I just had to put my small hobby OS development site behind cloudflare after 23 years without a CDN. Between occasional ip bans, mod_evasive, rate limiting, user agent blocks, etc I've been self hosting on a single box without much problem until last week.
We went from hundreds of thousands of requests per day to 5 million per day. Traffic was web scraping bots based on the obscure URLs. The URLs were valid (mediawiki history links, etc) and not attempts to hack the site. Banning IPs did not help, the traffic would move to new subnets. Mostly IPv4, some IPv6. The user agent was popular Chrome agent strings so I'm guessing it was masked puppeteer.
It was a DDoS in practice but I get the feeling it's an immature web crawler.
I think people are likely building a new generation of crawlers to feed LLMs as fast as possible.
The caching aspect of Cloudflare helped a lot. Putting specific url patterns behind Cloudflares dynamic JavaScript challenge also helped. It was surprisingly easy to setup.
And I know what some of you will say, Cloudflare is bad. I've personally been annoyed with them for making specific sites more difficult to use while on VPN. But it's not a hard choice when it's either taking your site offline or using their free tier offering.
I feel your pain, recently had something similar happen that forced a website I run behind cloudflare, there isn't much you can do when you get millions of requests in a day from tens of thousands of US IPv4 addresses that are on the residential networks you see non-malicious traffic from.
One thing that got me was seeing some of the malicious traffic originate from the same /24 as I use at home. Whatever botnet was being used certainly has good penetration of residential ISPs in the US!
My girlfriend bought some Chinese WiFi plugs from Amazon to use with Alexa. I wonder how many of these devices are doing this from time to time. Amazon has tons of generic devices that connect to your WiFi network
Autodesk maybe, but Adobe? I don't see anything on their product portfolio like Blender. Substance Painter maybe? But when it comes to ease of use and feature completeness, texture painting in Blender is a very rudimentary tool.
At any rate, taking down the Blender website wouldn't help them I don't think.
Maybe they got an answer at the forums they didn't like? Some political viewpoint expressed somewhere they didn't like? "For teh lulz"? Who knows. Cunts will do cunt things on account of being a cunt. Often things are complex, nuanced, multi-faceted, and hard to understand. Sometimes they're not and it's almost shockingly simple.
What's the context on this? Because what shows up in a quick search is from March[1], so this seems rather ... late? I see no particular reason/timing why it should be about that.
The Krita plugin + some AI animation of some anime pushed some artists communities over the edge.
You probably won't see it on the public Internet but discord, twitter, art subreddits, etc
Maybe them real artists are angry you can nowadays tell the computer how shiny something is and where to put the light and it will do all the rendering for you?
> After four days of fending off the attacks, the team decided to move the core of our website to a secure service that provides DDoS protection (such as CloudFlare). This means that www.blender.org is back!
Readit News
We went from hundreds of thousands of requests per day to 5 million per day. Traffic was web scraping bots based on the obscure URLs. The URLs were valid (mediawiki history links, etc) and not attempts to hack the site. Banning IPs did not help, the traffic would move to new subnets. Mostly IPv4, some IPv6. The user agent was popular Chrome agent strings so I'm guessing it was masked puppeteer.
It was a DDoS in practice but I get the feeling it's an immature web crawler.
I think people are likely building a new generation of crawlers to feed LLMs as fast as possible.
The caching aspect of Cloudflare helped a lot. Putting specific url patterns behind Cloudflares dynamic JavaScript challenge also helped. It was surprisingly easy to setup.
And I know what some of you will say, Cloudflare is bad. I've personally been annoyed with them for making specific sites more difficult to use while on VPN. But it's not a hard choice when it's either taking your site offline or using their free tier offering.
One thing that got me was seeing some of the malicious traffic originate from the same /24 as I use at home. Whatever botnet was being used certainly has good penetration of residential ISPs in the US!
At any rate, taking down the Blender website wouldn't help them I don't think.
Worth refraining for using it.
https://en.m.wikipedia.org/wiki/Cunt
[1]: https://www.theverge.com/2023/3/3/23623473/blender-stable-di...
They litterally did that :)
And that can be controlled by your site's security level. Highest settings will show the JS page to all vistors, medium only shows it to likely bots.
https://blog.cloudflare.com/end-cloudflare-captcha/
Deleted Comment
"Under Pressure" by Queen.