I spent a total of 3 hours clicking CloudFlair check-boxes trying to be allowed to login to SaidIt today....like usual

submitted by SoCo from self.whatever

sorted by:
top
newinsightfulfun
you are viewing a single comment's thread.

view the rest of the comments →

[–]SoCo[S] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (6 children)

Since a spoofed IP cannot receive a reply, they should be just standard network noise for a HTTPS web server; they cannot preform the HTTPS handshake.

Their likely goal is to both/either:

  • stress the website forcing it to use expensive privacy invading protection services that are feasibly able to de-anonymize users across the net, even on Tor, if so inclined (Cloudflair's transparency reports give the impression of resistance, but I prefer to trust no one and no service).
  • cause a reflection attack against the spoofed IPs

When they connect to the HTTPS and the website replies to the spoofed IP, those packets make the website reply to the Tor IPs, becoming a reflection attack. For a non-valid TCP connection, these should be dropped pretty readily by the Tor node's NAT, and the HTTPS handshake packet shouldn't be too large. Yet, with enough of these, it can likely still degrade the Tor node's network.

Similar to robo callers spoofing caller ID's, this network spoofing can only exist non-locally because large network operators or backbones don't reject packets with obviously forged return addresses. A large amount of cellular and Internet backbones are filtering for this. I suspect that cloud providers have simply covered their eyes and ears, allowing their customers to freely send spoofed packets en mass. Considering how much malicious vulnerability scanning, specific attacks, and scam/malware hosting that comes from the major cloud providers, seemingly without a care or way to identify or report them, this seems a likely origin, even though not helpful.

HTTP (without the S) on the other hand, could cause lots more problems for a webserver and a much more significant reflection as well.

[–]magnora7 6 insightful - 1 fun6 insightful - 0 fun7 insightful - 1 fun -  (5 children)

Interesting technical analysis, I will think about that some more, thank you. They are obviously somehow able to get replies despite the IP changing with literally every request and jumping beyond any normal IP bounds of any service like tor. I don't know exactly how it works. Honestly it's beyond anything I've ever seen, it may be some gov't tech, who knows. It's quite obviously not some dumb script kiddies, there's no question about that. They know what they are doing and have lots of software specifically for this. I have also seen they have software that does automated account registration, and automated comment and post deletion after a saidit account is banned. They're quite obviously well-prepared, and a lot of this was unleashed on day 1 of saidit's launch, wherein a group on reddit literally scanned /r/conspiracy for regularly-commenting usernames and then registered all those usernames on saidit in order to frustrate the migration and scare off new users. They registered something like 5,000 accounts in under a half-day, on saidit's opening day, before we turned on a more advanced captcha system.

Saidit basically had to become a cyber-fortress just to exist, I probably personally spent over 1000 hours just on saidit cybersecurity alone. I learned how to write Cloudflare API bash scripts that send self-autogenerated IP ban lists (which I also wrote a script for) from our server to the cloudflare server, without having to use the paid service, just to save money. D3rr and I used every trick we know to get saidit as secure as it is, and he's even better with this stuff than I am.

Basically my point is, this is a very high hurdle to jump over, and it's little wonder a lot of reddit alternatives implode quickly. You have to absolutely have your stuff together from day 1, or the site will be taken down from malicious attacks that are just free-floating around the internet. Most people can't do this, and most forums fail. Especially if the forum is related to anything controversial.

This itself is a way to stifle the free speech of the masses. You literally have to be a cybersecurity expert just to run a dang forum in 2023. And that's not even mentioning the actual code of just getting the thing running in the first place. And then the critical mass problem of attracting enough users. The hurdles are too high, so it's little wonder there are so few viable reddit alternatives. It's not a good state of affairs for the internet and culture in general. And with with the improving quality of automated AI posting and commenting on top of that, I worry about the future of anonymous text-based forums.

[–]Vulptex 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (4 children)

Honestly it's beyond anything I've ever seen

It might be reddit then. Reddit is somehow able to detect your alt accounts automatically, going back years, in cases where it should be literally impossible to do even manually.

[–]magnora7 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (3 children)

Could very well be, especially since this is a fork of reddit's open source, and the attackers seemed to know the software inside-out on day 1, and exactly how to exploit it. And it would make sense that reddit would want to stifle competition.

[–]Vulptex 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (2 children)

Yeah that's very suspicious. Could also be agents from /r/defaultmods.

[–]magnora7 3 insightful - 1 fun3 insightful - 0 fun4 insightful - 1 fun -  (1 child)

True, or it even could be just someone from a subreddit that hates one of the subs that migrated to saidit... could be a lot of things, but what is clear is that the attacks are sophisticated, and basically every forum these days suffers from these attacks. So really I think it's something more about controlling discourse on the internet, than about reddit specifically. Which would make sense that governments would have such programs, it's not expensive and yields a high return in terms of social control. And the JIDF, shareblue, Cambridge Analytica, Chinese shill groups, russian shill groups, Langley Air Force Base groups (which I believe one day was found to have generated 60% of reddit traffic), and so on are well-known to exist and operate across many forums, and they are all trying to control the whole thing of course so they can control the narrative. And they're all out-competing each other, and meanwhile normal people are drowning in propaganda and nonsense generated from all this activity. And the whole internet is slowly being ruined in the process, because the signal-to-noise ratio is going to crap with all the deliberate nonsense being posted so often.

[–]EddieC 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

meanwhile normal people are drowning in propaganda and nonsense generated from all this activity. And the whole internet is slowly being ruined in the process, because the signal-to-noise ratio is going to crap with all the deliberate nonsense being posted so often.

 
I made a suggestion that would help cut through the noise:
Allow one post for curating solutions to be pinned on one of the main subs with high reader count e.g. AskSaidIt