DDOS Attacks / AI botfarm overload

[davefiddes]

Glad to see you deployed Anubis. It's made the forum and wiki so much snappier than any time I can remember. Thanks!

It's an arms race. I hope the bad guys take a long time to find a way round.

[johu]

Yeah I hope so too!

Also the spam via the shops inquiry form has magically stopped as well

Unfortunately kevpatts is no longer able to log in no matter which browser he tries:

[Bigpie]

Yeah I hope so too!

Also the spam via the shops inquiry form has magically stopped as well

Unfortunately kevpatts is no longer able to log in no matter which browser he tries:
image.png

I've been contacted by someone else having this issue too, it's only once logged in, at least in their case.

[johu]

Maybe this? https://www.phpbb.com/community/viewtopic.php?t=2629811

The forum is actually running on localhost now and is proxied to the outside world with nginx reverse proxy

[tom91]

Something weird is reported https://www.diyelectriccar.com/threads/ ... st-1134893

Possibly related to the changes made

[dcaawdiz]

Lets see if there are adverse effects, i.e. TOR users no longer able to access the site or so

EDIT: tested. Still works over Tor

I registered here to just say thanks for taking care tor not block the free internet.
Its great to see using Anubis instead of something centralized and closed source like Cloud-flare.

[johu]

Very welcome!
In case you have trouble logging in try going via https://openinverter.org:8444/forum/

[davefiddes]

I'm seeing a lot of long delays on email thread notifications. The problem seems to be coincident with the DDOS mitigation changes. The delay is something like 17.5 hours. Most emails seem to come through eventually.

My reading of the headers is that the delay is entirely within the openinverter server and don't relate to delivery:

Code: Select all

...
Authentication-Results: mailhub-cam-d.mythic-beasts.com;
	spf=pass smtp.mailfrom=masterle.net;
	dkim=pass header.d=johanneshuebner.com header.s=20210203-johanneshuebner.com header.a=rsa-sha256
Received: from [2a01:4f8:121:3a7::2] (port=36939 helo=zdw.masterle.net)
	by mailhub-cam-d.mythic-beasts.com with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <www-data@masterle.net>)
	id 1ujF1h-002PbB-0M
	for d.j@fiddes.net;
	Tue, 05 Aug 2025 11:36:13 +0100
Received: from localhost (localhost [127.0.0.1])
	by zdw.masterle.net (Postfix) with ESMTP id 8A9AA8429F4
	for <d.j@fiddes.net>; Tue,  5 Aug 2025 12:36:12 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at masterle.net
Received: from zdw.masterle.net ([127.0.0.1])
	by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id wG2m9eFg6GSs for <d.j@fiddes.net>;
	Tue,  5 Aug 2025 12:36:11 +0200 (CEST)
Received: by zdw.masterle.net (Postfix, from userid 33)
	id 052E9842C5B; Tue,  5 Aug 2025 12:36:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=johanneshuebner.com;
	s=20210203-johanneshuebner.com; t=1754390168;
	bh=2zQjArAj9BE31DDeZGSY044D7HyFOAg2zjWriaYS+FQ=;
	h=To:Subject:From:Reply-To:Date:List-Unsubscribe:From;
	b=ECGWPaxIY6HSTA9qmJIuv1qyjh7BxpOTYWZ7ZDTuHMLO8AKcAwoIITNNNFo/qTb2B
	 qghIBL31GwRoXVorqSG2ovwAlqNmoF5jRV+CrGu3F7SmHqJVdhts+Xv3iYaHOZ6N34
	 fXPGdYnsAEHFXc1Plu8pE6UhLKlsMCuPwJ5Srwf3nSOFLGVT0eb9TCI6nZUpiYvexi
	 nblWTVTphJMkTZdEvhFatQn7oyfVRRkZ7FQEUCshuX/9QxDZZlY1GFBkuFMxsyUSAh
	 ukD61I9w8EUwqBMVdIlsqL0l/xS2MUSDtDtwbIeqjk6BucuiaW3s7s3ft4nlBNxdVo
	 2dfc+q47OgWGg==
To: =?US-ASCII?Q?davefiddes?= <d.j@fiddes.net>
Subject: =?US-ASCII?Q?Reply=20in=20=22Tesla=20Model=203=20Rear=20Dr?= =?US-ASCII?Q?ive=20Unit=20Hacking=22?=
From: <dev@johanneshuebner.com>
Reply-To: <dev@johanneshuebner.com>
Sender: <dev@johanneshuebner.com>
MIME-Version: 1.0
Message-ID: <faf908935f2b103c2316bfb3285ca433@openinverter.org>
Date: Mon, 04 Aug 2025 19:08:41 +0200
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: phpBB3
X-MimeOLE: phpBB3
X-phpBB-Origin: phpbb://openinverter.org/forum
List-Unsubscribe: <https://openinverter.org/forum/viewtopic.php?uid=1275&t=575&unwatch=topic>
...

[JaniK2]

I was trying to log in this summer for few time and it didn't work, it just went to error page saying: tried to redirect to unsecure url?

I tried at work pc that i have never used to visit openinverter.org and same error.

Made a new account. Worked first time.

Maybe I havent logged in during 2025 and got disabled.

My account has been going to this page for some time, and now I made new account and it just works.

Yeah I hope so too!

Also the spam via the shops inquiry form has magically stopped as well

Unfortunately kevpatts is no longer able to log in no matter which browser he tries:

image.png

[johu]

Yes I did prune accounts that never posted and weren't active in 2025.
Others had the login issue as well, I set up and unproxied instance at https://openinverter.org:8444/forum/
When having trouble it's worthwhile to log in there then go back to the standard URL

[JaniK]

Yes I did prune accounts that never posted and weren't active in 2025.
Others had the login issue as well, I set up and unproxied instance at https://openinverter.org:8443/forum/
When having trouble it's worthwhile to log in there then go back to the standard URL

This actually worked! How did I miss that.

Thanks Johu

[rsiddall3576]

Just realized I stopped getting updates from the forum's RSS feed on July 15. I get a 404 error from Nginx on app.php/feed, but it works on port 8443. I had to use port 8443 to log in. Updated my feed reader to use port 8443.

[johu]

Just realized I stopped getting updates from the forum's RSS feed on July 15. I get a 404 error from Nginx on app.php/feed, but it works on port 8443. I had to use port 8443 to log in. Updated my feed reader to use port 8443.

That and other issues with app.php should now be fixed

[skr]

Seems to be working

[johu]

I have changed the "emergency port" to 8444 as I got too much traffic again. Please DO NOT use this for anything productive such as:

Just realized I stopped getting updates from the forum's RSS feed on July 15. I get a 404 error from Nginx on app.php/feed, but it works on port 8443. I had to use port 8443 to log in. Updated my feed reader to use port 8443.

Only log in there once, then change back to the regular site!

[MattsAwesomeStuff]

Johannes - A few people having trouble logging in here, probably who haven't logged in in a while:

https://www.diyelectriccar.com/posts/1137185/

Also, umm, probably 6 or 7 years too late, but, expect the remainder of community that transfered here from DIY EC back when you founded the forums to make that transition in the next while. The corporate masters decided to start forcing AI spambots to "simulate human interaction", give fake "likes" and flag posts as "helpful", etc. This in addition to automatically mis-labeled all pictures with AI-analyzed alt tags. In a bit of theatrics, I said if they were being forced on us, they'd be forcing our hand too and they could run the forums themselves. Their answer was to pull my admin powers (I'm the last active admin) and double down on the AI. Aside from 1 odd duck, the rest of the community seems ready to walk away. It's been overdue a long time, I stuck around for years hoping I could eventually shame them into restoring the backup of the old Garage and lost posts, but they admitted it had been deleted.

[johu]

Yeah I still get regular emails where people have trouble logging in and can't even read the solution here. But we need this firewall to avoid bots overloading the server. None of the logdata I have been sent so far (thanks btw) really revealed the root cause.

Today I got the first email where someone could log in on their phone but not on the laptop. So it's not tied to the username or country.

As tried before it is also not down to Anubis itself but caused by the reverse proxy structure needed by Anubis. Even with Anubis taken out the issue persists.

[MattsAwesomeStuff]

Yeah I still get regular emails where people have trouble logging in and can't even read the solution here. But we need this firewall to avoid bots overloading the server. None of the logdata I have been sent so far (thanks btw) really revealed the root cause.

Dumb it down for me, is there a specific solution for people to try, or is this still an actively troubleshooted thing and we don't know why? If it's being troubleshot, what procedure can I give people to follow that will be helpful to you?

And/or post on that thread on DIY EC yourself if you'd like, as I'm likely to distort the information.

[johu]

Check the opening post of this thread
Currently on my phone, hope that helps

[johu]

If it's being troubleshot, what procedure can I give people to follow that will be helpful to you?

Before trying the 8444 workaround people could document what they
- can they access the wiki? openinverter.org/wiki
- can they access the shop? openinverter.org/shop
- can they access a direct link to a topic? e.g. https://openinverter.org/forum/viewtopic.php?t=6368

I have played with some server settings but since I can't reproduce the problem I can't check if I improved it. Also installed some extensions specifically targeting reverse proxies but one did nothing at all and the other crashed the board.

[eee291]

I had this issue a few weeks ago and yes to the first two and no to the last one if I had the cookies from when tried to log in. When I cleared cookies I could view posts. But as soon as I wanted to log in every post was just a blank page. Wiki and shop were visible.