CloudFlare check sucks

submitted by binaryblob from self.AskSaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]magnora7 20 insightful - 2 fun20 insightful - 1 fun21 insightful - 2 fun -  (6 children)

Saidit gets about a third of a million page load requests a month, and probably half of those are fraudulent (originating from malicious DDOS attacks). During a heavy attack day we might have 10x the page load requests of normal, during which probably 98% of the page requests are fraudulent. Cloudflare ensures (most of) those fraudulent connection attempts stop at cloudflare and don't hit our main server, which is how we're able to stay online.

We've been DDOS attacked multiple times daily for 5 years now. As a result we can never turn our DDOS protection off. So someone out there is setting aside resources on the regular to do this. For years.

I remember the day saidit opened to the public, before we had a registration captcha set up, someone used a script to register all the active usernames from the subreddits where I showed people saidit, and then they auto-registered thousands of usernames, and stole everyone's usernames who might've migrated. Just to frustrate migration and growth of this site. They did this literally hours after we opened the website, they had an automated script ready to go.

This place has been under nonstop attack since day 1, via every method possible from hardware attacks to social engineering, it has honestly surprised me how bad it's been over the last 5 years, I would've never guessed it was this bad. Whoever these groups are, they really don't want forums like saidit to exist.

[–]CheeseWizard 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (5 children)

¯_(ツ)_/¯

I tried to think possible of suspects, just for fun.

Hacktivists. Idk. They love to LARP and believe whatever narrative they are told. Conspiracionists love free speech platforms, so anyone that think thought crimes is a harm to society, including anti vaxx crazies as one of the harms, will try to bring Justice TM around. So it's an easy activist target.

Maybe Reddit and other giant Platforms, are attacking competitors, to keep their quality down. Political attacks for campaigns, like you said. For political reasons, you can try to bring it down, lower the quality and speed by forcing defense mechanisms, or use bots and shills for propaganda. Etc.

[–]bucetao6969 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (4 children)

I don't think we can really know unless they actually announcing they're attacking us.

[–]magnora7 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (3 children)

Either that or the ISPs trace the malicious packets back to their sources, which they basically won't do

[–]bucetao6969 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (2 children)

So you're saying there's a chance that we know who the hackers are?

[–]magnora7 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (1 child)

I'm saying it's potentially knowable, but any way to actually do that is extremely unlikely unfortunately

[–]bucetao6969 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

If it's potentially knowable it's a good idea to try everything in your power to investigate. These guys could kill the website.