You can also use this online tool to check servers when reviewing the logs in cloudflare, this is an example of one of those serves that showed up, the radar tracks it as 86.8% bot

https://radar.cloudflare.com/bots/as132203

Here can be seen the 6th of September surge on on the graph and it coincides with the server traffic

A lot of these bots are hammering wordpress exploits with targets such as /wp-content/index.php and so on, it might not be a bad idea to block by default if you have server load issues.

@baris Ha ha I had the image open on a tab, forgot, and thought, oh cool Baris has applied the fork to community! Must be testing it out.

I was clicking and clicking, but huh that's weird the mouse cursor is stuck on magnifier must be safari big!

:joy:

@anchorite Cloudflare now has a specific Ai feature with allow/block toggles for the various bots on the free tier. I'm not sure if you get more features in the paid tiers with that but you can write a lot more security rules, with the paid tiers.

tune-a-sandwich A neat idea. I likez a lot.

The same big sources of disruptive traffic hitting everyone

https://www.reddit.com/r/GoogleAnalytics/comments/1oi4bo0/unexpected_traffic_from_singapore_and_lanzhou/

Surprise surprise, Singapore is a hub for AI investment for a good number of years.

@Julian @baris

I sincerely bring this to your attention urgently and for all, this is I believe a very good summary (link below) of what the net has just faced and what may be to come. I' not to worried about the cyber war what if's, but keeping the service, up, how to protect your service and retain function and aches for said users.

It aligns with my own web traffic experience, and thus reason for this topic, while reading anecdotally across reddit (e.g. link in previous post) and other platforms of others very recent traffic trials the bottom being, everyone seems to have been affected by this since at least November:

https://restoringthemind.com/china-singapore-bot-surge-raises-global-cyber-alarms/

Could this current wave be only a preemptive stress test and survey before a monumental attack?

At this new current level / wave it is breaking the open internet affairs

@Julian I had to wait 5/10 mins before being able to post - coincidental, having hosting/server issues connecting, nodeBB community under pressure? Maybe from the same waves??

Meanwhile, a very common issues all around, below is Nov 29th reddit discussion, but I can see this issue being raised earlier in the year, September, October and maybe even earlier.

https://www.reddit.com/r/SEO/comments/1p9irqq/how_did_you_deal_with_the_chinasingapore_bot_or/

@Julian Yea Anubis does look good but right now free CF tools and rules plucked in a need solution asap when this got going earlier in the year.

Here is the bad bot report for 2025 from Imperva it make for some interesting reading! :grimacing: Like net traffic has tipped over the 50% mark for bot traffic first time in a decade.

https://cpl.thalesgroup.com/sites/default/files/content/campaigns/badbot/2025-Bad-Bot-Report.pdf

@Julian Where might interruption of federation occur? Or, how does federation and/or where does federation interlinky (technical term) magic happen?

@Julian To note, it uses up one of the 5 free WAF/Security rules slots.

Having looked into it a bit more there seems to be more bot control rules you can invoke with the paid tiers.

On the free one you have - (cf.client.bot) true/false

And then the Ai crawled control (managed via own menu option), which nicely groups the various types of AI crawlers which you can allow/block.

This is 2 slots used, you need to use your remaining 3 wisely.

It's amazing how much traffic you're going to block with a wildcard approach (if applicable) to blocking all .php request, and I have had to play around with the order a bit to allow the goodbots as such in. I'm not totally sure how the rules fire in order is 100% robust. It might be 99.x% robust. I would like to hear others thoughts/experiences on this.

I would urgently encourage anyone who is using CF to look at the security analytics, and look at the top countries overall.

China, Singapore are the top offenders in this user surge wave. Incredible volumes of multi second users can swarm out of nowhere and really eat up server resources. You may find the only solution is a total block but this would be my starting point.

However, interactive challenge may be as good or nearly as good (but I am too paranoid to be totally convinced, I tested it and I am still not sure and reverted to some hard blocks).

I think the managed challenge may be out of it's depth here when dealing with origin offenders.

It is very tricky. However, drilling down using the "filter" option in CF has been a really useful visual aid. I never had to do as much looking until this China/Singapore wave started ramping up.

Log search is paid feature. You can however apply various filters combined to analytics.

We can't forget the third wheel - WhatsApp & Co.

The app based p2p messaging apps that have evolved to inhabit a space in-between forums and social media. Trying to solve some of the social media shorting-comings while borrowing a little from older sister/brother forums' wardrobe.

Forums are a pre-super-computer-in-your-hand evolution and a very natural analog, which I think exemplifies the original and early optimism of the net.

Social media however, well the term should be a dead give away "social media", that's a very considered and engineered phrase, the meta of media is social engineering for the mind, and so that was that plan for the big "social media" platforms, how does social-media-ism sound?

So while the net early adopters and pioneers were all about openness , but I would argue the openness for freedom, the potential benefits the promised land - yet once you start to impose for whatever reasoning, impositions of a type, then it breaks down, the symptoms being real net social dis-order, and that is what I have witnessed with the rise of "social media", was that it broke the openness (offering even more hyper-connectivity instead), and has allowed the usual enter left of stage regulatory social control actors to tell us they must save us from ourselves - but I think the more closed or semi-closed direct messaging apps made that in fact worse, snapchat, whatsapp and similar, in a Lord of flies way.

Bottom line - Has Life been enhanced or not?

I think it is more than merely the technological arrangement of the parts, what is the sum and is this derivative of analog clock vs digital clock?

What problem has been solved and which approach did it best?

What did a digital watch do to real life versus the old clock (before then it was sundial etc. etc.), more effect?

The measure must be the sum total benefit to the users - is this Clock?

The measure must be the sum total efficacy of control of the users - is this Digital Clock?

Forums = Clock / Social Media = Digital Watch?

I digress.. ;)

Now I'm really de-railing but I couldn't help think that the navigation issues raised in the op, about long running topics, well I couldn't' but think in some way this older iterative feature muse might chart a course to solving such issues, see link below:

https://community.nodebb.org/topic/17655/timeline-navigator-fruit-machine-concept/

I should summarise the up better some time soon.

However what I am really wondering @Julian @baris there may be a chance Santa will put the navigator element into the right vertical column one of these years. - I still have time to post my letter for this Christmas! :blush:

This is a good run down of the wave the net is up against from a WP site perspective but applies to all.

I has already discovered that interactive challenge had a similar to blocking effect on the traffic using CF. It's taken a few re-gigs and tweaks to make the whole thing manageable since this became problematic in early November.

https://martech.zone/block-china-and-singapore-bot-traffic-using-cloudflare/

Ha ha something like that iirc, thanks for the heads up. Very interesting.

https://webkit.org/wp-content/uploads/Grid-Lanes-newspaper-demo-dark.png

I thought this image from the link posted looked particularly promising, even makes liquid glass Safari overhaul not look so bad and that's saying something!

Imagine that as one of a few hom page setup options for nodeBB

@julian In recent travels, reviewing all things Liquid Glass, I stumbled upon this this site, and I think it demonstrates some of the concepts I was pushing a few years back that I think you are referring to. I've never seen a site similar, but if anyone know of others, please post.

https://stuartbreckenridge.net/

just do it dot com :+1:

So what's the story with this theme did you salvage it?

Good work all!

> @julian said: > > New "World" page > /world has been updated so that is closer to a feed-reader than a topic list. While I will continue to iterate on this design over time to better promote topics, I am hoping that this proves to be more accessible of an interface compared to the old topic listing. > > Your watched/tracked remote categories will be listed in a sidebar (hidden behind a drawer on mobile views) for easy access. > > The default view ("Latest") continues to be a list of content from people you follow, and content shared by those same people. The other view ("Popular") shows unconstrained content, and can include content from people you don't follow.

I have a vague memory I had a sense I suggested this was a challenge a bit back but I'm fuzzy without back tracking.

So I had a look and what I see (for me) I think is just one topic that I participated in, in that "feed-reader" (is it a look?) and I saw nothing else, before was /world populated with all ActPub topics but now feed view is contextual to the user prefs/activity-state?

Or, can you qualify this a little more the intention, for the one who hasn't been at class for some time. When you the time of course. No rush.

@julian Ok thanks. You know me still trying to orientate the z axis of this, when we've only got the x and y to play with. I guess that's been the challenge from the start.

If you don't mind me asking - What is it you were trying to achieve with this vs before?

Ya know what problem was being solved in exchange for new ones ;)

julian You're going into a place I was going to suggest around 2022 (becasue forums have been on the decline for a long time), while this sub-reddit-eaque is a neat feature, what about thinking of "ways" of being instead.

TLDR

I'd really like to be able to, and within seconds, with a single email address and password sign up for a stripped down NodeLET Acc and be typing happily (content creating) within seconds, that I could then disturbute to wherever-whenever platforms I like with a few clicks, get analytics feedback on how content (posts) are doing, where it is being seen and how much and maybe even track and manage payment for any revenue generated, without being a site owner carrying any of that "publishing" at scale burden and cost or having to sign up to one or more platforms to get my content out to the world.

That' the bones of the original 2012 idea.

If you think about supporting or looking for inspiration in terms of feature roadmap, where next for then NodeBB as a content creation platform, extra of being a forum, is when you start to unlock the true potential.

You might rememeber I pointed out substack some years ago and it wasn't that familiar to you or most back then, it was the lockdowns and covid that allowed it go prime time IMHO.

So here is a concept you might like to ponder

The NodeLET

1. NodeLET (Solo) a stepped down versions of a full NodeBB that is content creator centric (it may not allow more than one user, it might limit users, it can have tiered plans, it hosted but NodeBB, it's liek NOdeBB for one user that can bu spun up like droplet are spun up on DO in seconds)

Think of NodeLET as content hub as opposed to a hub (forum) for users.

1. NodeBB with NodeLET functionally (integrated)

What is NodeLET?

NodeLET is hosted by NodeBB as an in-house service as a very mass market non-techie solution (think wordpress.blog but technically spun up like a DO droplet) the user does not need admin level technical overload, they are the content creation focused user, they just need composer, drafts and the tags fundamentally to organise content all the forums, sub categories, users admin backend etc. etc. is not needed, wwe;re stripping right back here, you get the idea.

Now that activity pub is in the mix you can use this to hook up NodeLET to other NodeBB's and beyond.

Content creation space for the quiet content creator who wants a nice place to go and tap without distraction and mange their more long form thoughtful content over time.

Does this make sense?

The idea is a NodeLET would start as a free service for content creators, now that substack exists which came to my attention after I thought of this way of re-selling or re-spinning NodeBB that market is well established in terms of a simple offering to the content creator.

It's a new market segment because no one did it so well and elegantly until substack came along IMHO.

Focusing on content creation, but still being a very different option than say a WordPress vs substack option.

All my UI suggestions are generally based around content creation centric idea of the NodeLET but I never explained it properly, but if you're gonna do sub-reddit you might as well embrace the whole spectrum of user-needs potential dev led paths or "ways" of being, as opposed to what others are doing.

Build for the user you missed or forgot about, because NodeBB can do it all technically, as I've pointed out most of the ability is already under the hood, it exists, it's actually a matter or reconfiguring layout, how you offer the capabilities to the potential user / marketing (Harmony theme actually works really well here)

Offer 2 configurations, of NodeBB

• Solo (limited, free) A Single user NodeBB offering.
• Solo Plus (fee, more features) A single user NodeBB for closed content creation group
• NodeBB (Full) What we all know and love.

There is naturally as explain no self-hosting option for a NodeLET

Bonus is all of these options can openly interconnect now, where back a few years they may have not so easily - Activity Pub is the thing that didn't exist when I was thinking about this, because as I've alluded to or implied it goes back to an even older idea I had when trying to solve a problem in 2012 no one was thinking about afaics, when I saw substack it looked the closest to my original musings over a decade later.

I know I'm sliding off topic but it's out of my head now. :)