Kategorie: Behind the scenes

Some Email server run by Docomo and KDDI Japan seem to reject a ton of spam from a Brazilian botnet that uses us as a faked sender address…
This slowly started in April but has massively increased in volume this month.

Background

Emails claiming to be from us must be signed with a secret, cryptographic key that only we have. The corresponding public key can be found in our domain name entry. So every email server can check that an email it receives is actually from us. (This is called DKIM.)
In addition we also list the IP addresses of all email servers that are allowed to send email with us as a claimed sender. (This is called SPF.)

How do we know all this?

These are summary reports sent back to us from email servers that get our emails.
(This is a mechanism called DMARC.)
Red means it checked a signature and found it missing or invalid.

The reports do contain the IP-address and hostname of the email-server trying to send.
Most of them are dynamic IP addresses of DSL customers in Brazil
So it’s a fair bet that some botnet is trying to send spam with us as a faked sender.

Looks like tonight 2:54 the fuse in the room where we have the NAS with all company data blew.
At 3:05 it reported 44min of runtime.
At 3:51 the battery was low and the NAS was shut down properly.
We came in early at 7:35 and are currently checking the situation…

We are experiencing unusually high traffic and the reason seems to be ChatGPT trying to scrape the YiffyToys shop with all it’s filtering functionalities for multiple days now.

This also causes the cache of rendered pages to regularly overflow it’s quote and be automatically flushed.

We are investigating options for rate-limiting bot traffic.

Update

Most of the traffic (over 40Gb in a day) was caused be ChatGPT training it’s „AI“.
In total 2/3 of all web traffic came from bots.
We have blocked all the „AI“ training crawlers we could find and some „SEO optimisation“ bots that serve no purpose other then to waste bandwidth.
We have also rate-limited search engine crawlers.

The legitimate crawlers now get 4 sitemaps that are generated every day.
They list the last modification date of all listed pages, so crawlers don’t need to revisit them.
They prevent bots from getting lost in dynamic navigation.
(e.g. the extensive filtering options we offer, so you find the toys you want in our vast offering)
The sitemaps also only include the primary image of each product.

For historical reason the old „colour“ attribute had two values for black.
„pitch black“ and „black“.
We have gone through hundreds of old products to convert all old „pitch black“ products to „black“ now and deleted the old value from the selection.

With so many products, house keeping in a shop like ours becomes a lot of work.

As every year, we are required to license the packaging material for 2025 and report on 2024.

The System

A boring task but this is how the „free“ yellow recycling bags in Germany are paid for and what makes the blue paper-bins so „cheap“. The businesses that buy or import packaging material pay for it. So the people who can make a change have an incentive to do so.
Being in Germany however, this means doing all of that twice. With the agency we pay for recycling and identical reports with the government agency.

Fees

Since we have so little material to recycle, we always pay the minimum fee and get way, way more then is actually needed. Especially since almost all our material is easy to recycle cardboard (that usually comes out of recycling already).
So we never run the risk of licensing too little cardboard boxes and plastic bags.
These reports are made in tonnes. Not Kilograms.

Statistics

In the early years, we had very conservative estimates based on the packaging material we purchased.
Nowadays we have some statistics to calculate these numbers from the actual orders placed throughout the year.

2024 we used 25% LESS cardboard/paper and plastic bags then the year before.
For 2025 we have licenced more then the most busy year in our statistics. Just to be on the save side.

First of all: Paypal and SEPA bank transfers in the EU work just fine.

Due to ongoing issues with cancelled credit card payments due to „The customer returned from Stripe and changed the cart details.“,
we have now switched from redirecting to a payment page hosted by Stripe to having the credit card payment embedded.

So far Stripe support can’t see anything wrong on their side and we don’t see anything out of the ordinary on our side. So let’s hope this randomly solves the elusive issue.

Christmas is over and so is the DHL „peak-surcharge“.
The BREXIT surcharge ends too.
Just the CO2 surcharge has increased slightly from 0.18 to 0.19€/Kg .

We have just entered the new prices into the YiffyToys shop system.

First: Paypal works fine.

Two different customer seem to have had issues with credit card payments.
We are currently checking out a new payment-module by our credit-card processor in our test-shop.
If it works, we can install it on the live shop later.

It seems that the page-cache of the shop overflowed it’s storage capacity during the night.
So the shop stopped serving pages and everyone got an error message.

We have cleared the cache and installed an hourly warning if this is about to happen again.

Sorry