ClaudeBot server attack.

Latest Atari related news.
User avatar
sporniket
Posts: 1003
Joined: Sat Sep 26, 2020 9:12 pm
Location: France
Contact:

Re: ClaudeBot server attack.

Post by sporniket »

Ok I frantically hit "ctrl+click" to open around 80-100 tabs from the forum (honestly at one point I just repeated counting from 1 to 10 without any more care), to send as much request as the browser can send.

I got around a little more than a dozen pages ok then a few error 503, then a few pages ok, then a few 503... etc.

Don't know if my test is relevant, but it should be ok for my use case.

EDIT : I dit it again, to open 120 tabs. The 40 first are loaded mostly normal (the tab may miss the site icon) and after that there is a few "error 503" pages, then a few pages ok, then a few errors etc... The "best" I could get are 8 tabs in row in error, it depends on how frantically i could click (between 5 and 7 clicks per second, just measured that on an online tester :D ), and how my browser and my OS manage to send those requests.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

@sporniket thanks. Sounds like rate limiting is working but not banning. I should be able to see a IP in the error log. Just not sure why fail2ban isn't banning. Probably the example filter doesn't work as usual.

You could test by just loads of the store page several times as there is like 200 images on there ;)
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
derkom
Moderator
Moderator
Posts: 1225
Joined: Sun Jul 29, 2018 6:45 pm

Re: ClaudeBot server attack.

Post by derkom »

exxos wrote: Sun Apr 28, 2024 11:30 pm @derkom not sure if you can help test IP banning ? (or anyone else)..
I'm not entirely sure were things are the moment (too many cooks, right?), but I've thrown in a bit of config from https://gist.github.com/dangovorenefekt ... bc833bc1bf (edited down to just Anthropic), which maybe helps?

Commented edits in /etc/nginx/nginx.conf, /etc/nginx/useragent.rules, and the specific site file in /etc/nginx/sites-enabled.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

@derkom The rate limit and bad bots works, but I've got problems with banning the IPs over here now :( viewtopic.php?p=114377#p114377
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
derkom
Moderator
Moderator
Posts: 1225
Joined: Sun Jul 29, 2018 6:45 pm

Re: ClaudeBot server attack.

Post by derkom »

exxos wrote: Mon Apr 29, 2024 2:06 pm @derkom The rate limit and bad bots works, but I've got problems with banning the IPs over here now :( viewtopic.php?p=114377#p114377
I was "hoping" that bad bots wasn't actually working well enough and that a slightly different (?) approach might help.

Honestly I'm surprised there's a problem with Claude at all, because Anthropic are a supposedly reputable entity.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

derkom wrote: Mon Apr 29, 2024 2:09 pm Honestly I'm surprised there's a problem with Claude at all, because Anthropic are a supposedly reputable entity.
Others on the internet having the same problems as well. I clocked about 20 requests per second from over 900 IPs addresses.. all at the same time.

Rate limit alone wasn't enough. I am just banning Claude now. But I want to setup IP banning as well with fail2ban to stop any future "attacks" from any other DDOS type attacks.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
sandord
Posts: 678
Joined: Mon Aug 13, 2018 10:08 pm
Location: The Netherlands
Contact:

Re: ClaudeBot server attack.

Post by sandord »

I think that if there was a cache layer (such as Varnish) in front of nginx (caching phpBB guest traffic only), you'd probably be able to serve the bot requests with no trouble at all.

There would be literally no SQL queries executed for requests to already cached pages and those pages could be served like 100s of times faster than they currently are (which typically takes 200 to 1000+ ms. in my browser).

The downside however is that phpBB needs to inform the cache layer of cache invalidations when content is changed, added or removed. Otherwise, the cache should be short-lived to prevent outdated pages but that greatly reduces effectiveness.

I did some searching but I could find any proper off the shelf solutions. I'm afraid that hacking around in phpBB to add cache in validation hooks is easier said than done but perhaps there is a pre-made solution to be found after all.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

That's the other thing though ,because SQL should cache stuff by itself so it doesn't need to do the lookups. In older versions you could play around with the settings but I don't think you can in more recent versions. But I don't think it really had much effect anyway. If you assumed things were cached, it would be a pure CPU horsepower problem.

I don't really understand why it can't deal with the requests anyway because it is not like it is a extremely slow server to start with. But I guess the notion is a little bit invalid to appoint because I was being hit with over a million connections anyway. I did notice the forum was running slow at night time so I think it did pretty well to last for a few hours under that sort of abuse.

I do have rate limits enabled. I'm going to see if I can get it to redirect to a notification page to inform users they are being rate limited and to slow down. If they are legitimate users then they should wait a few seconds and can continue. But things like bots won't wait and if they don't, they will ultimately just get banned permanently.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
User avatar
sandord
Posts: 678
Joined: Mon Aug 13, 2018 10:08 pm
Location: The Netherlands
Contact:

Re: ClaudeBot server attack.

Post by sandord »

Yeah, that's where the "I'm not a robot" thing could do it's magic.
User avatar
exxos
Site Admin
Site Admin
Posts: 24061
Joined: Wed Aug 16, 2017 11:19 pm
Location: UK
Contact:

Re: ClaudeBot server attack.

Post by exxos »

I've cross the streams a little bit with the fail2ban stuff here viewtopic.php?p=114442#p114442

TL;DR

So there is a limit of 5 or 10 connections per IP now. It was unlimited before and the bot was doing 20 r/s per IP! . I also allow a acceptable burst rate etc. It delays the loading of my website main index a tiny bit, but not by much. I think that is probably a good compromise as the website is not really a high priority for bandwidth or connections. It is also further bandwidth limited after 100MB. My website really does not need to load at max speed anyway.

The forum & store still has the same number of connection restraints but does not have a bandwidth limit.

I have tried to tune it all for basically "acceptable use". What I mean by that is what a typical user sees should not really see any slowdowns or timeouts or anything. Anything which isn't "acceptable use" will start to hit limits and bandwidth restraints and ultimately could end up banned.

There is a warning about rate limits being exceeded. If any normal users see that or any other weird things and you will have to let me know.. The whole system may need some tweaking to get everything balanced out properly.
https://www.exxosforum.co.uk/atari/ All my hardware guides - mods - games - STOS
https://www.exxosforum.co.uk/atari/store2/ - All my hardware mods for sale - Please help support by making a purchase.
viewtopic.php?f=17&t=1585 Have you done the Mandatory Fixes ?
Just because a lot of people agree on something, doesn't make it a fact. ~exxos ~
People should find solutions to problems, not find problems with solutions.
Post Reply

Return to “NEWS & ANNOUNCEMENTS”