Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Is Cloudflare making LET unusable today?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Is Cloudflare making LET unusable today?

Today it seems that if I don't open a new LET page and just spend a few minutes reading the current page Cloudflare checks my browser for some seconds before allowing me to continue to the next page, for follow another LET link.

What is the problem here?

There seemed to be some kind of DOS on LET earlier this evening, but this is getting ridiculous.

Comments

  • jarjar Patron Provider, Top Host, Veteran

    Someone puts a book shelf behind a door. Another guy walks up to the door, jiggles the handle, turns it, pushes the door. The door won’t open. “An obvious conclusion,” he says, “the door is not functioning properly.”

  • @rchurch said:
    Today it seems that if I don't open a new LET page and just spend a few minutes reading the current page Cloudflare checks my browser for some seconds before allowing me to continue to the next page, for follow another LET link.

    What is the problem here?

    There seemed to be some kind of DOS on LET earlier this evening, but this is getting ridiculous.

    Kind of, apparently @LEBAdmin still has some really restrictive rules in place, which make browsing almost impossible on here. At least we aren't getting banned after every click due to rate limiting.

  • darbdarb Member
    edited March 2021

    I am browsing the site just fine on a coloncleansing IP address, so maybe you have been up to some bad things on the internet.

  • yoursunnyyoursunny Member, IPv6 Advocate

    HTTP/2 402 "push-ups required"

    Please do push-ups in front of the browser and you will be granted access.

  • it's working fine for me.

  • It's horrible today. Try posting something longish, and see it disappear because in the middle of typing it, CF decides to perform its magic and redirects you to an error page.

    Thanked by 1rchurch
  • That's annoying but at least everything is working ATM.

  • @yoursunny said: Please do push-ups in front of the browser and you will be granted access.

    Well, given that SubtleCrypto and ES6 generators have been implemented in browsers for quite a while now, LET could use a proof of work scheme to make the browser do "push-ups" before accessing the website.

  • TimboJonesTimboJones Member
    edited March 2021

    @stevewatson301 said:

    @yoursunny said: Please do push-ups in front of the browser and you will be granted access.

    Well, given that SubtleCrypto and ES6 generators have been implemented in browsers for quite a while now, LET could use a proof of work scheme to make the browser do "push-ups" before accessing the website.

    Don't give them ideas.

    Edit: Oh wait, you mean the browser do the pushup and not me. That's fine, carry on.

    Thanked by 1SpartanHost
  • LeviLevi Member

    LET is working perfectly fine. Few checks and yoy are good to go. No slowness, errors or whatever.

  • @TimboJones said: Don't give them ideas.

    Edit: Oh wait, you mean the browser do the pushup and not me. That's fine, carry on.

    To clarify: it's a way of having the requesting client do some expensive work before allowing access to a resource (posting a comment/allowing access to a webpage and so on.)

    By having the client perform some work (hence the "proof-of-work"), the attacker has to spend additional resources to buy servers to do this work for them, thereby raising the costs for an attack. For normal users who only request a few pages at a time, there is minimal inconvenience.

    Thanked by 1TimboJones
  • @stevewatson301 said:

    @TimboJones said: Don't give them ideas.

    Edit: Oh wait, you mean the browser do the pushup and not me. That's fine, carry on.

    To clarify: it's a way of having the requesting client do some expensive work before allowing access to a resource (posting a comment/allowing access to a webpage and so on.)

    By having the client perform some work (hence the "proof-of-work"), the attacker has to spend additional resources to buy servers to do this work for them, thereby raising the costs for an attack. For normal users who only request a few pages at a time, there is minimal inconvenience.

    Why wouldn't the botnet (infected users worldwide, not rented servers) just do the work and spare buying extra servers? The proof can't be so taxing to kill the experience for actual users. It would slow it down, though, as a rate limiter.

  • yoursunnyyoursunny Member, IPv6 Advocate

    @TimboJones said:

    @stevewatson301 said:

    @yoursunny said: Please do push-ups in front of the browser and you will be granted access.

    Well, given that SubtleCrypto and ES6 generators have been implemented in browsers for quite a while now, LET could use a proof of work scheme to make the browser do "push-ups" before accessing the website.

    Don't give them ideas.

    Edit: Oh wait, you mean the browser do the pushup and not me. That's fine, carry on.

    No, the user must do the push-ups, not the browser / user-agent.

  • @yoursunny said:

    @TimboJones said:

    @stevewatson301 said:

    @yoursunny said: Please do push-ups in front of the browser and you will be granted access.

    Well, given that SubtleCrypto and ES6 generators have been implemented in browsers for quite a while now, LET could use a proof of work scheme to make the browser do "push-ups" before accessing the website.

    Don't give them ideas.

    Edit: Oh wait, you mean the browser do the pushup and not me. That's fine, carry on.

    No, the user must do the push-ups, not the browser / user-agent.

    It should be an mjj who performs the pushups

  • jsgjsg Member, Resident Benchmarker

    @yoursunny said:
    No, the user must do the push-ups, not the browser / user-agent.

    Sad, really sad. Thanks to your push-ups meme love you basically turn against an indeed interesting and useful scheme.

    In professional circles the scheme is (somewhat mis-)named "server relieve". It's based on a server "outsourcing" some work to the client but sometimes it's also used like this: server hands out some known to be expensive task like hashing a pseudo random number a couple of thousand times and does its job (e.g. serving a page) only after the client offers a correct response. This form is increasingly called something like "proof of interest". The basic idea behind it in both cases is to change the load to an asymmetry advantageous for the server which serves well to protect the server from different forms of attacks and abuse.

  • @jsg said:

    @yoursunny said:
    No, the user must do the push-ups, not the browser / user-agent.

    Sad, really sad. Thanks to your push-ups meme love you basically turn against an indeed interesting and useful scheme.

    From what I see @yoursunny's pushups meme is a way to get people on his named data networking experiment servers and collect network latency data.

    Thanked by 2yoursunny jsg
  • TejyTejy Member

    Hey @LEBAdmin, I can no longer access to LET from my residential IPv4.
    Is there any way to whitelist me? I'm forced to use a VPN to access to LET...
    Is there anyone in the same situation? :(

  • maybe the china hacker is targeting here ?

Sign In or Register to comment.