just blocked the entirety of hong kong from poast nitter due to somebody using 17 individual /24s (256 IPs * 17) to scrape absolutely everything from veechubas to literal nobodies with 1-2 followers
@graf I am never kidding when I tell people this, just drop the entirety of APNIC at the firewall
There are 0 (zero) negative consequences.
Chinks gooks and abos out
@pwm this one actually was also using US residential proxies, a couple US based datacenter ranges.
I wonder if its a mix of servers with /24 (you can rent them for like 150-200$ they call them "SEO servers") and purchased proxies or what but there's a lot of money at play here for that large of a coordinated scrape. 200k requests per second at its peak is crazy. per server
@graf For a big thing like this it will probably only sorta help, but I find especially for my email server that you stop being low hanging fruit for those not throwing around cash to rent residential proxies
@pwm yeah how im doing this definitely isn't sustainable. i'm evaluating ways i can keep it public but also limit access. i wish it was as easy of just setting up an oauth login for poast users but others use it too. even people not on fedi and i feel bad cutting them off to deal with some shitty people. blocking entire ranges is fine for now but people get caught in the crossfire (and iptables/nginx have limits to the amount of IPs they store 'in memory')
this weekend I'm going to tear everything out as far as blocks and stuff are concerned and do it a little more elegantly. it's a lot of work but hopefully in the long run it'll be manageable enough
@graf@pwm can't you just put a small PoW in front of whatever is being scraped? If a session that passed the PoW starts hammering too fast, they get it again.
@einmad@pwm they dont hammer fast. it's 10000s of IPs requesting accounts crawling via mentions/reposts 1-2 requests every maybe 30-45 seconds sometimes up to a minute or two. but because there are so many of them it flies under the radar because it doesn't appear as a traffic anomaly
the challenge might be enough. ideally I'd like to redirect traffic to a separate server set up as a tarpit so it keeps the request open forever just to see what it would do
@graf seems like a difficult problem to solve.. if all the ips are from one region thats one thing, but if they use proxies from all over the place, i guess you could implement some kind of rate limiting for the server over all..
@WoodenDoorInspector ratelimiting for the server 'overall' exists already. they are using entire class C subnets requesting 1-2 people every 20-30 seconds so it flies under the radar because it's not "obvious" abuse until you start checking the logs and sorting by unique ip
@graf getting a large swath of ips all together like that.. could be a state actor as thats pretty unusual.. and limiting the rate of their requests so it flies under the radar for a slow scrape, that is difficult to prevent since it looks like normalish traffic.
@WoodenDoorInspector 77k requests/s per server vs 7k avg is not normal so i knew something was definitely going on. it's hard to find them all though so it took me a little while but i'm satisfied they've been dealt with for now. until they buy more proxy, servers whatever
so there's actually way more. 146 /24s and counting so far. somebody really wants this data. thats a fuck of a lot of $$$ for that many IPs. still going about 65k requests/s but im trimming them out
got rid of all of them. 7800 requests and 3700 requests per second respectively on both servers which is average traffic. good job poast we defeated the chicom enemy
@pirin04@graf I joined goob during its first year of existence and I am a founding member of poast. Trust me, I have seen the difference evolve over the years.
@TrevorGoodchild@pirin04 im gonna log into the database server and fix the case on your tag friend its bothering me and it's something I can only do manually in the database for now
@TrevorGoodchild@pirin04 somebody donated 10$ for the poast nitter in the middle of the night with the message "I rely on your Nitter instance. The recent outage made me think I should support now, before you go offline. I will do this again when I can. Thanks for your effort."
thats why i do the things i do. i try to help where i can and i appreciate that people care about that
Add comment