Hacker News new | ask | show | jobs
by dang 994 days ago
> My browser sends a cookie telling HN it's me

Yes, that's what I mean: if people log in, then we know at least a bit about who's accessing the site. But the particular blocks I posted about above only apply to logged-out users. Logging in immunizes you from them immediately.
2 comments
fragmede 993 days ago
Or rather, presumably Hector Martin's connecting to HN via a logged in browser and experiencing the block, which shouldn't apply to logged-out users, so I'm guessing there a bug/disconnect somewhere (could be in my parsing of your original comment).
link
dang 993 days ago
No one connecting via a logged-in browser would have been blocked by this code.

Edit: there are two exceptions—accounts we blocked because they were running crawlers that didn't respect HN's robots.txt—but both have been blocked for much longer than a few days.

link
fragmede 993 days ago
In this post* Hector Martin makes a contradicting claim - that he's blocked using a logged in browser.

* https://social.treehouse.systems/@marcan/111165508206292497

Based on other posts in that thread though, he also appears to be behind CG-NAT, which is always a confounding factor for IP-based blocking. Maybe someone else on his netblock is running that crawler.

link
dang 992 days ago
If someone wants to tell me the username, I'd be happy to look into what happened. Without the username, I don't know of any way to check this particular case—all I can say is what changed during those few days, and what changed is that we blocked more IPs that were making logged-out requests; logged-in requests would not have been affected.

Since that link refers to opening HN in an incognito window—and all those requests would be logged-out—most probably it was that activity that triggered the block. As I think I said elsewhere, it's hard to distinguish between a legit user accessing a bunch of HN links in various tabs, and a distributed botnet making similar handfuls of requests from a million different IP addresses.

What I can tell you for sure, though, is that the claim that we were targeting any individual user is quite false. Isn't that the main point?

link
fragmede 994 days ago
Oh so a DDoS not a bot attack.
link