Indie-verse is currently hosted behind a Cloudflare proxy, which has saved the server a lot of traffic and helped protect against AI crawlers.
After some careful consideration I also enabled “Bot Fight Mode”, but only after making sure, I had working custom rules that skipped every security feature for federation related traffic. But it turns out, custom rules can’t skip Bot Fight Mode using a free plan, which I only found out today. This has left me with no choice, but to disable bot fight mode for now, and it will not be re-enabled while we are on the free plan.
Currently I don’t have the money to upgrade us, but it should not pose an issue, as there are other security measures against bots, that should prevent potential issues.
Thought I would let you know.
- ssnoer
PS: we also just got our very first donation. Thank you guys!
You must log in or # to comment.
Also, thanks to @BentiGorlich@infosec.pub for letting me know of the issue in the first place.
Thanks for looking into it :)
You might want to reach out to some admins of other instances about bot protection measures if you’re having any issues. As I understand it, db0’s bot protection has worked well.
I mean, I don’t know how much of an issue bots are going to be. There hasn’t really been any issues on indie-ver.se, but I will definitely keep this in mind. Thanks!
