this post was submitted on 11 Jul 2023
87 points (100.0% liked)

/kbin meta

5 readers
6 users here now

Magazine dedicated to discussions about the kbin itself. Provide feedback, ask questions, suggest improvements, and engage in conversations related to the platform organization, policies, features, and community dynamics. ---- * Roadmap 2023 * m/kbinDevlog * m/kbinDesign

founded 1 year ago
 

Apparently one of the lemmy.ml admins was overzealous in banning all User-Agent strings that contained the word "bot". Bans were entered for all of the individual strings containing that word which were observed in their webserver logs, which impacted kbin's reported agent of "kbinBot".

The issue has been fixed, and I observed that one of my kbin posts to a lemmy.ml community was successfully pushed to the original instance.


Edit:

Here are all the links that I've found with the lemmy.ml admins discussing the issue:

you are viewing a single comment's thread
view the rest of the comments
[–] Deceptichum@kbin.social 4 points 1 year ago (2 children)

If they were doing that, others with bot in the name would have been caught, no?

Yet the people who tested it said that wasn’t the case.

[–] blightbow@kbin.social 9 points 1 year ago

Like I said, a blind sort by volume of the top n user agents in their logs containing the word bot would be enough to do it. Drop the output of that sort into a text file or a hash table, then create a user agent filter in the nginx config that blocks the specific strings seen in that file.

It is very much the sort of thing that a single admin can do by accident, and the exact sort of problem I would expect to see with rapidly growing instances operated by a very small number of tech enthusiasts.

[–] Teppic@kbin.social 3 points 1 year ago

From the response it is likely that many other specifically identified phrases which do contain the word 'bot' have indeed been blocked (presumably still are).

The slight variations in kbinBot which were subsequently tried wouldn't previously have shown up in the logs and so wouldn't have been added to the blacklist.