What's next after v25.6?

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

As for the v25.7 release, currently working on the announcements.

I wish I wasn't constantly interrupted by stupid bots. Sigh.

lubierzca · **Joined:** Fri Jun 28, 2024 7:27 am **Posts:** 32

winstep wrote:

As for the v25.7 release, currently working on the announcements.

Hi, I wonder if system tray icons be available in Nexus free version? BTW I'm not sure if I get how the tray customization works, does it actually work at all?

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

lubierzca wrote:

Hi, I wonder if system tray icons be available in Nexus free version?

Yes.

lubierzca wrote:

BTW I'm not sure if I get how the tray customization works, does it actually work at all?

It doesn't anymore if you are running on Windows 11 22H2 and above. Still works on Windows 10.

nexter · **Posted:** Tue Jul 29, 2025 1:09 am

winstep wrote:

nexter wrote:

Plus of course a further factor is having a Windows server - with a Linux one it would have been highly unlikely the bots could get through to the board in the first place.

Doubt that. First you cannot distinguish the bots from normal users, unlike in the first wave of attack their IPs are from all over the world and their user agent strings randomized. So there is nothing to ban at the firewall level.

Apart from the standard Linux server stuff like firewall etc., there are more extensive specialist security apps - mainly custom written - available for server. For example, my friend's business now has two servers, one just their local one mainly serving their office and employees when in the field, but also with (limited) access for some select clients, and the main, off-premises internet facing server. Both running on Ubuntu Server, but with a bunch of additional security software. The tech people once a year hire an 'ethical hacker' team to try and attack in all sorts of ways, but so far they've never found any weaknesses yet on either server.

winstep wrote:

Second, I already rate limited the server and that didn't solve the problem, so you can't identify them by how fast they make requests either. The people behind these bots are not stupid.

But then again neither am I.

No, most certainly not!

winstep wrote:

So what I did today when they came back was to actually limit the number of concurrent guests on the board to 100. If more than 100 guests are on the board, new guests are not allowed to create a new session (which is what was maxing out the MySQL server even when/if the board was disabled).

In case the guest is actually a real user, a message is also displayed that the board is currently not accepting guests due to security reasons and to please come back later.

Doing it this way has several advantages: first the CPU does not get pegged at 100% nor anywhere near due to MySQL getting bogged dow.

Second the board remains available and fully functional, if it slows down it is not even noticeable.

Third, new legit guest users cannot access that board until the bot cloud decides to leave, true, but logged in users (those who have the "Log me on automatically" setting enabled) should still be able to access the board (I still have to test this though, as I already had an active session when the bot cloud joined in today). Any guests that were already browsing the board BEFORE the bot cloud joined in, also continue to have access.

Finally, once the bots go away (and so far their pattern seems to be to attack the board at around 4-5 PM GMT and leave a few hours later) guest access is automatically restored without the need for manual intervention.

Doesn't fully solve the problem but it sure mitigates it.

Yep, limiting the guest numbers sure should do the trick.

And we'd never normally see 100 genuine guests this time of year. Bound substantially to mitigate the problem for now.

nexter · **Posted:** Tue Jul 29, 2025 1:15 am

winstep wrote:

lubierzca wrote:

Hi, I wonder if system tray icons be available in Nexus free version?

Yes.

lubierzca wrote:

BTW I'm not sure if I get how the tray customization works, does it actually work at all?

It doesn't anymore if you are running on Windows 11 22H2 and above. Still works on Windows 10.

Most things work fine on Win 10 - Win 11 was specially designed to get users to bugger off to Linux!

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

And apparently a lot of them are!

Anyway, release was delayed a bit because of a crashing problem with the menus... hairy one to solve but those are now rock solid. So on to the release...

In the mean time the bots are here again, but you wouldn't know judging how the forum feels (light as a feather). The question is, can you guys connect during a bot storm? You should be able to just the way I am, provided "keep me logged in" is enabled.

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

Everything ready, just waiting for the bots to go away... sigh. :roll:

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

Got tired of waiting. v25.7 is out.

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

Bots don't seem to want to leave this time. Now that the release is out I can start to focus on solving this situation - tomorrow I will start banning their IPs at the firewall level, even if I have to do it one by one (I won't, I'll just run a script).

nexter · **Posted:** Wed Jul 30, 2025 3:49 am

winstep wrote:

And apparently a lot of them are!

Indeed they are!

It's good to see so many newbs coming to Ubuntu (followed by to Fedora and Mint) as refugees from Win 11.

winstep wrote:

Anyway, release was delayed a bit because of a crashing problem with the menus... hairy one to solve but those are now rock solid. So on to the release...

In the mean time the bots are here again, but you wouldn't know judging how the forum feels (light as a feather). The question is, can you guys connect during a bot storm? You should be able to just the way I am, provided "keep me logged in" is enabled.

And a good few back right now - 500+ guests.

Hoping to get 25.7 tomorrow, won't be able to get into Windoze today.

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

nexter wrote:

And a good few back right now - 500+ guests.

They never left this time, which is really bad as legit guest users (i.e. users who are not logged in with "remember me") cannot access the forums either.

And it's not 500, there are thousands of them like before... what is happening is that I am not allowing more than 100 concurrent guest sessions per minute, so as some end their session, others finally manage to get through. The forum counts the total number of sessions in the last 5 minutes, which is why you see more than 100.

A guest user can eventually get through if they keep pressing F5 in their browser, and once they get a connection they will be able to browse the forums without interruptions. The problem is getting in that first time.

winstep · **Joined:** Thu Feb 26, 2004 8:30 pm **Posts:** 12384

Had to update the limit to 800 or no guest would be able to acess the forums today. As long as the server can handle the load, we are ok. Let's see what happens when the bulk of the bot cloud comes later during the day.

Winstep

Software Technologies

Winstep Forums

What's next after v25.6?