[2.1] Bots - reduce log_online updates#9125
Open
sbulen wants to merge 1 commit intoSimpleMachines:release-2.1from
Open
[2.1] Bots - reduce log_online updates#9125sbulen wants to merge 1 commit intoSimpleMachines:release-2.1from
sbulen wants to merge 1 commit intoSimpleMachines:release-2.1from
Conversation
Signed-off-by: Shawn Bulen <bulens@pacbell.net>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR aims to minimize I/O during a bot attack by eliminating the logging of guests & bots in log_online. The problem is that the really troublesome bots are indistinguishable from guests via normal means, e.g., useragent.
An option is added, allowing the user to turn this behavior on or off. Users may wish to disable this only during high-CPU bot attacks.
Note that some of these bot attacks are what I call 'long tail' attacks, in which many IPs are used once and only once. This was a trademark of the 2025 Q3 Brazil/Vietnam attack; on some days, I would have 150,000+ IPs with only one request each... The problem being that each would get its own unique session & log_online record, causing a flood of writes & log activity. And then, of course, they would all need to be deleted during garbage collection.
With this change, they wouldn't be written at all.
I've been running this code on my prod forum with no issues. Though, I must admit, forum members asked this one to be removed, as they liked following those stats. Spikes usually indicated cross-forum discussions with other gear forums. Somehow they gleaned that thru all the bot noise (tbh, I dunno how...). Still, having the option to disable during a botnet attack with high CPU is an important option.
If this is approved, I can submit a 3.0 version.
For more discussion see:
https://www.simplemachines.org/community/index.php?topic=592442.0
https://www.simplemachines.org/community/index.php?topic=592345.0
Feedback welcome.