Bot check on connect

JMichael · Post by **JMichael** » May 18th, 2025, 7:39 pm

When I came to the site today I got an infuriating "Hold on a minute while I check to make sure you're not a Bot".

I don't see Cloudflare mentioned in the URL. (Cloudflare is where I usually encounter the "Please wait while we check the security of your connection", which I consider equally idiotic, and cause for me to find another web site to visit.)

Is this a new addition to the forum web site? Is it a choice of you web host?

Post by **Pentarctagon** » May 18th, 2025, 7:47 pm

We've been getting effectively DDoSed recently by what look like AI scraper bots, so we're trying the Anubis software to mitigate it.

Spannerbag · Post by **Spannerbag** » May 19th, 2025, 9:23 am

Pentarctagon wrote: ↑May 18th, 2025, 7:47 pm We've been getting effectively DDoSed recently by what look like AI scraper bots, so we're trying the Anubis software to mitigate it.

Ah, that explains recent forum server slowness!
Sorry to hear that, FWIW I had an anxious few minutes when I was bot tested, found wanting and banned:

You have been banned from this board until May 26th, 2025, 7:36 am.

Please contact the Board Administrator for more information.

Reason given for ban: IP address used for spamming

A ban has been issued on your IP address.

So I rebooted, obtained a different dynamic public IP and everything worked fine.

Trouble is, the bots might do the same...

However prior to rebooting I did try to email the web address for Board Administrator (forums@wesnoth.org) and this was bounced twice, both times message was:

Address not found
Your message wasn't delivered to forums@wesnoth.org because the address couldn't be found or is unable to receive email.

The response from the remote server was:
550 Unroutable address

Only emailed using the old (banned) public ip address.
If I'm banned again, is there any information from me that would help?

Good luck with Anubis.

Cheers,
-- Spannerbag

Post by **Ravana** » May 19th, 2025, 9:40 am

I accidentally banned anubis, not the spammer. So everyone was banned.

gnombat · Post by **gnombat** » May 19th, 2025, 9:51 pm

Note that forums.wesnoth.org, units.wesnoth.org, addons.wesnoth.org, and wiki.wesnoth.org all load resources (.css files, .js files, etc.) from www.wesnoth.org.

It seems that if you visit one of those subdomains without first visiting www.wesnoth.org, you end up with a semi-broken page because it fails to load resources from www.wesnoth.org (presumably because you are missing some required Anubis cookie for www.wesnoth.org).

Post by **loonycyborg** » May 19th, 2025, 10:43 pm

Is it possible to make them load resources from matching domains?

gnombat · Post by **gnombat** » May 19th, 2025, 11:31 pm

loonycyborg wrote: ↑May 19th, 2025, 10:43 pm Is it possible to make them load resources from matching domains?

That's one way to fix the issue.

Alternatively, you could serve resources from a subdomain like files.wesnoth.org which is (I think?) not protected by Anubis. (Of course, if files.wesnoth.org is not protected by Anubis then it is theoretically vulnerable to getting DDoS'ed, but if it is just serving a few static files that seems unlikely.)

Post by **loonycyborg** » May 20th, 2025, 12:10 am

I made an exception in anubis bot policy to allow without challenge all paths with /wesmere/.*

Saizo-Luz · Post by **Saizo-Luz** » May 20th, 2025, 4:46 pm

The site has been very slow since then...

The Battle for Wesnoth Forums

Bot check on connect

Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect

Re: Bot check on connect