Realm667 repository download access denied

[printz]

Since last night, downloading resources from the realm667.com repositories (Beastiary, Armory et al.) is being denied to visitors.

Is this a planned downtime or a glitch?

Has anyone made backups or even mirrors (complete with credits and descriptions) of the resources from realm667 in case this is going to take longer?

[Tormentor667]

As I noticed a lot of traffic from 3rd party pages that directly linked content from the Realm667, I changed the system. You have to be registered and logged in to access the resources from now, nothing too unusual

[Rachael]

Well that's one way to make the system completely user-unfriendly and unappealing.

If you're getting overwhelmed with traffic, a better solution would be to offload some of the bandwidth to third-party mirrors, instead.

[Kinsie]

Well that's one way to make the system completely user-unfriendly and unappealing.

If you're getting overwhelmed with traffic, a better solution would be to offload some of the bandwidth to third-party mirrors, instead.

Or modifying the .htaccess to only allow access to those files/folders from R667 referrers and redirect other requests to shock images an error page. There're a lot of trivial ways to prevent hotlinking that don't suck for users!

[Rachael]

Requiring an account just to download content is one of the single greatest sins that a website can commit, in my opinion - and I see a lot of websites do it. That sin is even far greater than switching to a massively media-heavy Twitter-Bootstrap clone with full HD videos playing in the background and buttons that are flat, uncreative, and pretty much look like moving box labels.

You just gave a massively legitimate excuse to anyone who wants to start their own version of a repository - some people are going to want an alternative to what's available now, with such a restriction.

Granted I have an account so it doesn't affect me as much but still - when I see other websites do this - I really get massively pissed off. I would be way more pissed off if I didn't have an account already by now.

[KynikossDragonn]

Or modifying the .htaccess to only allow access to those files/folders from R667 referrers

HTTP Referral can always be spoofed. I use such spoofs all the time for various sites, I even go as far as to spoof the entire HTTP User Agent string in extreme instances.

Honestly I think limiting bandwidth is a better option, maybe also have properly functioning network congestion mitigations on the server side. (But, I mean I would HOPE all professional webhosts know how to properly configure qdiscs on network interfaces in the first place)

When I used to self-host my own website I had a 32kbps bandwidth limit that worked really well.

[Kinsie]

HTTP Referral can always be spoofed. I use such spoofs all the time for various sites, I even go as far as to spoof the entire HTTP User Agent string in extreme instances.

I suspect that you are not the norm, and that this simple measure will mostly stop Torm's gripe of doom-mods-and-tractor-equipment.ru hotlinking directly to the files and pumping up his bandwidth bill.

[BouncyTEM]

As I noticed a lot of traffic from 3rd party pages that directly linked content from the Realm667, I changed the system. You have to be registered and logged in to access the resources from now, nothing too unusual

I would like to note that I strongly oppose this idea as it's implemented presently - it goes against the core tenet of why I contributed resources to R667's repository in the first place. I wanted those files to be open access to anyone interested; I do not feel it is right, nor fair, for them to be forced to make an account to grab them. I do understand you host the site and pay its bills, but this is not the solution, IMO. I'm inclined to agree with everything Rachael said here.

Additionally, your account recovery links are broken with captchas that don't appear, at least on chrome and firefox. If you're going to force accounts for people to grab stuff, at least ensure they can.

[Dynamo]

I can only join in the dismay at this choice. The reason given for this sudden change also seems incredibly suspect given recent events, and I would have to try really hard not to see this as knee jerk reaction to what happened over the past few days.

I personally hope this gets reverted at once.

[Tormentor667]

I am currently looking for different ways to prevent hotlinking from other sources (the component, i am working with seems to have a good solution for that), just give me some time for a proper implementation. I wasn't considering a free registration as such a big deal honestly but it's not a "must have" to me. It was just an easy way fo prevent hotlinking.

[SanyaWaffles]

This is an abysmal way of handling things and I'm skeptical of the intent, especially since the recovery links and the captchas don't work.

Forcing me to create an account for basic site functionality for something as minor as downloading stuff is not cool. The next logical step is only people who have an account can view the site... so many sites, even sites I like, do this and it's a grave sin in web design and architecture.

I echo everyone else's statements.

[Rachael]

I wasn't considering a free registration as such a big deal honestly

I know you meant no harm, but ... there is simply no possible way for me to overstate or even exaggerate how massive of a problem this is on the internet.

Every single site and its grandmother wants your password, and then you are always told "never use the same password for two sites" - and yet then you are told "don't use password managers/safes" - and yet then you are told "passwords must be at least 12/16/whatever characters in length" - and even worse there are some sites that limit the number of characters you can use in your password.

Let's not forget the time when Facebook was storing everyone's password in their database as plaintext...

There's a whole cottage industry of password saver programs, and the fact that it is considered an essential feature of modern web browsers also says a lot.

This is an internet scourge. As I said I simply cannot exaggerate how massive of a problem it is. This is part of why most of DRD Team allows you to post without an account, why I even allow guest posting in most of the regular ZDoom subforums. It's beyond senseless, and that is why it upsets me so much that R667 went this route. Trust me it's nothing personal that I am on you about this - every site that presents me with a login prompt upsets me, because it is a waste of my time and resources to require me to create yet another account that I am unlikely to ever use.

[printz]

This is an internet scourge.

Sadly, the armies of spammers and spam bots are also a scourge, though at least what sites try against that is more captcha, than just log-in gating. Maybe Tormentor667 may also implement captcha per repeated download? That's what most sites do to defend against bots.

Yet even with captcha, it often ends up that we have tougher and tougher anti-robot measures, and practically 1/3 of the world IP blocked (I got this stuff when I asked about the Doom wiki, take it as third-mouth info though).

[inkoalawetrust]

This is probably the worst and dumbest decision that could've been made, as a way to slow down the amount of new traffic on Realm667.

Like BouncyTEM said, what is even the point of having a repository that is meant to be usable and accesible to everyone, if it is NOT, and you NEED to make an account on the site for something even as simple as downloading a damn resource from the site ? Why not instead use a reCAPTCHA that needs to be completed for the user to be able to download a resource. That way the influx of traffic from bots or whatever could be halted without going against the point for the repository even existing.

I and BouncyTEM submitted those resources to Realm667 because we expect people to be able to actually use them for their maps and/or mods, and so more people can be exposed and made aware of those resources. But if you keep this restriction around, then what is the point of anyone even submitting resources to the submissions forum for them to be added to repository, if people have to make a useless account to even be able to access those resources. I don't see why I shouldn't instead make a thread here on the forum where I put all of the resources (Like the tank I submitted on R667.) I've made, for others to use and access.

Nobody even has an actually active account on Realm667 besides me, Gothic and Blue Shadow, and you, Tormentor. Besides that there's only about 2 dozen new users that joined the site to ask for help with Blade of Agony which you recently released*, on the forum and the shoutbox, and half of them have not even responded back even after you or AFADoomer responded. This will basically do nothing but inconvenience anyone wanting to use the resources on the site, into making an account which they will never do anything with besides use it to access basic site functionality that should not require a registration in the first place.



*Congrats on that by the way, I'll try playing through more of the game when I have access to my IT labs' computers again.

[Tormentor667]

I do get your points, all fine and reasonable - it was just my first thought of restricting hotlinking (or actually the easiest change from my perspective). In the meantime I was able to prevent this in a different way. You can now download content again without login in. Problem solved.