Notices by Mythic Beasts (beasts@social.mythic-beasts.com)

@wordshaper @neil we had to drop support for customers fronting their sites with CloudFlare on our shared servers because it's not effective at stopping the AI bot swarm, and using it makes it impossible for us to do so ourselves. https://www.mythic-beasts.com/blog/2025/09/03/web-hosting-and-cloudflare/

@scribe

In 2005 you got account numbers starting with a 3, in 2025 you are still getting account numbers starting with a 3 but with two more zeros in them.

@jima @otfrom @neil @sindarina almost none of the AI scrapers support IPv6 which is a pretty compelling argument to make your website IPv6 only with no proxy layer.

@scribe almost a year ago! https://www.mythic-beasts.com/blog/2024/03/25/green-hosting/

Croeso i'n gwasanaeth Mastodon! @teamtoot

After nearly drowning in an alphabet soup of anti-spam acronyms whilst trying to explain to a customer why email forwarding doesn't work, Kelduum decided to let off steam on our blog. https://www.mythic-beasts.com/blog/2025/01/29/the-death-of-email-forwarding/

@cks yes, for DMARC you need an aligned SPF pass OR a DKIM pass. If you're forwarding, the former isn't going to happen, so you're reliant on DKIM. Sensible people don't enable strict DMARC policies without first ensuring that they're DKIMing everything, so that shouldn't be an issue, but forwarding mail that isn't DKIM signed (and lots still isn't) is unlikely to be reliable, even if the sender hasn't explicitly said "p=reject".

@cks sadly, "you'll have to ask Google why they threw your mail away" is rarely the answer people are looking for 🙂

If you script identifying and firewalling #AI scrapers, you get graphs like these on your hosting servers.

@corbet @LWN in our experience you should prepare for thousands of distinct IPs.

It's our special offer for the last Friday in November. Today you can buy any of our internet services for the same price we charged yesterday, and the same price we will charge tomorrow. https://www.mythic-beasts.com/

We went to the #IPv6 council meeting in the UK. In a change from previous years there was a lot from networks which mostly run IPv6 with IPv4 now increasingly being a legacy compatibility option. https://www.mythic-beasts.com/blog/2024/11/26/ipv6-networking-in-the-uk/

Another large language model scraper blocked. This graph is from a site which runs a tool generating answers for people doing important research work. The AI scraper sent hundreds of thousands of lookup requests evading rate limits by using about a thousand IPs and pinned multiple webservers at 100% CPU (graph from one attached). This is a massive waste of electricity to train a hallucination machine.

@alyx we have lots that only have IPv6 address on the server itself, but use NAT64 to get out to IPv4 only instances, and a https proxy inbound so v4 only instances can federate with us. We salute your purism!

MastodonEngineering - @MastodonEngineering

>We just released important security patches for version 4.2..

That changed some of our priorities for the afternoon. We now have a lot of copies of mastodon4.2.6 running.

Always happy to manage more mastodons on behalf of people who are bored of applying updates. sales@mythic-beasts.com

Upgrading to 4.0.2 of mastodon significantly dropped memory consumption on our @Raspberry_Pi 4 running the instance. CPU seems slightly down too.