Cloudflare actually stopped their service

what?

we are on the latest version now, there is no need to wait

doesn’t really look much different between the two instances. the theme differences are minor. the current default theme on piefed.world is even a bit more compact than the quokk.au default theme.

there are also user settings for more compact post listings, e.g. the variant with smaller thumbnails:

and after writing all this i realized you were referring to the bottom navigation. we updated several piefed versions in the last few days, if this is still the case for you i recommend raising this as a bug directly at https://codeberg.org/rimu/pyfedi/issues

maybe worth to name and shame those apps with lack of proper lemmy markdown support.

and ideally check if that has already been reported to their devs, and doing that if it hasn’t been done yet.

fwiw, LW/PFW require local users to be at least 18, or, if higher, whatever their local laws define. for other instances this is of course nothing we can control.

all content is generally owned by its creator and only the creator can change it. for lemmy 1.0 this will be changing for marking as nsfw and managing tags, so it seems that this is somewhat being relaxed.

at this point they’re long past the point where they’d be tolerated here to keep a single account. they’re constantly impersonating and harassing other people, they need the new accounts to be able to evade bans.

it just takes one mentally ill person to make it their hobby to harass people on the internet

only the person creating a post can mark their own account as bot or change the title

feel free to get in touch with us if you have issues with api limits. we can’t change them for individual users but we may be able to give you advice on more efficient usage.

your bot shouldn’t be logging in every time it checks what is going on; it’s best to persist the JWT you get from logging in and keep using it. the signup/login rate limit (which for whatever reason has the same counter) is relatively low to limit abuse, but the other endpoints should be more relaxed. you’d also have to hit pretty high request counts for us to even look at it. i recommend using a separate bot account (see bot rules).

I changed the password after leaking that screenshot

presumably in the time between leaking and changing it? once the password is changed the old password won’t work anymore, and neither will any of the previous login tokens.

of all the scrapers we see, the requests identified as originating from Meta seem to be well behaved overall. they appear to (mostly) be respecting robots.txt where present and their request volume to Lemmy.World is only averaging slightly above 5 requests per minute over the last 2 weeks. they also don’t spoof their user agents to pretend to be web browsers, or at least I have not seen credible accusations of this happening.

this is a bug in lemmy-ui. it works in alternative interfaces, e.g. at https://t.lemmy.world/c/إسلام.

the bug report about this was just recently closed due to a lack of external contributions to address the issue: https://github.com/LemmyNet/lemmy-ui/issues/2207

hello,

based on your other post, which has since been removed by moderators of that community, it seems that you are looking for the !perchance@lemmy.world community instead of this one.

you’re not going to have much luck here, as here people won’t even understand what you’re talking about.

please remove the phishing link from this post immediately. you can defuse it e.g. by putting it in a code snippet and replacing the dots with [.], e.g. netprocesse[.]com.

i see. for PWAs that’s expected, for the native app i would’ve expected a consistent UA for all requests.

our current blocks/challenges are explicitly targeting things that pretend to be browsers while not actually being browsers. we try to exclude requests that are expected to be accessed by browser based clients that aren’t directly on the main site. appending to browser user agents still matches our browser user agent detection.

i’m not sure why this was causing issues here though, especially with the login, as that should just be 100% api stuff and therefore use VoyagerApp/1.0 from the native app?

Hi,

this was possibly an unintended side-effect of our increasingly aggressive AI crawler DDoS blocking. When increasing the scope of issuing Cloudflare challenges we missed excluding API endpoints from the rule, that should be fixed now.

This should only have affected clients with browser user agents though, and I see requests with user agent VoyagerApp/1.0. @aeharding@vger.social do you know if Voyager can send browser-like user agents when installed from App Store?

lemmy currently doesn’t have granular federation controls. the only option right now is to defederate from mbin instances, but other instances might still announce your users’ votes to mbin instances. the more hacky way would be to also block federation related http requests from mbin instances to prevent them from retrieving user profiles, which is probably the most effective method that could be used.

piefeds non-federated votes are a user setting for the default value and users have the option for each vote whether it should be federated. see also https://piefed.social/post/982478

as explained in this post, the original implementation of “private voting” has already been replaced with non-federated voting, which addresses the abuse concerns, as it’s then limited to just the instance the votes are cast on.