Occassional 403s, possibly fixed?

[mark]

Hi all,

We've been hearing of some 403s that people have been seeing for the past few days, off and on. I haven't personally seen them so it's been a bit troublesome to figure out, but I think I understand what was happening and I've deployed a fix.

It looks like a disagreement between two parts of our system that are designed to protect us against "suspicious" IPs (i.e., IP addresses that seem to generate bot traffic or other types of abuse). The system somehow started to believe that one of our own proxy IPs was bad, but only some of the time?

Anyway, I've adjusted the order of rules to ensure that we always consider our own proxies to be good, which is probably what we want here. Please let us know if you keep seeing 403s.

Thanks, and, sorry for the trouble!

Comments

[anais_pf]

Can you do anything on your end about failures to cross-post to LiveJournal, or is that somehow all on LiveJournal's end?

[falkner]

That's on LJ's end, they routinely block DW from cross-posting, and have to manually unblock them, which they aren't generally in a rush to do.

[kengr]

From the error messages I'm seeing, I suspect part of the problem is that some folks either haven't done the required update to their LJ password, or they did that but didn't update their LJ login info on DW.

Either way, that generates invalid password errors, and those cause lockout. Not just for them, but *all* of us still crossposting to LJ.

Not sure what the best solution is, but one *definite* (but ugly) fix would be to require everyone to re-enter their LJ login info. Finding a more selective way would be better but likely *really* hard to implement.

[judo100]

I updated my LJ password on both ends, but it still won't cross post from DW. Is there another fix for this?

[sporky_rat]

Not unless LJ unblocks us again, no.

[kengr]

I think DW uses the same IP address for *all* crossposts. So if *anybody* didn't update their password the crosspost login failures for *them* count against the rest of us.

[archersangel]

i opened a support ticket on that & got this;
In order to continue crossposting, you'll need to change the password on the crosspost account you've set up on Dreamwidth so that it matches your current LiveJournal password.

To change the password on your crosspost account, go to https://www.dreamwidth.org/manage/settings/?cat=othersites and hit the Details link on the LiveJournal crosspost account you've configured. On the following page, enter your new, current LiveJournal password in the box marked "Password", then hit "Update".

[andrewducker]

Alternatively, parse the error that comes back, and if it's the "password is wrong" error then don't allow any more crossposting until the password is updated.

[tinny]

For *that* person only.

I think DW needs to do something here, and I think this is a good approach.

Because obviously LJ is not willing to help, and in the long run this is going to lead to me stopping crossposting altogether. Which is probably what LJ wants, but is it what DW wants?

It's not what I as a DW user want, anyway.

[andrewducker]

Oh absolutely, for that person.

That way each person will only trigger it once.

Which is probably "good neighbor" behaviour from Dreamwidth in any case.

[anais_pf]

Thanks!

[jinkyo]

Thank you for the 403 fix!!

[bellamagic]

Appreciate the technical updates! Refreshing to see a site that lets folks know what's going on.

[veritas_poet]

Yes, that's what I appreciate about DW!

[kore]

Thank you for AS ALWAYS being so timely and transparent in responding to issues, and always keeping us in the loop. I love Dreamwidth <3

[picterman]

А кирилиця у відповідях так і не працює.
Як і вікно "Rich Text" в меню Posts.

[sporky_rat]

Hi, the RTE is Extremely old and breaks in weird ways. If you try the Beta Create Entries page and have the same issue, please submit a support request.

[peoriapeoriawhereart]

"Aw, hands, no"

Thanks for figuring out that might be the issue and realizing a tweak could reasonably be made. fingers crossed that the diagnosis is accurate.

[ecreet]

I got that bug yesterday and it was resolved when I deleted all cookies from *.dreamwidth.org. The most troublesome part was that everything I googled about "dreamwidth" and "403", as well as any support/ticket options, was hosted on dreamwidth, so I could access none of that. So it looks like once the system decides you are a bot, there is no way to reach out to someone to tell them you aren't.

[alexseanchai]

Not true: you could email support@dreamwidth.org and the official Dreamwidth Twitter bio says as much 😺

[20_00]

Hello! The problem arose again. As far as I can see, the 403 error occurs for any personal blog or community from US IPs ONLY. If I use a European proxy server everything is OK.

[20_00]

Problem persists for all blogs when connecting via TOR browser or american VPNs -- error 403.

I live in a country where Dream is blocked by government censorship. I cannot use direct connection. Please, is there anything you can do about this?

[mapsedge]

I haven't personally seen them

Gods, that's the worst for us programmer types. Thanks for the efforts- rest assured, we'll keep you updated :)