On 2025-03-15, Kirill A Korinsky <kir...@korins.ky> wrote: > On Fri, 14 Mar 2025 23:33:45 +0100, > Nick Holland <n...@holland-consulting.net> wrote: >> >> As you may have noticed, cvsweb.openbsd.org has been having >> issues. This time, it is due to effectively a Distributed Denial of >> Service, though I don't actually believe it is /deliberately/ >> malicious. Speculation is someone is trying to feed a so-called AI >> application from cvsweb. While I admire the idea of training an AI >> from the work of some of the best programmers in the world, cvsweb >> is a perl script that writes a lot of temp files. The current >> system is many times the first cvsweb HW I set up many years ago, >> and won't even notice humans using it, when hundreds of simultaneous >> automated queries are happening, things get bad quickly. >> >> FOR NOW, I've stopped the ability of cvsweb to show diffs of file >> revisions. This is where both much of the abuse was happening, and >> also much of the load on the system came from. >> YES, that's horribly annoying, but you can still download any >> individual version of a file and you can still see the annotated >> output. I'll be thinking about a longer-term solution (which may >> also be "wait until they get bored and move on"). >> > > Sounds like Nginx as frontend with enabled cache should help.
Unlikely that a cache will help, there are a *lot* of revisions to show diffs of... However nginx would allow blocking user agents by regex (and also would avoid another problem that these sites run into from time..) -- Please keep replies on the mailing list.
