Comment on old.lemmy.world no longer works without javascript, defeating its purpose
MrKaplan@lemmy.world 2 weeks ago
if you set a cookie with the name jwt it’ll bypass the challenge. this is currently needed due to ddos by criminal ai crawler operators
lemmyartistforhire@lemmy.world 2 weeks ago
Will javascript or this cookie be needed forever now?
MrKaplan@lemmy.world 2 weeks ago
we’ll have to see. when you’re logged in you’ll have that cookie anyway.
due to the structure of the page it’s a very attractive crawler target for those that don’t care about robots.txt and pretend they’re real browsers. they’re hitting it from a range of different countries that even our initial attempts of limiting the challenge to certain countries was not useful.
even after implementing this challenge we’re still getting lots of requests on this domain that all fail the challenge, 42k challenges issued within the last 24h and only 371 (0.89%) solved.
Image
mlmym also doesn’t seem to be that efficient with its api call usage per page load, so it would likely also need some investigation there if that can be optimized to reduce the server load from mlmym pages compared to other clients.
criminal ai crawler operators are killing the (public) js-free web.
lemmyartistforhire@lemmy.world 2 weeks ago
Thank you for your in depth explanation.
Would you say the old “mlmym” design is more attractive than the new design?
I don’t have the historical comparison to fully understand the chart. Are you saying most of the blue requests are bots? Can you estimate how much it would cost to serve all the bot requests, and enable js-free old.lemmy.world? How much a prestige old web tax would be?
MrKaplan@lemmy.world 2 weeks ago
anything that is plain html and doesn’t need js is more attractive for crawlers than things that aren’t plain html.
this doesn’t provide much historical context, it’s just for the last 7 days
one way or another, yes. we definitely don’t have that many legitimate users trying to access it and then stopping when they get a cloudflare challenge.
currently no. this was a quick fix implemented when it got to the point that we couldn’t handle the traffic anymore and lemmy.world was getting outages from the load caused by these criminals. the amount of crawler traffic we see also gets spikes here and there, so what might be enough today might not be enough tomorrow. they just don’t care about anything but themselves.