From wsherman at gmail.com  Wed Sep 10 17:29:39 2025
From: wsherman at gmail.com (Wayne Sherman)
Date: Wed, 10 Sep 2025 08:29:39 -0700
Subject: [fpc-other] [fpc-pascal] Lazarus Forums not working
In-Reply-To: <24e8c2b3-30df-44cd-b929-cf6a672ccba2@dommelstein.nl>
References: <CAFRkszKQ764hf8TBzWsbp=73t-7j4yLFQNkEGdVDAOM3D8QERg@mail.gmail.com>
 <0268a373-ec40-4185-8b5a-d346b1cb85f0@pblackman.plus.com>
 <CAFRkszJOenX4hi77bWZkMEdmdC=bKNq0P7Sgguix+VHmqh9QKw@mail.gmail.com>
 <1757433612.947125344@f529.i.mail.ru>
 <69bf408f-f0aa-7d26-de77-3ab9e53bd619@sentry.org>
 <24e8c2b3-30df-44cd-b929-cf6a672ccba2@dommelstein.nl>
Message-ID: <CAFRkszLN2MX6zfPgz+zDZTZwRN7dz3PjN3E7PSbA8Y-kh1UxZQ@mail.gmail.com>

Moving thread to:  fpc-other at lists.freepascal.org
Please remove fpc-pascal and post replies to fpc-other only.

Marc Weustink wrote:
> Yes. Last week bots made the forum unusable. Since they (till now) don't
> use cookies, I redirect all requests without cookies to the use cookies
> page. When you try this 5 times within 10 minutes, your IP is blocked
> for one hour.

Mitigation is needed, but should it block or hinder users, visitors,
and non-abusive web crawlers (legitimate search indexers and LLMs data
gathering)?

A CDN / reverse web proxy is a common solution for scaling performance
and blocking abuse and DoS attacks.  For example:

https://www.cloudflare.com/application-services/products/cdn/
https://blog.cloudflare.com/expanding-our-support-for-oss-projects-with-project-alexandria/
https://www.cloudflare.com/lp/project-alexandria/

From peter at pblackman.plus.com  Thu Sep 11 00:40:18 2025
From: peter at pblackman.plus.com (Peter Blackman)
Date: Wed, 10 Sep 2025 23:40:18 +0100
Subject: [fpc-other] [fpc-pascal] Lazarus Forums not working
In-Reply-To: <25bbccab-473c-4695-a4e8-2d9e5fe6d657@pblackman.plus.com>
References: <CAFRkszKQ764hf8TBzWsbp=73t-7j4yLFQNkEGdVDAOM3D8QERg@mail.gmail.com>
 <0268a373-ec40-4185-8b5a-d346b1cb85f0@pblackman.plus.com>
 <CAFRkszJOenX4hi77bWZkMEdmdC=bKNq0P7Sgguix+VHmqh9QKw@mail.gmail.com>
 <1757433612.947125344@f529.i.mail.ru>
 <69bf408f-f0aa-7d26-de77-3ab9e53bd619@sentry.org>
 <24e8c2b3-30df-44cd-b929-cf6a672ccba2@dommelstein.nl>
 <0b555a39-ce45-4f69-8b77-bd9e3f49d88b@pblackman.plus.com>
 <b266d2cd-ab8b-4d27-99ca-c8181000fa0a@dommelstein.nl>
 <17bf8eb6-c7ba-404e-8b4b-49995f1bcfe8@pblackman.plus.com>
 <d737cd0b-ddee-4f9a-80a1-e49538c1e406@dommelstein.nl>
 <25bbccab-473c-4695-a4e8-2d9e5fe6d657@pblackman.plus.com>
Message-ID: <d432f3aa-defd-4af9-8dfa-b1c3e91fd522@pblackman.plus.com>


I know how to reproduce this now.

Once access is restored, it continues,
even if I close pages on the forum and access other websites.

However, if I close Firefox and restart it, PHPSESSIDs appear
on all the URLs.

"Delete cookies and site data when Firefox is closed"
is NOT checked!


Cheers,
Peter