I don't know if it's a DDoS or a very rude scraper. Stand by.
Also unauthenticated whatever is temporarily kill. Accounts being scraped are a Baraag account, @judgedread , Drew DeVault's accounts, and me. Maybe others. Since one of them is DeVault's old account, it's not randomly selected accounts from the public timeline. It's enough requests that it's actually saturating the pipe. Very large number of hosts and I swat one and another pops up, they're ignoring 429s, 401s, 403s.
@i@judgedread@p Fediarchiver has a ratelimit option that appears to be set to 1 req/s by default. Think I ran it once on FSE to grab a different account, no one complained.
@lain@p@judgedread@mint easy to get pissed at background radiation when a spike occurs, things you've not had to think about for weeks hit you like a brick when you run the aggregate
@i@judgedread@mint Anyone that is annoyed the API is locked down can direct their complaints to @CrunkLord420 . I'd like to personally thank him for making shit that even a monkey can use to cause problems, and then giving it to monkeys that are predisposed to cause problems, and then shrugging. (PROTIP: hard-code some minimum rate-limits so that anyone that is too fucking stupid to run a compiler is not going to do any damage, and stop making "regular-ass browser UA string" the default in the example config.)
I saw the guy's "Oh, I was crawling really slowly!" post in that thread, and I'll just dump the logs. Bots that are pretending to be browsers are kill-on-sight anywhere with a competent sysadmin.
No more traffic arrives here from M247 ever again: it's been scrapers and pedophiles and dipshits. It would have gone the same way Mullvad and NordVPN went a long time ago, but two instances were using it to federate; one of them stopped and the other one's dead.
I run this shit so I can use it and I leave it open so other people can use it. If some series of scrapers wants to DDoS it, then I can't use it, so why the fuck am I paying the goddamn bill? gunmonkey.gif
@PunishedD@crunklord420@i@judgedread@mint I don't know, I scribbled that stupid Markov bot that scrapes timelines, and I had the goddamn sense to make sure that if you wanted to crank down the rate-limit, you had to tweak the code, and if you want the UA to impersonate a browser, you've got to add it. I didn't make the example config pretend to be Chrome so that it's *more* effort to make the bot behave than to make the bot lie.
@crunklord420@PunishedD@i@judgedread@mint Don't do that weak dodge bullshit, man, this is why I said things like "by default" and "anyone too stupid to run a compiler". You don't make something hostile by default unless you're trying to make the LOIC and if you're doing that, just call it the LOIC.