so recently my server has unintentionally been inside a DDoS of my own making. any smaller webserver i point my domain at becomes instantly crippled. let me explain the situation...

so i make minecraft mods, right. well, at one point, i made this library mod called CICADA, that has a bunch of shared utilities i use. this is pretty common practice

then once i had that, i realized, hey! why not make a funny thing in this library mod that gives my own minecraft character a cape when anyone sees me! that would be kinda neat.

it couldnt just be simply hardcoded though of course, so i had a genius plan. i would put a simple "api" of sorts up on github pages that would have directories for all the players that i want to have capes. the mod can do a quick http request in the background, and if it doesnt return a 404, load the cape from the png thats returned to display on the player

now you might wonder, this is a perfect idea is it not? how could this possibly have caused any issues? ...yea i think you can roughly guess where this went

for the github pages thing, i used the one domain i had available at the time:
enjarai.dev. now, you may notice that this currently hosts my personal website. which is no longer on github pages.

when i made this migration, i realized something quite concerning. my mods are
popular.

my servers cpu was consistently pinned at 100% over 4 cores, and i was getting...
checks notes thousands of GET requests a second. 24/7. neither me nor my server were very happy about this as you might imagine

for quite a while, i've honestly just kinda... put up with this. there didnt seem to be anything i could do, short of just not using my domain or migrating back to github, neither of which i wanted

its been getting worse and worse though, my disk is filling up with access logs within literal hours after clearing them (so i had to disable those) and im running out of bandwidth quota on my VPS every month. something needs to change

so i shared my problem with a bunch of friends last night, and we brainstormed the hell out of this. after a lot of ideas, including potentially sending malformed PNGs to crash people's games and force them to update the mod (which turned out not to be feasible), i landed on a pretty decent solution i think

everyone using an old version of CICADA will now see this cape. on every single player

i really hope this works, cause if not, im kinda out of ideas

will keep yall posted
@enjarai hey knowing people and how reluctant they are to update you'll get this number of requests for months on end 🙃
@niko i find it really hard to imagine putting up with everyone wearing ugly as hell capes all the time... but you may be right ​​
@enjarai oh i know i would be able to ignore it fine
@niko at the very least it'll most likely get big modpacks to update the mod. and those are by far the biggest contributors of downloads
@enjarai now whether people will update their modpacks :3c
@enjarai i am not helping here sorry lmao
@niko dont worry, ill figure something out, im sure ​​
@niko @enjarai there's also an ultimate option (afaik), removing the briken version from modrinth (probably breaking a lot of modpacks, forcing them to update)
@maia @niko i can definitely do that on modrinth, though it'd be a lot of versions to delete (would need to make a script or smt)

the issue is that im pretty sure curseforge (where all the big packs live) just... doesnt let you delete files entirely. they want to prevent modpacks from breaking at any cost you see, so you fully cannot just remove your files, only "archive" them ;-;
@enjarai @niko Yeahhhh could see that happen too. If so it might be good to take a look at a caching layer. Though it sure must be a massive amount of requests given that the server just handles TLS & serves small images from what it sounds like ​​
@FamiliarDraco @niko oh yea for a while i had nginx just immediately drop the connection once it knew the path. no http response of any kind, just closing the tcp connection

still 100% cpu and filling up quotas. the amount of requests is staggering ;-;
@enjarai @niko even if it only reaches 50 % of players it's already a load reduction and thus cost reduction of 50 %.
I think this solution is very nifty and takes into account the social nature of using software
@saxnot @niko yea i cant imagine it not doing anything. just hope it'll be enough ​​