this post was submitted on 22 Jul 2023

2319 points (98.8% liked)

Lemmy.World Announcements

29079 readers

173 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world/

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to [email protected] e-mail.

Report contact

DM https://lemmy.world/u/lwreport
Email [email protected] (PGP Supported)

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Join the team

founded 2 years ago

MODERATORS

[email protected]

2319

Lemmy.world update: Downtime today / Cloudflare (lemmy.world)

submitted 1 year ago by [email protected] to c/[email protected]

439 comments fedilink hide all child comments

Today, like the past few days, we have had some downtime. Apparently some script kids are enjoying themselves by targeting our server (and others). Sorry for the inconvenience.

Most of these 'attacks' are targeted at the database, but some are more ddos-like and can be mitigated by using a CDN. Some other Lemmy servers are using Cloudflare, so we know that works. Therefore we have chosen Cloudflare as CDN / DDOS protection platform for now. We will look into other options, but we needed something to be implemented asap.

For the other attacks, we are using them to investigate and implement measures like rate limiting etc.

(page 4) 50 comments

sorted by: hot top controversial new old

[–] [email protected] 7 points 1 year ago (6 children)

Obviously cloudflares ddosing lemmy just to get some extra money

load more comments (6 replies)

[–] [email protected] 6 points 1 year ago (5 children)

How does cloudflare work? Do you install the private SSL certificate there and so cloudflare can see all traffic, including passwords, in plain text or is the path from browser through to your server still encrypted?

[–] [email protected] 4 points 1 year ago

Other posters are correct that cloudflare decrypts traffic. BUT it is highly unlikely that they will see your password in plaintext, since it is best practice to hash the password first on the front-end.

load more comments (4 replies)

[–] [email protected] 6 points 1 year ago (6 children)

You should change the public IP of the server if you haven't already

load more comments (6 replies)

[–] [email protected] 6 points 1 year ago

Thank you❤️❤️

[–] [email protected] 6 points 1 year ago (1 children)

Do you run a reverse proxy infront? Eg. nginx is pretty performant at dropping unwanted traffic.

load more comments (1 replies)

[–] [email protected] 6 points 1 year ago

Any news? I'm still seeing empty pages sometimes (db errors I think), s6 wonder if the kiddies are somehow getting through despite cloudflare.

[–] [email protected] 6 points 1 year ago

Also when will CloudFlare drop lemmy as a 'Nazi' site?

[–] [email protected] 5 points 1 year ago (6 children)

Cloudflare makes the website feel dirty, but it'll protect the site until a better option is found.

load more comments (6 replies)

[–] [email protected] 5 points 1 year ago

It's been feeling sluggish all day long as well. I've been trying to post from my phone and PC, and it seems it's really slow from time to time.

load more comments