MX Linux Forum

Thunderbird. Anybody else seeing this?

Jerry3904 wrote: Sat Oct 19, 2024 8:00 am Thunderbird. Anybody else seeing this?

https://mxlinux.org/category/blog/feed/ and app.php/feed are both behind Cloudflare proxies now, so I'm guessing RSS readers that fetch content in a non-human way will get filtered. I can fetch the content of these feeds in a browser, but that defeats the purpose of scraping them with software and only showing the new items. It's been like this for about a week now.

Jerry3904 wrote: Sat Oct 19, 2024 8:00 am Thunderbird. Anybody else seeing this?

Yes.
viewtopic.php?p=794376#p794376

This diagnostic might formerly have resulted from TB's User-Agent policy change to send a minimal UA header by default: https://meta.stackexchange.com/question ... hunderbird.

Now, as linked above, it probably results from the MX site's DDOS protection instituted as discussed at viewtopic.php?t=82308 which breaks RSS, since after all RSS is essentially bot access to the site. That has certainly broken the site's RSS feeds in my SeaMonkey client.

See https://openrss.org/blog/using-cloudfla ... -rss-users

It seems that the site has to authorise your RSS client in its CF account, or one must use a reader site with RSS access that has done so as a proxy (IDK if such exists), by IP address and/or User-Agent header.

Obviously one would want User-Agent strings matching known client software, say but presumably matching UAs would shortly be set in DDOS requests. Or TB and SM could be configured to send a UA containing a personal "app password" with a certain pattern to the site RSS URL to set a higher bar.

BV206 wrote: Sat Oct 19, 2024 9:04 am

Jerry3904 wrote: Sat Oct 19, 2024 8:00 am Thunderbird. Anybody else seeing this?

Yes.
viewtopic.php?p=794376#p794376

Thanks. I see your post was never continued (you) or replicated (us), so I'll leave this open for now in hopes of better reports and responses. If nothing else, Distrowatch follows that Blog for its weekly review so it would be useful to see if there is any solution or workaround (possible to mirror the Blog to a different site?) while CloudFare is doing its thing.
@/df Thanks.

we could try lowering the protection on the website. although I presume that @peregrine can tell if the attack is still going on.

@Jerry3904
There is a way that a specific RSS reader can be allowed access with a custom rule in Cloudflare. I looked at the general way to do this but have to dig into the specifics. The potential problem I see with this approach is having to create a separate rule for each reader. Also I am not sure if it can be done with our subscription or a paid subscription is required. Need to get peregrine's opinion on this.

@dolphin_oracle
Showing over 22,000 attacks blocked in the past 24 hours.

richb wrote: Sat Oct 19, 2024 10:17 am @Jerry3904
There is a way that a specific RSS reader can be allowed access with a custom rule in Cloudflare. I looked at the general way to do this but have to dig into the specifics. The potential problem I see with this approach is having to create a separate rule for each reader. Also I am not sure if it can be done with our subscription or a paid subscription is required. Need to get peregrine's opinion on this.

Thanks. Since we supply no reader by default except via Thunderbird, perhaps we could start there? I can see it for News on Saturdays by using a direct web link, which I just did, but that;s not very handy...

richb wrote: Sat Oct 19, 2024 10:36 am @dolphin_oracle
Showing over 22,000 attacks blocked in the past 24 hours.

well that sucks :(

dolphin_oracle wrote: Sat Oct 19, 2024 12:44 pm

richb wrote: Sat Oct 19, 2024 10:36 am @dolphin_oracle
Showing over 22,000 attacks blocked in the past 24 hours.

well that sucks :(

Could suck worse if they got through.

Probably just correlation without causation, but--China has recently become the third largest download country for the MX RPi Respin...