Saidit just upgraded our DDOS protection system

submitted by magnora7 from self.SaidIt

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]LarrySwinger2 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (11 children)

That's great. I am noticing, however, that the connection gets blocked when I log in via tor (403 or 1020). But, based on your explanation, perhaps I shouldn't click too fast. I hope the compromise in terms of usability won't be too big. I'll report back on this.

[–][deleted] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (2 children)

I'll try to loosen the Tor restrictions a bit. We're already looser than default CloudFlare. Some Tor ips are marked as dirty because abuse comes from them.

[–]skiseme 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (1 child)

What about having an onion address alongside a clearnet address?

[–][deleted] 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

I'm into that. it's a bit of a tech burden, because you have to serve the site as http and not https.

[–]magnora7[S] 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (6 children)

Yeah it's best not to use a VPN, as we've had to block a lot of VPN traffic because that's where a lot of DDOS attacks originate from. I'm still tweaking the new firewall rules to balance everything, I think it's almost all worked out.

[–][deleted]  (1 child)

[deleted]

    [–]comments 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (0 children)

    https://notabug.io/t/saidit.all when you're blocked

    [–]theoracle 3 insightful - 2 fun3 insightful - 1 fun4 insightful - 2 fun -  (1 child)

    Yeah we're just having to block certain VPN services because they're avenues for attacks, and I'm not sure if there's a way around that. But I think our new system might give us some opportunities to make it more dynamic.

    It's concerning that you would block VPNs at all, but then maybe there is some particularly bad ones? Then what about the likes of tor?

    Personally I don't like blocking, banning or deleting. It is like the internet's version of segregation, apartheid and genocide....

    Obviously if it's your only solution so be it, I just hope it's not your "Final Solution", because I think better can be done, much better.

    [–]magnora7[S] 4 insightful - 2 fun4 insightful - 1 fun5 insightful - 2 fun -  (0 children)

    I understand your concern, but we're not banning entire VPNs, just certain IP addresses that happen to be on VPNs. We only block those addresses because if we don't, one person can make 100,000 requests per second and take the website down, and those particular IP addresses have displayed that type of behavior already according to connection logs.

    [–]comments 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

    yeah I guess this is what happens when you have to share IPs with people who don't use them respectfully.

    [–]magnora7[S] 2 insightful - 2 fun2 insightful - 1 fun3 insightful - 2 fun -  (0 children)

    Yeah exactly

    [–]theoracle 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (0 children)

    I just tested tor and it is very slow but works.

    Not good if it is blocked... :-(