Using another search engine is not as good because
- it does not find new entries
- it is not as reliable
- it can be censored
It could at least be made available to people who have contributed enough. That would protect it from Denial Of Service (DOS) attack.
Also see
Using another search engine is not as good because
- it does not find new entries
- it is not as reliable
- it can be censored
It could at least be made available to people who have contributed enough. That would protect it from Denial Of Service (DOS) attack.
Also see
[Stop The Steal infrastructure, wiki, chat.](https://thedonald.win/p/11PpU0dOR0)
They probably disabled it because that's the easiest target for DDOS attacks. All they have to do is run a while loop on it, and the site can go down pretty quick. To protect against that, the site could add a custom captcha to whenever a person searches. But disabling it altogether is a quick workaround to the problem at hand.
Ah gotcha. Thanks for the update!
First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.
Coming from a web dev pepe that deals with some DDOS on site mitigation. Any POST (data from user to site) is always the #1 "ez" attack vector to check for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.
Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern. I've seen some ddos scripts that use actual programatic browser emulation to bypass "browser checks" offered by cloudflare. Some of them can even bypass weak captchas.
Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.
The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works it weeds out offending ips... until the next pattern starts-- or it will rotate attack vectors along with rotating ips.... And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.
And all of this is contingent on the level of bandwidth attempting to reach the server, sometimes they can be so big theres almost virtually nothing that can be done about it unless you have insane hardware in front of the server doing additional packet inspection/filtering. DDOS IS A NIGHTMARE.
I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search. Understand the effort this team probably puts forward to just keep the site online and responsive is probably most of the time spent/effort spent on this site.
Godspeed admins.
But we also have logged in account data, so could limit access to users with more than X karma. We'd also be 100% OK with limiting hourly search requests by account.
Limiting that functionality to logged in users with X karma is a good idea.
As for laterbreh above, yeah I did similar earlier this year. My site was abused by some asshole sending POST requests to a function that sends an email. He added fake email addresses, and got about 30 or so emails sent to ruin my mail server's reputation (so emails end up in the spam box).
I fixed it with a custom captcha that basically requires a ton of keys to unlock the door, along with a giant honey pot. And if any values exist in that honey pot, and the keys aren't proper - the mail never gets sent. And the keys always change. So mapping out the keys is going to be damn near impossible.
The site starts going down when the search is active. It's an avenue for DDOS attacks.
I'd rather have the site up
Try using Quant. It seems to have indexed our site.
https://www.qwant.com/?q=site:thedonald.win%20MySearchTerm
Quant can recognize spaces in the URL, but TD.win can't, so I replace spaces with %20.
Quant is quite feminist, but that may be the lesser evil. Mojeek has an independent engine but can't constrain to a single site.
YES! This place is such a gold mine for memes, but if anything is older than 24 hours it's impossible to find.
It's not broken, just disabled.
Search functionality seems like a no brainer, something all sites have. However, for a site with this much activity and constantly being attacked I can't see it happening any time soon. It's not an easy fix. Entire careers are dedicated to engineering search functions.
This is huge.
Needs integration with a third party/off server search service. Solr? Anyone?
This is critical, please put the search engine on another small server instance so as to not create the DDOS situation. Let me know if you want to discuss how to do this.
Google sucks but... just type site:thedonald.win and use it.
Or use startpage, but it's not updated as quickly.
site:thedonald.win also works in bing and duckduckgo
At least have a search cooldown of 10 seconds or more
I've started just making sure I save any post I might want to reference later so I don't have to search for it.
YES.
Hell, bring it back better. Give us more options to sort quickly.
Seriously. This pisses me off.
WE ALSO DEMAND RED CHECK MARKS. DEMAND!