I know I said recently, several times, that PerlMonks was easily accessible after several attempts to fix it, and many honest thank yous to Corion and everyone involved. But it seems to me that as it is now, it has degraded since then. OTOH it is much much better than when the problem peaked (and my current post had no timeout unlike other recent posts). But still it times-out quite often. Perhaps it is what I said before that if indeed the problem is caused by (decentralised) bots then they will take all available space if it is given to them by these improvements. So perhaps this is what we see, bots upping up the tempo because they found extra harvesting-bandwidth which PerlMonks itself has given them.
I understand that Perlmonk's version of the Everything Engine is a big hurdle in changing the Perlmonks code, and that it is hard to harden it against DDoS. I've accidentally hidden a - hopefully simple - proposal to keep the unwanted, misbehaving bots away from the EE in Re^2: Taking advantage of E2 improvements.
It boils down to avoiding passing bot requests to the EE by becoming even more unfriendly to anonymous users than Perlmonks is now.
- Prevent all anonymous access to the Perlmonks code running on the EE, except for well-known, well-behaved bots (e.g. Google), right in the webserver, before any Perl code is executed. Require in the webserver that the request contains a valid login/session cookie, or comes from well-known IP addresses of well-behaved bots. In any other case, redirect to a static HTML document with a login form. Yes, this effectively locks out anonymous users. Put a hint on the login page to either create an account or use Google's cache.
- Add a new CGI/FastCGI/modperl/anything-non-EE program that can check username and password from the static login form against the database used by the EE. Have that program set the login/session cookie, compatible with EE, and redirect to the Monasty Gates on success. On error, redirect back to the static login page.
- Add a second static HTML document with a new user form, querying just username, password and email address.
- Add a second CGI/FastCGI/modperl/anything-non-EE program that can inject a new user into the EE database, set the login/session cookie, compatible with EE, and redirect to the Monasty Gates on success. On error, redirect back to the static create user page.
- Both programs may need some bot lock-out mechanism. Captcha, some client-side Javascript, IP-based rate limiting, whatever helps. And because this is outside the EE, changing the bot lock-out should be way easier than within the EE.
Again, I'm aware that this is not friendly to anonymous users. But if Perlmonks keeps being DDoS-ed by bots, it won't matter, because nobody will be here any more.
Alexander
--
Today I will gladly share my knowledge and experience, for there are no sweeter words than "I told you so". ;-)
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.