Make forum registered user access only

[tiedinbluetights]

I'd like to suggest that it has become imperative, for the survival of this forum, to make it accessible only to registered users. The increase in dubious or nefarious crawler bots that outright and deliberately ignore Robots.txt files, as well as other types of SQL infiltration attacks, are most likely responsible for the huge increase in SQL errors we are getting while even trying to login, let alone click on a link.

I understand that it will make it impossible to search the forum using Google or other external search engines, and the SEO score of the forum will become zero, but that is a small price to pay, IHMO, to keep the forum accessible to those of us who post and comment regularly.

Allowing non-registered users to have full browsing access is fast making the forum unusable, and I fear it will kill it completely.

Just my two cents.

ADDED:
I realize that many of us discovered this site through its content being available to non-registered users. Perhaps then, make only the first pages of each thread, if possible, say only the latest 25 posts in each thread available? I must admit I have no clue how to mitigate the SQL errors that block logins and even guest browsing.

[Xtc]

@chadmc90, @Johnsnow

Any ideas? We need to do something urgently.

[Lara]

Maybe there could be a small guest area with a few hand-picked stories, so new users still find the forum and get a preview, while all the rest is invisible to unregistered users.

Are images stored in the database itself? Maybe those are a problem and access to images can be forbidden for unregistered users. I've seen that in many forums, so this seems to be a commonly available feature and maybe this forum software supports such a thing too.

[AlexUSA3]

I am having to today refresh each and every page 10-25 times before it will load properly.

It is becoming an extreme security concern because I was trying to add someone to my foes list so I could filter all of their PM's straight to deletion, and I got an ajax error. I had to click "add foe" over 40 times before the dialogue box finally showed, and then I promptly get another ajax error.

[Spinario]

Was the site down for a couple days, or was it just me?

[AlexUSA3]

Was the site down for a couple days, or was it just me?

It was down for over 24 hours.

[Bigballgag1]

Was the site down for a couple days, or was it just me?

It was down for over 24 hours.

Same for me too!

[takeru]

I'm curious what actually happened the last two days. Was it just a terrible increase in bots? Or was it denial of service attack? Or something else?

I think I'll let admins celebrate the New Year and then make the announcements about whatever happened. It's still great they took out the time to fix it even at the end of year. Thank you @admins!

[bondagefreak]

I think I'll let admins celebrate the New Year and then make the announcements about whatever happened. It's still great they took out the time to fix it even at the end of year.

That admins don't make such announcements. Furthermore, they haven't logged on in several weeks. The issue hasn't been fixed. The number of crawler bots will once again be back in the hundreds by this time tomorrow and the forum will be down again in no time.

[takeru]

I think I'll let admins celebrate the New Year and then make the announcements about whatever happened. It's still great they took out the time to fix it even at the end of year.

That admins don't make such announcements. Furthermore, they haven't logged on in several weeks. The issue hasn't been fixed. The number of crawler bots will once again be back in the hundreds by this time tomorrow and the forum will be down again in no time.

Oh, that's unfortunate . I hope they look into it soon.

As for the topic of this thread:

I think unregistered users should still have full access to this forum. However, the number of unregistered users that can browse the forum at any time may be restricted. (Edit) On another thought, restricting the forum access so unregistered users can view only a part of it, without actually restricting the number of unregistered users, that'd actually be no good. Even with a singoe page access, unregistered users can overwhelm the forum if their numbers are in hundreds or thousands. Even as I write this, there are 7 registered users, and 109 unregistered users !

But, the login (and register?) pages still need to be accessible without restrictions. Additionally, perhaps, a captcha (or even a TUG style captcha XD) can be added to login/register pages to prevent bots from using these pages. If the server load prevents registered users themselves from using the forum, then a high capacity server may have to be used - hopefully the community has enough financial resources to support this.

[bondagefreak]

Oh, that's unfortunate . I hope they look into it soon.

Apologies. My earlier message comes off as a bit pessimistic. I'm sure Chad will be able to fix this issue soon. I just didn't want you guys to celebrate, thinking that it had already been resolved. Expect some more downtime in the coming days.

[Whitestorm]

The question is, do they need help ? I’m down to host the website, manage it and then some if needed.

[tiedinbluetights]

You were right @bondagefreak, the site was down again yesterday and probably will be again in a few hours as soon as the bots return.

@Whitestorm : That's a generous offer, and I'd be curious how you would stop and then prevent all the bots that are scraping the stories on this site to train generative AIs from returning.

Sad truth: even making this site registered user access only will not prevent bot accounts from being registered, or even if user accounts themselves are limited in number of active connections, then having some nefarious actor create thousands of bot accounts.

This forum is literally purely voluntarily maintained, and it would require a full-time tech position (paid) expensive 3rd party solutions to keep this forum accessible and free of constant onslaught of bots feeding generative AIs.

And for the A--HOLES behind those bots (because it is always humans at the helms), well, site rules prevent me for writing what should happen to them.

[blackbound]

I believe adding Cloudflare protection would be a first step towards stopping DDOS attacks.

[Xtc]

Hi @Whitestorm
Have you tried emailing @chadmc90 with your offer. He might not want to hand over complete control of the site but MIGHT be grateful for any assistance.

[Whitestorm]

Hi @Whitestorm
Have you tried emailing @chadmc90 with your offer. He might not want to hand over complete control of the site but MIGHT be grateful for any assistance.

I have not but will. I don't plan on a "hostile" takeover, far from it. I'd love to help any way I can and I'm sure other would as well.
I'll email chad tonight !

[Xtc]

Thanks, @Whitestorm

[takeru]

@tiedinbluetights, won't (strong enough) captchas on login/register page not help to prevent bot logins?

[tiedinbluetights]

@tiedinbluetights, won't (strong enough) captchas on login/register page not help to prevent bot logins?

There seems to be a good momentum going of volunteers who would like to assist @chadmc90 (thanks @Whitestorm !). The issue with 'strong' captchas, I fear, is that they will annoy human users more, especially if the site gets crawled by bots hundreds of times a second or more.

I didn't mean to come across as too pessimistic earlier. I am confident that the admins and their team of willing volunteers will come up with viable solutions; we common mortals just need to be patient.

[takeru]

I see, yeah, captchas can be annoying, at least if they are not well-designed.

Yup, hoping this gets resolved soon!

[Xtc]

I have e-mailed @chadmc90 with regard to updating the Admin Team.
We need to do it and I would like to pull back somewhat for family reasons. We need competent Technical Admins to support @chadmc90 and not a septuagenarian who left tech behind in 1983 (Christ, that was 40 years ago!) when he had to be competent in machine code!

[Whitestorm]

Again, I don’t plan on replacing anyone ^^

Captchas will not be possible IMHO as this will be considered as a porn website. There are options to stop bot creation, as Cloudflare, and others I’m sure.

[chadmc90]

Hi all,

I apologize for not addressing the issues with the site in a timely manner. Between work obligations and holiday travel, I have not had the time to address the issues.

I did some investigation and there are two prevelant issues that are affecting the website:

1. Bot crawlers, as was mentioned. Hundreds of bot crawlers seems to be accessing the website ATM. I did a wave of IP bans a while back to address the issue before, but they seem to have changed IP ranges. I will place another wave ban once I get back from my travels (which should be Monday).

2. Out Hosting Provider. The reason why this website has been having complete outages is because our hosting provider, GoDaddy, suspended services intentionally for what seems like 24 hour increments due to the "excessive use" of resources, likely caused by the bots constantly scanning pages and causing our traffic to rise exponentially. They do that in the hopes of convincing me to upgrade the hosing package to make more money. (The next tier is 25 dollars more than currently). For a while I have considered a new host, but I am not sure what would be a more suitable host for us would be.


Once I am back home and have access to my computer, I will sit down and figure out a solution.

[Whitestorm]

Dear @chadmc90, if I may, do we need a website hosted in the US ? I have a few ideas of web hosts that could be adequate.

For instance, IMO we could save money by using free certificates such as Let's Encrypt.

We could also leave web hosting that provide turnkey solutions (SaaS) and basically rent a small virtual server for our needs. Perhaps that would be less expensive, I don't know. It may require more maintenance in the long term.

Anyway, I wish you a happy end of holidays everything can wait.

[takeru]

Wherever we go, and whichever tier we use, I guess the main issue is we want to prevent or minimize bots from overloading the website. For this, as @blackbound suggested, Cloudflare seems like the best bet: https://www.cloudflare.com/application- ... anagement/

There are also some steps to set it up for GoDaddy: https://blog.softbinator.com/set-up-clo ... y-domains/