So what’s going on is the adversaries continuously hitting the lemmy.world server. On its own, a DDOS like that would be manageable - they’re much more defeatable these days
But they found request paths that run expensive db functions, giving them enough bang for their buck to make an impact, even tucked behind cloudflare.
As for mitigation, cloudflare and a larger server help, but ultimately lemmy needs some refactoring - right now it’s very liberal with the database calls. It needs to divide those up and get more granular with API calls, look at what can be optimized on the DB side, maybe do some caching/memoization… Basically, it needs to become a more mature piece of software in a hurry
Going further, there’s things like horizontal scaling - there’s even thoughts of how we could leverage the nature of the fediverse to share the load through federation.
I’m a dev, I don’t know much about administration so I’m not sure how you could help, but there’s plenty of work to go around. I think a database expert would be the most useful right now.
There’s messing with configs to tune everything for better performance - that’s out of my expertise, but I’m under the impression that there’s some significant gains to be had there
If it’s in your wheelhouse, you could look at different technologies that might give better performance - the current stack seems like it was chosen mostly with ease of development in mind, if you could make a strong argument for changing some of it out it might get traction.
As far as cyber security in general, if you want to get started - step 1 is basically locking things down, and then setting up monitoring tools and getting experience with them. Basically reading logs taken to the next level. I’m pretty sure they have that handled here, but this problem will never go away
So what’s going on is the adversaries continuously hitting the lemmy.world server. On its own, a DDOS like that would be manageable - they’re much more defeatable these days
But they found request paths that run expensive db functions, giving them enough bang for their buck to make an impact, even tucked behind cloudflare.
As for mitigation, cloudflare and a larger server help, but ultimately lemmy needs some refactoring - right now it’s very liberal with the database calls. It needs to divide those up and get more granular with API calls, look at what can be optimized on the DB side, maybe do some caching/memoization… Basically, it needs to become a more mature piece of software in a hurry
Going further, there’s things like horizontal scaling - there’s even thoughts of how we could leverage the nature of the fediverse to share the load through federation.
I’m a dev, I don’t know much about administration so I’m not sure how you could help, but there’s plenty of work to go around. I think a database expert would be the most useful right now.
There’s messing with configs to tune everything for better performance - that’s out of my expertise, but I’m under the impression that there’s some significant gains to be had there
If it’s in your wheelhouse, you could look at different technologies that might give better performance - the current stack seems like it was chosen mostly with ease of development in mind, if you could make a strong argument for changing some of it out it might get traction.
As far as cyber security in general, if you want to get started - step 1 is basically locking things down, and then setting up monitoring tools and getting experience with them. Basically reading logs taken to the next level. I’m pretty sure they have that handled here, but this problem will never go away