Skip Navigation


  • Slay the Spire devs followed through on abandoning Unity

    Unity's Runtime Fee debacle cost it the trust of several indie developers, and led to Slay the Spire 2 being made in Godot.

  • Helldivers 2’s Politics Appear To Be Flying Over The Heads Of Some

    There is a currently a very funny, kind of sad dust-up over Helldivers 2, in which self-proclaimed “anti-woke” gamers have previously heralded it

    There is currently a very funny, kind of sad dust-up over Helldivers 2, in which self-proclaimed “anti-woke” gamers have previously heralded it as a rare game where they believe “politics” does not play a factor. Their faith was been shaken by an Arrowhead community manager they believed they found to be (gasp) progressive who was then subsequently harassed, but their head-scratching reading of Helldivers 2 as a “non-political” game is worth examining.

    The only thing that makes sense is that these players have the shallowest of surface-level readings of the game. You are a patriotic soldier serving Super Earth. You must kill bugs and evil robots trying to hurt your brothers-in-arms and innocent citizens. There are no storylines to insert progressive causes into, everyone wears helmets so no “forced diversity.” Therefore, no politics.

    Of course, this is…wildly off the mark, as Helldivers 2 is about the most blatantly obvious satire of militaristic fascism since the film that inspired it, Starship Troopers.

  • Success of Fallout proves video game adaptations have gone mainstream

    As the show becomes a global hit and is renewed for a second season, experts say game adaptations are the new superhero movies

  • Ukrainian who helped Russians direct missile that killed 13 people in Kramatorsk sentenced to life in prison

    The court found a Ukrainian man who directed the Iskander-M that killed Ukrainian writer Victoria Amelina and another 12 people in Kramatorsk on July 27, 2023, guilty

  • I host a few small low-traffic websites for local interests. I do this for free - and some of them are for a friend who died last year but didn't want all his work to vanish. They don't get so many views, so I was surprised when I happened to glance at munin and saw my bandwidth usage had gone up a lot.

    I spent a couple of hours working to solve this and did everything wrong. But it was a useful learning experience and I thought it might be worth sharing in case anyone else encounters similar.

    My setup is:

    Cloudflare DNS -> Cloudflare Tunnel (Because my residential isp uses CGNAT) -> Haproxy (I like Haproxy and amongst other things, alerts me when a site is down) -> Separate Docker containers for each website. On a Debian server living in my garage.

    From Haproxy's stats page, I was able to see which website was gathering attention. It's one running PhpBB for a little forum. Tailing apache's logs in that container quickly identified the pattern and made it easy to see what was happening.

    It was seeing a lot of 404 errors for URLs all coming from the same user-agent "claudebot". I know what you're thinking - it's an exploit scanning bot, but a closer look showed it was trying to fetch normal forum posts, some which had been deleted months previously, and also robots.txt. That site doesn't have a robots.txt so that was failing. What was weird is that the it was requesting at a rate of up to 20 urls a second, from multiple AWS IPs - and every other request was for robots.txt. You'd think it would take the hint after a million times of asking.

    Googling that UA turns up that other PhpBB users have encountered this quite recently - it seems to be fascinated by web forums and absolutely hammers them with the same behaviour I found.

    So - clearly a broken and stupid bot, right? Rather than being specifically malicious. I think so, but I host these sites on a rural consumer line and it was affecting both system load and bandwidth.

    What I did wrong:

    1. In docker, I tried quite a few things to block the user agent, the country (US based AWS, and this is a UK regional site), various IPs. It took me far too long to realise why my changes to .htaccess were failing - the phpbb docker image I use mounts the root directory to the website internally, ignoring my mounted vol. (My own fault, it was too long since I set it up to remember only certain sub-dirs were mounted in)

    2. Figuring that out, I shelled into the container and edited that .htaccess, but wouldn't have survived restarting/rebuilding the container so wasn't a real solution.

    Whilst I was in there, I created a robots.txt file. Not surprisingly, claudebot doesn't actually honour whats in there, and still continues to request it ten times a second.

    1. Thinking there must be another way, I switched to Haproxy. This was much easier - the documentation is very good. And it actually worked - blocking by Useragent (and yep, I'm lucky this wasn't changing) worked perfectly.

    I then had to leave for a while and the graphs show it's working. (Yellow above the line is requests coming into haproxy, below the line are responses).


    Great - except I'm still seeing half of the traffic, and that's affecting my latency. (Some of you might doubt this, and I can tell you that you're spoiled by an excess of bandwidth...)

    1. That's when the penny dropped and the obvious occured. I use cloudflare, so use their firewall, right? No excuses - I should have gone there first. In fact, I did, but I got distracted by the many options and focused on their bot fighting tools, which didn't work for me. (This bot is somehow getting through the captcha challenge even when bot fight mode is enabled)

    But, their firewall has an option for user agent. The actual fix was simply to add this in WAF for that domain.


    And voila - no more traffic through the tunnel for this very rude and stupid bot.

    After 24 hours, Cloudflare has blocked almost a quarter of a million requests by claudebot to my little phpbb forum which barely gets a single post every three months.


    Moral for myself: Stand back and think for a minute before rushing in and trying to fix something in the wrong way. I've also taken this as an opportunity to improve haproxy's rate limiting internally. Like most website hosts, most of my traffic is outbound, and slowing things down when it gets busy really does help.

    This obviously isn't a perfect solution - all claudebot has to do is change its UA, and by coming from AWS it's pretty hard to block otherwise. One hopes it isn't truly malicious. It would be quite a lot more work to integrate Fail2ban for more bots, but it might yet come to that.

    Also, if you write any kind of web bot, please consider that not everyone who hosts a website has a lot of bandwidth, and at least have enough pride to write software good enough to not keep doing the same thing every second. And, y'know, keep an eye on what your stuff is doing out on the internet - not least for your own benefit. Hopefully AWS really shaft claudebot's owners with some big bandwidth charges...

    EDIT: It came back the next day with a new UA, and an email address linking it to - the Claude3 AI bot, so it looks like a particularly badly written scraper for AI learning.

  • Brit passengers on four-hour flight to Turkey drink entire plane dry in 25 minutes

    A group of British holidaymakers drank the entire stock of booze for a four-hour flight to Turkey in the space of just 25 minutes, an airline boss has revealed.

    > SunExpress’s German-American boss Max Kownatzki told trade publication TTG that one special flight operated by the Turkish airline for a group of Brits on a golfing break was drunk dry in the space of 25-minutes. > > He said Brit travellers are “more high-spend, more hedonistic.”

  • Ontario may soon count student residences as homes to reach housing goal

    The Ontario government is looking into counting student residences and retirement spaces to meet its 10-year target of building 1.5 million homes.

    Yay! More BS that only puts us further behind!

  • This has happened to me a few times. One I remember was the game Alchemist, where I just sat there confused as hell for 4 and a half hours while three guys were all talking about strategies. Tonight it was Terraforming Mars, where I was told it would be a 3 hour game, but by hour 4 we were halfway done. This time I said "it's 11pm, I have work in the morning, this will be my last hand" and the host got very passive aggressive with me. I just don't know what to do in these situations.

    ^Also is there a word for this? My girlfriend said I was "held game hostage" but I don't see that used in my searches.^

    Update: I sent an apology for leaving early, and he wasn't too frustrated about it and understood my frustration which was nice. I told him I didn't think it was my cup of tea since it was so dense, but he kept trying to sell me on the game.

    I just gotta learn how to decline with this guy, he is a bit of a "won't take no for an answer" person, but I'm still learning to be firm with boundaries.

    I'm really a 45 minute or less person, and prefer games with like... 5 rules. I have communicated that before, but he really wants me to play the games he loves which I take as a compliment.

    He did have me playing Dominion for a while, and that was a time when I just would suck it up and play for his sake since he was going through a divorce. We literally had the parks and rec sketch where I said "I don't really like Dominion" and he said "what do you mean? You've played all the games!"

    He housed me when I was homeless, so it's hard for me to decline things with him since he showed me that huge kindness.

0 Active users