CloudFlare check sucks

submitted by binaryblob from self.AskSaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]binaryblob[S] 8 insightful - 1 fun8 insightful - 0 fun9 insightful - 1 fun -  (8 children)

Thanks for the explanation. It makes sense that it is automated.

Can you see how big the attack is on your infrastructure (that is, how many requests you would have to handle per second (alternatively, more specific or different metrics like number of bytes per second or number of connections made per second) if it wasn't for CloudFlare)?

I am just wondering how big the hate is against this website.

I knew that the web was broken, but it's disappointing to see it in action.

[–]magnora7 20 insightful - 2 fun20 insightful - 1 fun21 insightful - 2 fun -  (7 children)

Saidit gets about a third of a million page load requests a month, and probably half of those are fraudulent (originating from malicious DDOS attacks). During a heavy attack day we might have 10x the page load requests of normal, during which probably 98% of the page requests are fraudulent. Cloudflare ensures (most of) those fraudulent connection attempts stop at cloudflare and don't hit our main server, which is how we're able to stay online.

We've been DDOS attacked multiple times daily for 5 years now. As a result we can never turn our DDOS protection off. So someone out there is setting aside resources on the regular to do this. For years.

I remember the day saidit opened to the public, before we had a registration captcha set up, someone used a script to register all the active usernames from the subreddits where I showed people saidit, and then they auto-registered thousands of usernames, and stole everyone's usernames who might've migrated. Just to frustrate migration and growth of this site. They did this literally hours after we opened the website, they had an automated script ready to go.

This place has been under nonstop attack since day 1, via every method possible from hardware attacks to social engineering, it has honestly surprised me how bad it's been over the last 5 years, I would've never guessed it was this bad. Whoever these groups are, they really don't want forums like saidit to exist.

[–]Maniak 10 insightful - 1 fun10 insightful - 0 fun11 insightful - 1 fun -  (6 children)

Well there goes the hypothesis that WotB was fine here (for now) because SaidIt was too small for the 'powers-that-be' to attack it.

It seems like the ones who've been going after you for all this time are a different group than those who have been attacking the Reddit version of WotB for pretty much the same timespan, but those were on the content-side, not attacking the infrastructure (since Reddit... well... yeah, that's a much bigger investment to bring that down, outside of starting a blackout which does it for free apparently).

On one hand I'd love for there to be a page showing the amount of attacks every day, just as a reminder of what's being thrown at any remaining places that allow people to express anything, but this would also motivate the 12-year-old-Kevins out there to participate in it even more.

Though we're way past the point of a few kids using their parents' credit cards to pay for a DDOS bot somewhere just because they were told that Mercy is useless and D.va is for virgins. (sorry, using the first game example that popped into my mind, I don't even know if those are still in there)

[–]magnora7 12 insightful - 1 fun12 insightful - 0 fun13 insightful - 1 fun -  (5 children)

Yeah basically every forum is under attack, by lots of different groups, all the time. Especially now with AI commenting bots that can flood forums with nonsense. It's just how the internet is now, and I'm frustrated by it tbh. A far cry from the internet in 2003.

/u/cunninglingus shared this, this is basically the graph you wanted showing the number of attacks: https://radar.cloudflare.com/security-and-attacks

[–]Maniak 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (4 children)

Mmh looks like despite going through the 403 errors, the current issues still ate up my reply :'(

So let me try to remember...

It started with something like "Damn, hadnt even thought about the AI thing in relation to this", and yeah, AI-based DDOS attacks are something to have fucking nightmares about. They could bring down pretty much anything and everything just by using the currently available tools for DDOSing anything and unleashing their algorithms on it.

The whole "AI" thing is only the mainstream release of what came out of the "machine learning" push that's been going on for more than a decade already. There's no intelligence behind it. They've been grabbing as much data as they could, which isn't unrelated to the whole NSA/Snowden thing, and throwing brute-force processing at it.

"Machine learning" may be only 10-15 years old, but the data processing has been going on since data could be processed. It was just a marketing term, much like AI is for the current iteration. It only means "we've been storing up everything everybody has been doing everywhere, including you, and we can now predict everything you can and would do, in order to get you to do what you should do to serve our interests".

It's not intelligence, but it's based on enough data to get close enough to it, especially when it comes to doing brute things like DDOS attacks or spamming forums with meaningless diatribes.

Them doing it to fill forums isn't new, and was scary enough, but if they're starting to use it for straight up targeted attacks on the infrastructure, and of course they would, then... well... I'd like to say that I have at least a clue as to what to do against it, but given that they already control the entire infrastructure and that precisely 0% of Internet is controlled by individuals...

Well... didn't wake up today thinking I'd end the day thinking even less of where we're heading, and yet...

Ok, first things first, still expecting Cloudflare to fix this shit up by tomorrow or at least start giving regular updates.

The overall shitfest is on a way bigger scale and outside of always trying to keep talking and discussing about everything, everywhere we can, hoping and trying to get enough people aware of what's going on around them, I'm not quite sure what more we can do. And it's already a lot.

PS: entirely unrelated but I really do need to address this at some point: how often is the source on Git rebuilt and redeployed? Because there are a few WotB-based CSS changes that I'd really like to submit in a PR if only to make the textarea properly resizable. Nothing to do with the topic at hand, sorry, just popped in my head because this next round of fighting against the incoming 403s :)

Edit: looks like the original reply being eaten up was me being impatient, stupid and most certainly both. I've been multiplying SaidIt tabs over the day because it seems to help with the checks (click the checkbox on one tab, it unlocks another one without having to wait for the original tab to reload), and I found the original reply in another tab that was still getting 403s. Must have gotten my wires crossed at some point, or a cat came in and messed everything up, I don't know. Anyway, that one is not entirely on today's mess :)

[–]penelopepnortney 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (3 children)

a cat came in and messed everything up

Blaming the cat always works for me. They're guilty until proven innocent.

[–]Maniak 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

And yet they somehow always get out of everything, entirely unscathed.

You could say that cats are, in this way, akin to democrats. But that would be an intolerable insult to the whole of catkind. How DARE you even think of this @Sensei?

[–]penelopepnortney 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

Don't make me call Luna.

[–]Maniak 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

https://saidit.net/media/P77fAb0bD2NByxlQx9kcNAxK2W93j87TbOZPY2y7tJ4.png