Indie-verse is currently hosted behind a Cloudflare proxy, which has saved the server a lot of traffic and helped protect against AI crawlers.
After some careful consideration I also enabled “Bot Fight Mode”, but only after making sure, I had working custom rules that skipped every security feature for federation related traffic. But it turns out, custom rules can’t skip Bot Fight Mode using a free plan, which I only found out today. This has left me with no choice, but to disable bot fight mode for now, and it will not be re-enabled while we are on the free plan.
Currently I don’t have the money to upgrade us, but it should not pose an issue, as there are other security measures against bots, that should prevent potential issues.
Thought I would let you know.
- ssnoer
PS: we also just got our very first donation. Thank you guys!
You might want to reach out to some admins of other instances about bot protection measures if you’re having any issues. As I understand it, db0’s bot protection has worked well.
I mean, I don’t know how much of an issue bots are going to be. There hasn’t really been any issues on indie-ver.se, but I will definitely keep this in mind. Thanks!
Also, thanks to @BentiGorlich@infosec.pub for letting me know of the issue in the first place.
Thanks for looking into it :)
