Every time I try to access this community, ther’s some kind of problem with the server. If you have a look at the status page, it’s almost all orange/red. The problem aren’t DDoS attack since the server is behind Cloudflare protection. Admin/mods, why don’t you move this community to a different server instance? I’m not accusing anybody, I know that maintain a server can be a challenging sometimes, I just want to enjoy this community!

Please!

@Loki

      • xebix@lemmy.srv0.lol
        link
        fedilink
        English
        arrow-up
        7
        ·
        1 year ago

        They explained that the attacks are in the form of requests that tax the database server, not the website itself.

        • peregus@lemmy.worldOP
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          9
          ·
          1 year ago

          The database can’t be accessed directly, all the requests needs to be done from the website or API.

          • xebix@lemmy.srv0.lol
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 year ago

            Right, but it’s possible to execute those API requests to trigger those expensive database requests in a way that wouldn’t necessarily trigger cloudflare’s DDoS protection.

      • gabriele97@lemmy.g97.top
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yep Cloudflare protects against classic DDoS (like many clients doing a lot of small requests). Here attacks are performed presumibly by users that know very well how the Lemmy’s backend works and where bottlenecks are, so that with a small number of well made requests they are able to mess up the backend and Cloudflare doesn’t notice it

      • dditty@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        Cloudflare DDos protection isn’t a silver bullet; the attacks are distributed and come from shifting source IPs, and are sophisticated in that they exploit resource intensive queries specifically designed to overload a Lemmy instance. If lemmy.world were to pivot to some other instance, who’s to say the culprits wouldn’t just resume their efforts pointed at the new location? There are theories these may be carried out by the recently-defederated fringe hate communities

      • habitualTartare@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        1 year ago

        Cloudflare has DDoS protection but it can’t stop everything 100% of the time. According to the admins, the attackers are very familiar with how lemmy works and are using this knowledge to overwhelm resources. This isn’t just a simple script kiddy or bonnet for hire but likely points to someone that has worked within the lemmy community.

        https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/

        https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/