I found the same IPs doing the same thing for my server, but one thing I noticed in the access log was that nginx was returning a 499 status code. That code means that the client closed the connection before the server answered the request. So this seems to be a deliberate attack instead of the rash of bots many have been dealing with recently. They just firehose out requests to DoS the server since pagination on services with dynamic data is expensive.

I ended up creating a fail2ban rule to add any IP to my firewall blocklist that makes a bunch of 499 entries.

Edit: I also set a rate limit in nginx for any url that has a “page” query included

If you’re using linux then check if quilt is available for your distro, it’s made specifically to maintain patches on top of a codbase you don’t control: https://wiki.debian.org/UsingQuilt

One more try. I sure hope you don’t have notifications enabled for all replies…
Edit: well now I’m stumped

UTC now. Am I still the ghost of federation’s past?
Edit: seems so?

I had it set to localtime instead of UTC, which for me is -5 hours. Caused me a bit of grief earlier today after making a new post that started out already five hours old!

It seems like a real pickle though. What if I set my time to a year in the future and make a post? Would that post stay at the top of new all year? I guess lemmy should use the received date rather than what is sent but that could be problematic when things are bogged down or having federation issues.

@danQuix0te sorry, I shouldn’t have deleted my comment. Still trying to get the time thing sorted out.