177
linuxxx
6y

So someone is constantly ddos'ing the privacy/security blog.

Just wondering if they really think that 500 hits a second will bring the site down?!

500 h/s consumes about 0.1 percent CPU and 1mb/s.

At least give me a challenge 😥

Comments
  • 19
    Ddos as in ddos or just a Slow-Loris attack?
  • 10
    @olback Seems to be multiple ip's but it's not really effective haha
  • 2
    xeon or i7? nginx rate limited?
  • 6
    @JoshBent Idk, vps and don't know the hardware specifics.

    Nope, just CSF but it doesn't even have to block anything yet....
  • 3
    @ribchinski Yeah...uh...what's the link? 😅😈
  • 4
    Loic via an AWS ec2 swarm. Will try harder. Needs something more sophisticated it seems.
  • 2
    Has someone already tried RUDY?
  • 3
    @SZenC will look into this
  • 4
    @windlessuser it's essentially sending a long post body at a ridiculously slow speed in the hopes of filling up memory.
  • 3
  • 13
    Who bothers with 500h/s?
    What do they expect it to be running on, a brick?

    Did I see a challenge request @linuxxx ?
  • 2
    @C0D4 let’s combine forces
  • 17
    @linuxxx reading the comments - I think you're soon going to get hit by some mirai IOT botnet ddos, if you keep asking for it 😆
  • 5
    Yawn.
  • 9
    I might know someone who could help you with this... https://devrant.com/rants/1047285/
  • 2
  • 4
    @Byomeer maybe @fozeze2 can lend a helping hand 😂
  • 26
    That's not a DDoS, that's just me refreshing again waiting for some content to appear. :P
  • 6
    It sounds more like someone with a proxy list, trying to fill your visit counter.
    #90sWebTactics
  • 5
    @Noob Nope, the web hit counter doesn't increase :)
  • 4
    @Synth-Synapses It generates big amounts of traffic, multiple ip's and it seems like it's a SYN flood :)
  • 4
    Serve up a redirect for those IPs to zombo.
  • 2
    Is the user agent different on each attack?
  • 3
    @bahua It's not an HTTP attack, it seems to be SYN flooding. For some reason my firewall isn't blocking them, gotta investigate why haha
  • 2
    too lazy to read all comments, but how do you protect your self from this thing? I installed fail2ban for ssh attempts but for ddos?
  • 3
    @gitpush Tbh right now the firewall isn't even having a hard time but it'd be good if it started to block this haha
  • 3
    @gitpush DdoS - CSF for me :)
  • 3
    @linuxxx Great, will check it out thanks man, found an article for this :D
  • 4
    Rule no. 1 on the internet: don't feed the troll
  • 1
    Never smart to make a change out of it especially here!

    Cashing and nginx help stave off almost all attacks here.
  • 1
    @olback
    Slow-loris in nginx? ;)
  • 1
    @Linux No, Ngingx is not affected but you still can see the requests.
  • 2
    @olback
    Then the attacker is not someone who knows anything
  • 2
    @gitpush please link the article?
  • 3
    Wait, are you not using hosting?
  • 0
    Just commenting to keep up to date. I have a feeling this might get interesting ☺ btw where does one find a link to the blog?
  • 2
    @bahua
    That thought hit me too lol
  • 1
    Hmm, thats anoying
  • 1
    THEY are after you.
  • 2
  • 2
    Use loader.io to see if you can get it down
  • 2
    @bahua now that you mention it @linuxxx are you sure you're not going to get mad sysadmins from your hosting company showing up at your doorstep, trying to ddos you with baseball bats or something? 😂
  • 3
    @JoshBent My current limit at the company I host the vps is 100 mbit/s. Even with 65K+ connections I don't even get above 5mbs. Also, my host has network level ddos protection so I should be fine for now :P
  • 0
    @linuxxx then still, just maybe don't stress the idea of ddosing them too much, they might not like it 😄 also what kind of ddos protection do they have, most hosts really just nullroute you if it reaches a specific threshold, which in return would cut you off until resolved.
  • 0
    yet i dont have much experience in IT safety and so on. yeah i know.. i have to know that... but anyways how do you go against this shit?
  • 3
    @jakobev many will probably jump on a fence, but the easiest often is something like cloudflare, since if its an actual dedicated ddos, there is mostly nothing you alone can do (especially layer7-mass), because if a request reaches you, its already game over, so you would need some actual hardware or protection from your server host or location you host it in, to handle that, BEFORE it reaches anything your resources. Theres configurations you can do to prevent basic things, but as said, won't protect you against dedicated DDOS.
  • 2
    @linuxxx I'll tag you, so you could correct me if I am wrong in my last reply.
  • 5
    @JoshBent Something like cloudflare is good indeed only there's one problem. Cloudflare strips off secure connections at its own level. Meaning that they could pretty much see anything coming through.

    Next to that, good software based firewalls could, when configured correctly, fend off big ass attacks. It depends on the resources of the server a lot.
  • 3
    @linuxxx that's true, but thats with any ssl frontend or else it wouldn't work to redirect it to your server. I still have to encounter a server though that is affordable, that could handle massive ddos, with only software (please do enlighten me if I am wrong), especially if somebody is dedicated enough or your hoster just fucks you up by nullrouting it all - until it pauses, basically bringing you down themselves. Those kids usually just pay some stresstester or booter, which are becoming more and more powerful it seems, so most software solutions really don't help imho.
  • 2
    @JoshBent Very very heavy DdoS attacks probably can't be bend off indeed, it also depends on the Mbps allowed.
  • 0
    Sounds more like a half hearted DoS than a DDoS lol
  • 1
    Cloudflare!
  • 0
    It reminds me the time when I tried to DDOS a minecraft server where I got banned when I was twelve and all I got was getting my box to reboot 😂
Add Comment