Cloudfare
- tactica
- Location: La Coruña, Spain
- Main keyboard: IBM Model M
- Main mouse: MSI Clutch GM40
- Favorite switch: Buckling springs for now
- DT Pro Member: -
I suppose I'm not the only one who noticed that now we're required to pass a Cloudfare challenge before accessing DT. Looks like the latest move from our benefactors.
I also noticed that right after the daily downtime when everything throws an nginx error you have to log in again, at least with Firefox.
I also noticed that right after the daily downtime when everything throws an nginx error you have to log in again, at least with Firefox.
-
- Location: Australia
- Main keyboard: Matias Quiet Pro
- Main mouse: Logitech Something
- Favorite switch: Orange alps
My 2 cents on this -
People in general only put their sites behind Cloudflare for 2 reasons :
a. caching
b. DDOS protection
Setting up your site with Cloudflare doesn't mean that by default you will always have it check if you're a bot each time anyone connect to it, like DT does now. Someone had to turn that function on manually. Given that fact, I'd guess b) is the answer, or at least the main reason for them doing this. It could be both, of course.
That would then seem to imply that whoever did this may think the site has a problem with DDOS attacks. Perhaps this is their perception of why the site keeps going down?
As for the problems you are facing, they are using Cloudflare in proxy mode (check the IP address of deskthority.net - you will see it now resolves to 2 Cloudflare IPs instead of the German cloud provider's IP that it used to resolve to). In proxy mode, Cloudflare sits in front of the actual server and then forwards the traffic to the actual server hosting the site. It is actually one of the default settings for Cloudflare. However, not everything works properly with proxy mode turned on. My guess is that the authentication system for the site is likely incompatible with it, which is why you keep getting logged off.
People in general only put their sites behind Cloudflare for 2 reasons :
a. caching
b. DDOS protection
Setting up your site with Cloudflare doesn't mean that by default you will always have it check if you're a bot each time anyone connect to it, like DT does now. Someone had to turn that function on manually. Given that fact, I'd guess b) is the answer, or at least the main reason for them doing this. It could be both, of course.
That would then seem to imply that whoever did this may think the site has a problem with DDOS attacks. Perhaps this is their perception of why the site keeps going down?
As for the problems you are facing, they are using Cloudflare in proxy mode (check the IP address of deskthority.net - you will see it now resolves to 2 Cloudflare IPs instead of the German cloud provider's IP that it used to resolve to). In proxy mode, Cloudflare sits in front of the actual server and then forwards the traffic to the actual server hosting the site. It is actually one of the default settings for Cloudflare. However, not everything works properly with proxy mode turned on. My guess is that the authentication system for the site is likely incompatible with it, which is why you keep getting logged off.
- Muirium
- µ
- Location: Edinburgh, Scotland
- Main keyboard: HHKB Type-S with Bluetooth by Hasu
- Main mouse: Apple Magic Mouse
- Favorite switch: Gotta Try 'Em All
- DT Pro Member: µ
I had hoped it meant "we are sold at last! maybe the new guy will be better…"
But yeah, the cack-handed way it's been implemented just looks like a quick and dirty patch by someone who doesn't understand the (pretty basic) problem and certainly doesn't fancy actually talking to the community about it. Checks out.
But yeah, the cack-handed way it's been implemented just looks like a quick and dirty patch by someone who doesn't understand the (pretty basic) problem and certainly doesn't fancy actually talking to the community about it. Checks out.
- depletedvespene
- Location: Chile
- Main keyboard: IBM Model F122
- Main mouse: Logitech G700s
- Favorite switch: buckling spring
- DT Pro Member: 0224
- Contact:
Well, the site is not losing my login every few minutes anymore, so I'll call this a step in the right direction.
Besides, the idea that Cloudflare determines I am, indeed, a Human being provides me with a modicum of comfort.
Besides, the idea that Cloudflare determines I am, indeed, a Human being provides me with a modicum of comfort.
- soyuz
- Location: Spain
- Main keyboard: buckling ******
- Main mouse: mouse bad. keybor good.
- Favorite switch: alp white damp
In a wild turn of events, onecommerce people are posting in the Keyboard Institute discord about Deskthority rather than like, actually updating people about the website on the website, so I'll relay it.
- Attachments
-
- Screenshot 2024-03-07 at 19.13.54.png (708.18 KiB) Viewed 1958351 times
- jsheradin
- Location: USA
Cloudflare broke a DT Telegram bot which is how a good chunk of spam posts were dealt with.
Would be nice if the forum owner would bother popping in to say hello rather than hanging out on a Discord server that's not even affiliated with Deskthority. You'd think a company burning as much money as OneCommerce could afford to hire a part time web admin and maybe do something about the dozen new spam accounts each day.
Would be nice if the forum owner would bother popping in to say hello rather than hanging out on a Discord server that's not even affiliated with Deskthority. You'd think a company burning as much money as OneCommerce could afford to hire a part time web admin and maybe do something about the dozen new spam accounts each day.
- depletedvespene
- Location: Chile
- Main keyboard: IBM Model F122
- Main mouse: Logitech G700s
- Favorite switch: buckling spring
- DT Pro Member: 0224
- Contact:
- keyboardjoy
- Location: London
- Main keyboard: Varmilo
- Main mouse: Logi MX Master 3
- Favorite switch: Cherry Blue MX
Hi hi! Somehow I thought everyone was on the Discord but evidently no. We've been under DDoS attack for a few weeks (hence the error page you may have seen on and off). The quick fix I turned on was to add cloudflare which worked successfully (already took a few days to figure out what the issue was). Now I'm trying to make it less aggressive. I've been working on a few interesting things for DT, hopefully will keep releasing changes.jsheradin wrote: ↑07 Mar 2024, 20:09Cloudflare broke a DT Telegram bot which is how a good chunk of spam posts were dealt with.
Would be nice if the forum owner would bother popping in to say hello rather than hanging out on a Discord server that's not even affiliated with Deskthority. You'd think a company burning as much money as OneCommerce could afford to hire a part time web admin and maybe do something about the dozen new spam accounts each day.
-
- Location: Australia
- Main keyboard: Matias Quiet Pro
- Main mouse: Logitech Something
- Favorite switch: Orange alps
I've actually noticed something similar on one of the servers I manage. The traffic is from random Alibaba Cloud blocks. I've only been able to look at it briefly but the only patterns I've noticed are that :
- it hits odd URLs that normally wouldn't be accessed directly
there is no referrer
- tactica
- Location: La Coruña, Spain
- Main keyboard: IBM Model M
- Main mouse: MSI Clutch GM40
- Favorite switch: Buckling springs for now
- DT Pro Member: -
Thank you for that. Can't say I'm surprised.
On the up side, the site is no longer going down so I suppose having to log in every 5 minutes if you forget to refresh the page often is a small price to pay.
- tactica
- Location: La Coruña, Spain
- Main keyboard: IBM Model M
- Main mouse: MSI Clutch GM40
- Favorite switch: Buckling springs for now
- DT Pro Member: -
While you're tightening security, would you have some time to upgrade Mediawiki to the latest version? It would involve upgrading the database software as well as PHP. The version installed is so old (6 years old now) that you would have to upgrade to one intermediate version first (see here).keyboardjoy wrote: ↑07 Mar 2024, 21:13I've been working on a few interesting things for DT, hopefully will keep releasing changes.
- keyboardjoy
- Location: London
- Main keyboard: Varmilo
- Main mouse: Logi MX Master 3
- Favorite switch: Cherry Blue MX
Most data scrappers send a reasonable amount of requests to not get blocked, these guys have been sending 100 requests per second with no signature with the name of the scraper in the header :/sliceoflemon wrote: ↑07 Mar 2024, 22:30I've actually noticed something similar on one of the servers I manage. The traffic is from random Alibaba Cloud blocks. I've only been able to look at it briefly but the only patterns I've noticed are that :
I can't tell what the purpose of that traffic is right now but it looks more like it is scraping data than attempting a DDOS attack. In general, I've seen an increase of traffic from China based cloud IP addresses over the past year or so on the servers I manage and the behaviour changes randomly. For example, there is a China based bot called Petalbot that suddenly appeared somewhere in the last 2 years. It's traffic ranges from fairly benign indexing from a few IP addresses to suddenly massively hammering your server from various random IP ranges at the same time. It's hard to tell what on earth they are up to.
- it hits odd URLs that normally wouldn't be accessed directly
there is no referrer
- keyboardjoy
- Location: London
- Main keyboard: Varmilo
- Main mouse: Logi MX Master 3
- Favorite switch: Cherry Blue MX
Good idea! That's the next one on the list!tactica wrote: ↑08 Mar 2024, 02:05While you're tightening security, would you have some time to upgrade Mediawiki to the latest version? It would involve upgrading the database software as well as PHP. The version installed is so old (6 years old now) that you would have to upgrade to one intermediate version first (see here).keyboardjoy wrote: ↑07 Mar 2024, 21:13I've been working on a few interesting things for DT, hopefully will keep releasing changes.
- keyboardjoy
- Location: London
- Main keyboard: Varmilo
- Main mouse: Logi MX Master 3
- Favorite switch: Cherry Blue MX
- Julle
- Location: Finland
- Main keyboard: Wooting Two HE
- Main mouse: CST L-trac
- Favorite switch: Lekker Hall effect
- DT Pro Member: -
My home IP got randomly banned on DT this morning after the Cloudflare challenge. I have no idea what triggered it. This afternoon the ban was apparently reversed.
EDIT: Never mind, it's banned again.
EDIT 2: It's been fixed, thank you!
EDIT: Never mind, it's banned again.
EDIT 2: It's been fixed, thank you!
Last edited by Julle on 10 Mar 2024, 15:18, edited 2 times in total.
- photekq
- Cherry Picker
- Location: United Kingdom
- Main keyboard: Various Cherry Corp keyboards
- Main mouse: Razer Deathadder (1st gen)
- Favorite switch: Nixdorf 'Soft Touch' MX Black (55g springs)
- DT Pro Member: -
- Contact:
On mobile, I get this on a neverending loop:
- tactica
- Location: La Coruña, Spain
- Main keyboard: IBM Model M
- Main mouse: MSI Clutch GM40
- Favorite switch: Buckling springs for now
- DT Pro Member: -
While you're at it please re-enable the InstantCommons feature so we can again use the pictures freely available at Wikimedia Commons. At some point years ago this was disabled and now some links are broken. Having to download the pictures separately, specify a license, etc. would be plain stupid and it would take more resources.
Thanks.
- tactica
- Location: La Coruña, Spain
- Main keyboard: IBM Model M
- Main mouse: MSI Clutch GM40
- Favorite switch: Buckling springs for now
- DT Pro Member: -
@keyboardjoy
Any updates on the cookie issue? It's driving me nuts trying to edit the wiki.
Edit: Problem has been solved since at least 2 days now.
Any updates on the cookie issue? It's driving me nuts trying to edit the wiki.
Edit: Problem has been solved since at least 2 days now.