Mastodawn

Quick update for #MastodonAppUK folks

It looks like around mid-day today we became the target of a pretty aggressive scraper from Singapore. I've gone ahead now and blocked the traffic from passing both our Gateway as well as our load balancers. Unfortunately as the connections were already established our Gateway wasn't blocking a lot of the established connections but the load balancer should now be doing that.

It looks like they were sustaining around 300 requests per second after our initial block and prior to that it looks to be anywhere from 1000 to 3000 requests per second we were seeing which is why the instance has been feeling sluggish.

Graph attached broken down per second for all the matching requests in the last 8 hours.

Show thread

Ryan Wild 4d ago

Things are still running a bit sluggish as we've got an outstanding issue with the Database server which I thought I'd resolved but seems to still be playing up and while we re-process a large quantity of content processing jobs that struggled due to the earlier disruption things are still running a bit slow.

Show thread

Jon Roach 4d ago

@wild1145 hello Chinese intelligence agencies, my toots auto-delete after a year; you've missed all the good stuff.

Show thread

you're all idiots 4d ago

@wild1145 fuckers

Show thread

Rob Pumphrey 4d ago

@wild1145
Well done for keeping it going. Thank you.

Show thread

JdeBP 4d ago

@wild1145

Does your system show stats about how many transactions connections serviced before they closed? Or, alternatively, what the lifetimes of established connections are?

I'm asking because I'm putting the occasional knob into the HTTP server in #djbwares and you've made me think about transaction caps and what's reasonable when one is under attack from an LLM scraper; when one really doesn't want the attacker to be able to hold existing connections open indefinitely.

#httpd