Grouvee is down. Ahhhhh!

Hey I figure this can be a space for whenever Grouvee goes down. People can shout at Peter, “Hey! The website is down! What’re you doing?! Why!!!”*

*This is a joke please be nice to Peter

Peterrrrrr. Wake Up.

I didn’t check the forums much yesterday. I did my normal check of the main site 3 or 4 times. How long was it down?

It was very brief. This post makes it seem like it was hours but I think it was minutes haha. I just saw it was down and immediately thought making a forum post for when that happens is a truly excellent idea so then I did that.

Grouvee is down Ahhhhhh!!!

And its back. what a whirlwind.

FAKE NEWS

Grouvee is never down! Sometimes it’s just tired.

umm, so, i think it’s uh… Sleepy?

I think there’s a DDOS attack going on right now. I have no idea how to do this. I will figure it out.

Feels like an odd target !_! Good luck with it sir 07

What a coincidence I just read a lot about this. The Cutting From Floor and a bunch of other sites are going through it with ai scrapers.

I really can’t figure this out. I switched over and put Cloudfare in front of the site and it doesn’t seem to be helping. I can’t even ssh into the server right now. I also don’t think I’m going to have time the rest of the day to look at this. I turned on “under attack mode” maybe that’ll help.

I don’t really know what to do honestly. Something is just pounding the /login/ URL from a ton of different locations. Cloudfare actually shows me how many requests per hour I’m getting, and it’s a fuck ton right now. Of course it’s not detecting any malicious activity even though half of it is nonsense. This isn’t my specialty of web hosting.

Dunno if any of this will shed light or help, but good luck.

I’m reading through these articles this morning. The LLM scrapers have to be the cause of what’s going on here. One of the articles mentions banning the entire country of Brazil, which is exactly what I was about to do this weekend. I’ve got cloudflare in front of my servers right now, and I’m getting hundreds of thousands of requests from Brazil per day right now. Grouvee only gets 5-10k actual real human page views in a day. But I’m getting almost a million requests to the servers with half of them coming from Brazil right now. I literally don’t know what to do about this. I had to upsize the servers a couple weeks ago, and the costs are pretty bad at this point. This is just fucking stupid. The cloudflare “under attack” mode is helping, but it’s a bad user experience.

Are the other half coming from varied sources
Or can you pinpoint key locations like Brazil?

The rest of the majority of the attacks are showing coming from the US. After that, there’s just a ton of other countries with a fairly even distribution. Singapore, Vietnam, and India are all showing 29k each in the last 24 hours or so. I know there are hardly any real users from those countries.

They’re attacking that login URL like I’ve said. They also seem to be using an Opera user agent string pretty often. I might just block the weird opera variant I’m seeing too and see if that helps.

I’ve flipped my opinion on the entire world in the last week. LLMs are going to ruin the internet and people are going to go back to just talking to each other in real life and maybe we’ll all just be better for it in the end

OK, I’ve blocked Brazil and turned attack mode off. The servers seem to be handling the traffic. I’m going to let it run for a couple hours and see how it goes.

Honestly, it might suck, but I’d add Vietnam, Singapore, India, any other suspicious activity but with a low real user base. Then after the scrapers move on, you can unblock.