COGDemos bugs/requests

Randomly when I return to a tab that has a game open and it decides to refresh.

If you got that right before you posted it, it was likely because I restarted php-fpm. I was making a change to up the workers because they were hitting the ceiling again earlier today. Not like before (thankfully), but after some more digging, I see this has been going on for a while, just very intermittently. Maybe once or twice a week. It only came to a head when the bots decided to go into Terminator mode.

I sent the dev a bunch of info on this, along with proof that the issue is with the load being too heavy on PHP.

No, that particular one was 19:53 UTC+2 DST (so… four hours prior? Something like that). I’ve had two or three of them last twelve hours and I think one or two the day before, but I’m not sure.

It looks like the Views counters aren’t being updated. The top two demos are still showing 0 Views, and I can’t believe they haven’t been opened once.

That’s intentional. That was one reason the bots were killing the site–every game they hit was hitting the db to register the view, and 7k “views” in 10 minutes was not only killing PHP, but was causing deadlocks in the database as well. Since it’s behind cloudflare now, I can probably enable them again. I’ll try that and see what happens.

I enabled view counting again, as well as favorites. Hopefully it won’t blow up.

Also, the dev is working on changing the back end so the app will be able to handle extreme traffic without going berserk. It will likely take a couple of days to get done. Once he does that, I will probably turn off Cloudflare’s management of the /play path. and just handle the bots through Apache. I added a crapton of entries, though I’m still seeing a lot of weird random searches (crawlers).

Edit:
I switched some things up on Cloudflare (thanks @JoshiYinmith for the link), so there shouldn’t be challenges on playing a game unless it thinks you’re a bot, in which case, you’ll get a challenge. That should ease up the annoyance for everyone.

Should look the behaviour of those bots. If they don’t hit the /play that mean its for the views and if they hit in games that more serious.

The best solution is to chalenge everything with captcha. Deny every connections if the captcha isn’t true.

For the choice of captcha that the fun of it (for the devs) making an easy captcha for humain is so simple. Bots are gonna left in the dust. And people behind those bots will have to change those bot when they figure out how to beat one captcha. That when if it a custom one you can change it to another quickly and mess up those bots. This can continue for a while but each time those with the bot will have to work, meanning the website will have a lot of uptime. And the bot owners will leave the website alone.

And for the story of security this one is the best, i still laugh looking at this event. Global security is just a joke :

• https:/en.wikipedia.org/wiki/2024_CrowdStrike-related_IT_outages

if a fail is found in cloudflare all that connected to it will fail even more. With those bots…Humm, with those automate scripts is even easy to get it the milisec when a breach is found.

Local security is more tasking but more rewarding in the long run. Those bots will have to invest if they want to hit a local security. And they don’t want that.

By the way good job the cogdemos seem to work fine.

CoGDemos shows old version. 2025 07. @EvilChani

Hi @EvilChani ,

I hope you’re doing okay after the recent coordinated bot attack and server hammering. First of all, thank you so much for everything you do for the Choice of Games and Hosted Games community. CoGDemos has become an essential platform for us, especially since Dashingdon closed, and I know you’re carrying a massive load almost single-handedly. Your hard work is truly appreciated by so many writers and readers.

It’s incredibly frustrating that people would target a free hobby site that brings joy to so many. I really hope things have calmed down and that you can get some well-deserved rest.

While the immediate crisis seems under control, I wanted to offer some practical suggestions from the community that might help strengthen the site against future attacks and make maintenance easier. These are just ideas — please feel free to use whatever fits or ignore the rest:

1. DDoS Protection with Cloudflare
   Implementing Cloudflare (free tier is very effective) could make a huge difference. It offers Bot Fight Mode, automatic rate limiting, Turnstile CAPTCHA for suspicious traffic, and a Web Application Firewall (WAF). Many small sites have successfully reduced hammering attacks this way without hurting real users.

2. More Granular Rate Limiting
   The current limits have been increased before, but behavior-based rules (e.g., limiting rapid favoriting, random game loads, or repeated play controller hits from the same IP/session) could stop bots more effectively while keeping normal browsing smooth.

3. Community Support Fund
   Would you consider setting up a Patreon, Ko-fi, or a simple donation page for server costs and security tools? A lot of us would happily contribute small monthly amounts to help cover hosting, Cloudflare Pro (if needed), and give you some breathing room.

4. Static Mirror / Backup Site
   A lightweight static mirror (game list + direct links) hosted on a different cheap service (like GitHub Pages, Vercel, or Netlify) could serve as a safety net. If the main site gets hammered again, people could at least browse available demos.

5. Enhanced Security & Monitoring

   • Regular security scans and keeping PHP/server software up to date.
   • Basic logging and traffic monitoring tools to spot attack patterns early.
   • Fail2Ban or similar tools to auto-ban repeated offenders.

6. Additional Features the Community Has Requested

   • Support for .ogg audio files in games (much smaller than .wav and widely used in ChoiceScript).
   • Better mobile optimization or dark mode if feasible.
   • Option to hide or filter mature/explicit games more easily.

7. Volunteer Assistance
   I’m sure many people would be willing to help with:

   • Light moderation (spam, duplicate reports, favoriting cleanup)
   • Bug testing and feedback
   • Small coding tasks (if you’re open to pull requests on GitHub)
   • Translating help texts or improving documentation

Please don’t feel any pressure to implement these — they’re offered with gratitude and respect for the huge amount of work you already do. The most important thing is that you take care of yourself too.

Thank you again for keeping CoGDemos alive and for all your dedication. The entire community stands behind you.

Best regards,

Cloudflare verification seems to be taking forever or in a loading loop. Nvm it works now just had to refresh my tab. Thanks for keeping this wonderful site alive despite the issues.

I’d like to echo this. I’m sure many feel the same even if they haven’t had a moment to express it yet (and many others would feel the same if they knew what goes on behind the scenes). I know I was surprised to find that CoG wasn’t actually involved in CoGDemos. It seems like such an essential, valuable feature. While I’m not personally in a position to help with much, I do think it’s a great idea to open things up for support (financial or otherwise) from the community.

I can’t help financially but can help other ways. Feedbac, tecnic support, testing anything except financial right now. İn the future can change. @hellanikthi @EvilChani

Getting the Cloudflare verification loop again. @EvilChani I even attempted reloading like before but it’s done nothing this time. Seems to be a specific Cloudflare issue atm. Seems like it got fixed purely a Cloudflare issue.

Getting a “cogdemos.ink’s server IP address could not be found.” error this morning, which seems distinct from the Cloudflare error messages.

Are you still getting this? I’ve tried to reproduce, but the only time I get the Cloudflare message is when I hit the main site the first time or after a few hours.

Yes, that has nothing to do with cloudlfare. That’s usually a DNS issue. Are you still having it?

Sorry for the radio silence, everyone. The kitchen renovation and carpet install left the house in a huge mess and we still haven’t found everything (the contractors just moved stuff around wherever they wanted). Finally getting some sanity back to the house, but work is also a nightmare for the past few weeks, so I’ve had little time. The dev put in a code change that should speed things up and prevent issues like we had before I put the site behind cloudflare, I just need to test it. I’ll do it locally first, then stick it up on moody for others to test before pulling to cogdemos.

Thanks for your patience!

Things are working again @EvilChani

Hi there! First of all, this is a wonderful tool you’ve made! Thank you sincerely for this. I have one small bugbear, though.

Is there any reason why the website forces all titles to be lower case? I can sort of understand it aesthetically–it creates the feeling of a low-pressure, fan-driven site rather than anything too professional, which is also undoubtedly helpful for avoiding confusion with official CoG sties–but I’m a little sad that this choice has been taken away from creators when it comes to titles. I am thinking about putting up a demo for my game in progress, but this kind of lower case title really doesn’t suit the current project, which takes itself fairly seriously and is quite moody, for lack of a better word. I just can’t get over how silly and unserious my title reads when written like a text message.

It’s a small thing, granted, and isn’t likely to prevent me from using the site, but I thought I’d ask anyway, if only to hear your rationale!