One of the main instances of Lemmy (lemmy.ml) is blocking ‘kbinbot’ user agent requests on their instance. Basically, they are blocking kbin instances. This is not a bug, but on purpose.
I couldn’t find anything related in their source-code, so this is block is only present on lemmy.ml (or maybe some other Lemmy instances).
This is causing quite a lot of federation issues with Kbin instances. Resulting in various failed messages (from the messenger handler).
$ curl -I --user-agent "kbinbot" https://lemmy.ml
HTTP/2 403
server: nginx
date: Wed, 28 Jun 2023 18:35:27 GMT
content-type: text/html
content-length: 146
vary: Accept-Encoding
$ curl -I --user-agent "notkbin" https://lemmy.ml
HTTP/2 200
server: nginx
date: Wed, 28 Jun 2023 18:35:42 GMT
content-type: text/html; charset=utf-8
content-length: 163388
vary: Accept-Encoding
x-powered-by: Express
content-security-policy: default-src 'self'; manifest-src *; connect-src *; img-src * data:; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; form-action 'self'; base-uri 'self'; frame-src *; media-src *
etag: W/"27e3c-LCqXylkqSkDOy3K+3w2TijtMn14"
strict-transport-security: max-age=63072000
referrer-policy: same-origin
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block
Conversation about this on lemmy.ml: https://lemmy.ml/post/1563840
Something something compatibility issues. Hope they get things fixed because it initially sounded like censorship
The linked discussion sounds like nobody knows for sure since the admins are keeping quiet. Which is weird.
The silence from Lemmy developers on this is damning. If this was an accident (i.e. lumping “kbinbot” in with a blanket block of other user agents), it would have been a two second fix. Even more damning is that common agents that are being used for bot attacks, as discussed in the Lemmy matrix, are not blocked. For example:
curl -i --user-agent "python-requests/1.2.3" https://lemmy.ml/Works fine.
