We may have to make this place login-required temporarily. please read

Sorry about the shitty subject, but it’s an unfortunate reality.

Recently I receicved an email from someone claiming to be a “concerned user” of NaNoWrimo who has been threatening to out everyone whose accounts he can identify here on there because apparently me calling a NaNoWriMo staff. member out on their shitty treatment of their moderators didn’t go over very well.

Actually that’s putting it mildly as I have some very strong reasons to believe that the staff memember in question is in fact a member here based on an email I got that referenced something that was only eery mentioned in a section that is locked to membership required.

There is now an excessive amount of traffic being blocked by the front-end nginx reverse proxy. server. It’s the point that we are going to excessed our bandwidth limit for May at the rate things are going.

That said, I’m not a fan of the idea of locking this place down to require logins, but I will do that if necessary. However I’d much rathter find an alternative if at all possible.


Also, since we are definitely going to exceed the bandwidth limit this month, any donations would be appreciated although we’re not at point where it’s actually necessary right now. If things stay consitent I’ll be able to cover the overage without too much of a dent to my finances. :slight_smile:

If seeing this as a banner, click me to go to the actual topic

If i got such an email i’d make it client side ssl required, so go for it

1 Like

That’s why their script is dying at the reverse proxy right now. It’s requiring client certificates for any user agent that isn’t whitelisted and is coming from any IP owned by OVH and Digital Ocean as those are the services hosting the VPSes running the bots.

What if logins had to go through Cloudflare or a 3rd party DNS so it isn’t adding bandwidth usage to the host?

1 Like

Yeah, I know some of the people who work for cloudflare and that’s enough to ensure I’d never trust them.

Okay. Just an FYI. I just did thye math and it looks like we’re looking at about a $50 overage charge right now due to the morons with the bots.

At this point, it’ll actually save some money if I just have Vultr activate their firewall service on this VPS…

Plus side: i can actually automate some of the work with controlling the situation using fail2ban to use their API to add and remove rules dynamically to try and minimize the imparct.

Minus side: Definitely going to have to figure a more long term solution.

1 Like