if you run into any issues, and also let us know if you feel any difference in responsiveness. The first m@ates already feel it's all snappier, but that just be placebo.
And let's hope the next scraping wave is not pwned residential botnets, or we're all screwed >_<
I wonder if this change affects Lemmy clients? I use Voyager and it currently works fine.
It shouldn't. So long as you can run JavaScript, it should work everywhere.
Most clients use an API connection which is specific to Lemmy. This is extra work to make scrapers speak that language so no scraper does.
For the moment, a scraper trying to hit any API endpoint would just get a simple malformed request error. With any luck, it stays this way so we don't have to protect API directly.