Using one of the major public clouds such as Azure or AWS is probably the most robust option but I would be concerned that they might pull the plug on us at an inopportune time.
I was going to use AWS for a project. But then they had a landing page with their violent, racist BLM shit. So yeah I can't support racists. It is just hard in bigtech to find a company that isn't chock full of white supremacists telling us which races are allowed to do what.
Why it is as if Republicans never signed the Civil Rights Act of 1963 into law.
I was considering AWS for a project I'm working on, but there's both my desire to not support amazon, and the fact that I'm worried they'd pull the plug. My service is free-speech oriented, so they would at least have a motive to pull it.
The civil rights act was racist in the first place. We never should've forced people to be together if they didn't want to, and our go to response seems to be that if people are different it must be due to racism, not due to people being different.
Web dev here. I would prefer this site being on a major cloud provider for this reason. If AWS did do that there would be a lot of concerns for other companies. Can even have it be multi cloud, have back up servers in Azure.
Running mirrors on two different public clouds would definitely be the most robust option. More expensive, and more effort, but would make it nearly impossible to interrupt or take down the site.
The mods of this site know that many of us are more than willing to donate to pay the bills so if they need money for a more robust solution we are here.
The mods of this site know that many of us are more than willing to donate to pay the bills so if they need money for a more robust solution we are here
Millions for defense, but not one cent for tribute.
I work with both AWS and Azure and prefer AWS better. Azure's load balancers can't even terminate SSL and get much slower performance from their storage pools than S3. You can't even change the name of a vm in Azure in the console and vm names can't be longer than 20 characters. What is this 1985?
AWS is very good, used it for years professionally and I use it personally. AWS is literally setting the pace with performance and new services, and everyone else is desperately trying to play catch up.
Multi-CDN with multi-cloud providers would be ideal.
I've architected a company here in the US that is always on Anonymous's radar to try and exploit and deface since they are a provider and manufacturer of anti-personnel devices such as flash bangs, sting grenades, smoke screens, etc. to police and military around the world.
Over 3 years now, they've never been hacked or defaced since I came into the picture.
There is precedent with Joyent and PayPal both kicking Gab off of their platforms. As far as I know, they had no real push-back from doing this. Joyent isn't as large as AWS or Azure, but it is fairly sizable.
Family totally can so long as they’re separate from the campaign. I think the real issue with this site being run by the campaign is if we do or say something that reflects poorly on them- cough shills cough, oh oops! Sorry, I’m having seasons allergies.
Most of those services are owned by cucked companies and Tencent. They do need to find an alternative though. Cloudflare has pretty trash DDOS protection.
POTUS should declare DDOS attacks a felony punishable by life imprisonment and a fine of up to 100 billion dollars. Then offer /pol a 10% commission on tracking down the DDOS losers.
It wouldn't matter. The FBI would determine "no reasonable prosecutor" would prosecute the case, and the DoJ if it was referred the matter, would let them off.
Meanwhile, patriots would be imprisoned for "brigading" a site or just visiting a link en masse.
There are three types of DDoS attacks; volumetric, protocol, and application. 2/3 of attacks are volumetric.
Null routing traffic using a device (physical or virtual) at you're environment's edge will not mitigate severe volumetric DDoS attacks. The reason is that once all of the ingress bandwidth to your environment is consummed with DDoS traffic there is nothing left over for legitimate traffic. Your website is unreachable. Dropping DDoS traffic after it has already traversed the "pipe" to your environment has no effect. Your "pipe" has already carried the DDoS traffic. The simplest way to deal with this is to work with your ISP(s) to drop the DDoS traffic before it goes through your "pipe". ISP(s) provide this service for an additional fee.
If you really want to stop the attacks, you need to use a CDN (Content Delivery Network). There are several reasons for this. 1. CDN provider has massive "pipes" to carry the traffic; likely much larger than the "pipe" to your environment. (hard for attackers to fill up from the get-go) 2. CDN provider provides reverse proxy servers in order to present your website. Attackers end up attacking these servers rather than the origin servers which are the actual website. 3. CDN provider has multiple points of presense hosting the reverse proxy servers by which your website is reached. If the attacker tries to attack from multiple points, they may end up attacking multiple reverse proxy servers and this spreads the load. 4. CDNs provide protection from volumetric and protocol attacks. 5. CDNs can provide WAF which provides protection from application attacks. (for websites) Basically, your website (origin server) is a child and nobody gets to talk to it directly. They always have to go through your mom and dad. Think of a CDN as a 4th layer (a reverse proxy layer) that sits in front of the usually web, app, and database layers.
In many cases, this may not be a CloudFlare issue. You will see this when it shows traffic to CloudFlare is "Working", but traffic to the Host is "Error". (like right now) This means that the origin server(s) aren't able to service all requests. CloudFlare reverse proxy servers are good to go, but the origin servers can't keep up.
Please understand what is going on. This isn't a static website. With every request, the CloudFlare proxy servers must pull data from the origin servers in order to relay that information to browsers. This website is having huge growth. The administrators are likely having a hard time scaling up/out the origin server capacity.
Now, consider the attackers. This is cyber warfare. This isn't some kid in a basement. The attackers are very likely well funded and on a mission.
I don't think Cloudflare is technically a CDN, I think they are considered a reverse proxy. I don't get the semantics between what a company like Akamai vs Cloudflare
At a former company we used Akamai for our DDoS protection. If we started getting attacked we would stop advertising our IP space out of our ISP and would advertise to Akamai so inbound traffic was forced to come through Akamai, who did a fantastic job of cleaning that shit up. I'm sure it was expensive though and it's more of an enterprise solution.
Yes, because if your company owns any class C or larger space, that information is public domain so eventually the DDoS campaign becomes more intelligent and they will bypass the CDNs to target your class C range. The only way to mitigate that is to route through Akamai, etc. and it is extremely expensive.
Daaang. Thedonald even has the Director of Security Engineering. Legit hahaha.
Thank you for what you do. I always wanted to know who was battling the ddos war for thedonald. Seems super exciting and fulfilling.
Ahhh regardless, your job seems super fulfilling since you get to see your work in real time.
Sometimes I wish I went into computer security since it sounds pretty cool when you compare it to my work day where majority of my schedule is listening to meetings and then rest of my work day is making slides for the next meeting. Feels absolutely useless.
I hate to break it to you, but meetings and crap is a lot of what I do. Granted, I’m doing management and I still do the architecture. It is fun when I can just deal with the tech. The tech is the “easy” and fun part. The sucky part is when you get into compliance, audits, budgets, etc. I say “easy”, but its just easier and more fun than the nasty/stinky bureaucratic stuff. So much virtualization, cloud, containerization, etc. stuff out there now. I wonder how newbies can ever learn this stuff.
Thank you though. I often lose sight of what I’m doing. The horrible part of my job is that when I do it right, nobody notices.
Sure. Simply put Cloudflare filters/blocks malicious traffic. It isn't a perfect system, but what's critical to note is that it filters -- it doesn't ultimately provide the requested webpages. That comes from a server or servers that are "behind" the protection on Cloudflare (a webserver). Once Cloudflare passes on the traffic it deems to be a legitimate request, then that needs to be dealt with by the webserver, which in this case is shitting the bed. Imagine a bouncer at restaurant's door (bouncer=Cloudflare), but once the bouncer lets someone inside, then you still have to have the capacity to seat/serve the customer (capacity=thedonald.win's webserver).
I think a lot of us would love to, but are a bit short on the means. Although, maybe if we pooled enough cash, or sold shares in the company we could make it work.
I've toyed with it on and off. I've decided it's not egregiously difficult, but is expensive.
Basically, you need a lot of bandwidth and a few points of presence. The bandwidth gets expensive, although not impossible.
One could start with hosted dedicated servers in public cloud before building out their own datacenters.
The trick is, you'd want to use AnyCast to have multiple servers with the same IP addresses in different regions, to load balance both real traffic and the DDoS traffic. (These advertisements are handled through BGP, a protocol that routers use to determine where a particular IP block is located. AnyCast is why the ping time to something like Google DNS 8.8.8.8 or Cloudflare DNS 1.1.1.1 is rarely very high)
Clarification: you would need MANY reverse proxy/CDN servers.
Ok, so are we talking 3 Elon’s or 2 retired farmers? If it’s not too expensive (I’m thinking like $5-10M) maybe we can sell shares on here to the users. 250K users with $100 each and you start looking at real money.
Ddos is inevitable. You can only do so much to prevent it. We have pretty decent server dudes that get us going again quick and dont cancel us cuz the left says so
I wouldn't be shocked if this site is already cloud hosted as a web service behind cloudflare as a DNS and CDN provider.
There are more alternatives to that list.... Google shield, netscout (formerly arbor), neustar, etc.
You can also do some of your own flow / anomaly detection using systems like Kentik, but at the end of the day you'll need to count on someone else's bandwidth and network capacity / redundancy.
Yeah isnt it funny how the whole point of CloudFlare is to prevent ddos, you pay them money to be safe and when a ddos come they just wont help you. Seems like a good business though.
I never mind a short interruption of service in order to be "site safe" and as importantly, allowed to remain open to Free Speech by cloudfare... Hate to make a change and then get sjw'd !!!
I don't think you understand the scale of a heavy DDoS attack. These things can run into the terabit range when coordinated through some botnets. Your ISP will be easily overwhelmed and that physical server will be equally useless against such a threat.
I’m fully aware of what a DDOS attack is. Usually Business Level Service includes DDOS protections. If an ISP was quickly overwhelmed by connections attempting to shut something down, then they would have no ability to guarantee and maintain the level of service they’ve contractually agreed to.
on top of that, implementing standard network procedures, load balancers and ensuring that there are no connections into your internal network unless you’ve explicitly allowed them will go verrrrrrrrry far in mitigating these attacks.
The big problem here is by relying on cloud infrastructure you aren’t getting Custom tailored protections, you are buying into a service that, with the exception of a handful of preferences, is pretty uniform regarding what they offer you.
I wouldn’t suggest getting a ‘cheap’ one on eBay though. If you’re going to buy a server second hand you should be guaranteed that it’s not DOA and the parts included are under some sort of warranty that’ll last until you’re familiar with the machine.
Using one of the major public clouds such as Azure or AWS is probably the most robust option but I would be concerned that they might pull the plug on us at an inopportune time.
I was going to use AWS for a project. But then they had a landing page with their violent, racist BLM shit. So yeah I can't support racists. It is just hard in bigtech to find a company that isn't chock full of white supremacists telling us which races are allowed to do what.
Why it is as if Republicans never signed the Civil Rights Act of 1963 into law.
Yeah AWS and Linode both showed that BLM bullshit so you can be sure they would nuke thedonald.
Because they allowed LBJ to take credit
I was considering AWS for a project I'm working on, but there's both my desire to not support amazon, and the fact that I'm worried they'd pull the plug. My service is free-speech oriented, so they would at least have a motive to pull it.
I'm using Azure and like it. Obviously MS is no friend of ours, but seems the lesser of 2 evils and it's better tech for me.
Hostinger.com
I dumped AWS, Linode, Vultr, Azure, Heroku namecheap, and godaddy.
No BLM crap, and best hosting and servers EVER.
The civil rights act was racist in the first place. We never should've forced people to be together if they didn't want to, and our go to response seems to be that if people are different it must be due to racism, not due to people being different.
Web dev here. I would prefer this site being on a major cloud provider for this reason. If AWS did do that there would be a lot of concerns for other companies. Can even have it be multi cloud, have back up servers in Azure.
Running mirrors on two different public clouds would definitely be the most robust option. More expensive, and more effort, but would make it nearly impossible to interrupt or take down the site.
The mods of this site know that many of us are more than willing to donate to pay the bills so if they need money for a more robust solution we are here.
Millions for defense, but not one cent for tribute.
I work with both AWS and Azure and prefer AWS better. Azure's load balancers can't even terminate SSL and get much slower performance from their storage pools than S3. You can't even change the name of a vm in Azure in the console and vm names can't be longer than 20 characters. What is this 1985?
only need 64k will be ever needed..
AWS is very good, used it for years professionally and I use it personally. AWS is literally setting the pace with performance and new services, and everyone else is desperately trying to play catch up.
I feel Azure is less cucked than AWS.
I like that plan. We can even host other non-cocked services and start making a profit.
AWS did that already to WikiLeaks so nah, thedonald on AWS or Azure is definititely not a good choice.
Afterall AWS is the most expensive and needlessly complicated cloud provider out that.
Btw. OVH proved not-political few years ago when they hosted WikiLeaks after AWS.
Of the big providers maybe DigitalOcean ?
Multi-CDN with multi-cloud providers would be ideal.
I've architected a company here in the US that is always on Anonymous's radar to try and exploit and deface since they are a provider and manufacturer of anti-personnel devices such as flash bangs, sting grenades, smoke screens, etc. to police and military around the world.
Over 3 years now, they've never been hacked or defaced since I came into the picture.
AWS did exactly that to WikiLeaks already. Stay away.
There is precedent with Joyent and PayPal both kicking Gab off of their platforms. As far as I know, they had no real push-back from doing this. Joyent isn't as large as AWS or Azure, but it is fairly sizable.
Do you know who Gab uses for cloud-services?
Last I saw they were using Cloudflare, and hiding the identity of their web host.
How does .win pay the bills?
through upvotes
Mods have an arrangement they have never detailed, only proclaiming there will never be ads or sub fees.
I honestly think it's government run severs like the whole 8kun ordeal.
What? Was 8kun a honeypot or something?
No, 8chan kept getting attacked much like TD. When they moved to 8Kun people noticed the servers were from the department of defense. https://exopolitics.org/project-looking-glass-the-q-anon-deep-state-temporal-war/
glowies are part of 4chan/8kun now. It's nice since if there is any terrorist activity on the board, they're on it pretty quick.
Well, that can either be good or bad at this point. Fingers crossed for sunshine and lolipops, haven’t had any for a while.
I consider it a good thing due to the fact of all the DDoS attacks.
Family totally can so long as they’re separate from the campaign. I think the real issue with this site being run by the campaign is if we do or say something that reflects poorly on them- cough shills cough, oh oops! Sorry, I’m having seasons allergies.
There is absolutely no way T_D would be allowed to use any normal cloud service for very long before an activist employee pulled the plug.
Most of those services are owned by cucked companies and Tencent. They do need to find an alternative though. Cloudflare has pretty trash DDOS protection.
POTUS should declare DDOS attacks a felony punishable by life imprisonment and a fine of up to 100 billion dollars. Then offer /pol a 10% commission on tracking down the DDOS losers.
DDoS attacks are a crime already
With all the much-heralded Chinee propoganda - look at them now. Reduced to DDOS attacks. Out of ideas, Xi?
Those 90 million commies should not be allowed in our country or our banking system.
It wouldn't matter. The FBI would determine "no reasonable prosecutor" would prosecute the case, and the DoJ if it was referred the matter, would let them off.
Meanwhile, patriots would be imprisoned for "brigading" a site or just visiting a link en masse.
u/Doggos already said they have plans in case Cloudflare decides to cuck out, but that their service makes the most sense right now.
https://thedonald.win/p/Fg3CfhEE/x/c/11S0z9cROq
Director of Security Engineering is me.
There are three types of DDoS attacks; volumetric, protocol, and application. 2/3 of attacks are volumetric.
Null routing traffic using a device (physical or virtual) at you're environment's edge will not mitigate severe volumetric DDoS attacks. The reason is that once all of the ingress bandwidth to your environment is consummed with DDoS traffic there is nothing left over for legitimate traffic. Your website is unreachable. Dropping DDoS traffic after it has already traversed the "pipe" to your environment has no effect. Your "pipe" has already carried the DDoS traffic. The simplest way to deal with this is to work with your ISP(s) to drop the DDoS traffic before it goes through your "pipe". ISP(s) provide this service for an additional fee.
If you really want to stop the attacks, you need to use a CDN (Content Delivery Network). There are several reasons for this. 1. CDN provider has massive "pipes" to carry the traffic; likely much larger than the "pipe" to your environment. (hard for attackers to fill up from the get-go) 2. CDN provider provides reverse proxy servers in order to present your website. Attackers end up attacking these servers rather than the origin servers which are the actual website. 3. CDN provider has multiple points of presense hosting the reverse proxy servers by which your website is reached. If the attacker tries to attack from multiple points, they may end up attacking multiple reverse proxy servers and this spreads the load. 4. CDNs provide protection from volumetric and protocol attacks. 5. CDNs can provide WAF which provides protection from application attacks. (for websites) Basically, your website (origin server) is a child and nobody gets to talk to it directly. They always have to go through your mom and dad. Think of a CDN as a 4th layer (a reverse proxy layer) that sits in front of the usually web, app, and database layers.
In many cases, this may not be a CloudFlare issue. You will see this when it shows traffic to CloudFlare is "Working", but traffic to the Host is "Error". (like right now) This means that the origin server(s) aren't able to service all requests. CloudFlare reverse proxy servers are good to go, but the origin servers can't keep up.
Please understand what is going on. This isn't a static website. With every request, the CloudFlare proxy servers must pull data from the origin servers in order to relay that information to browsers. This website is having huge growth. The administrators are likely having a hard time scaling up/out the origin server capacity.
Now, consider the attackers. This is cyber warfare. This isn't some kid in a basement. The attackers are very likely well funded and on a mission.
The Silent War continues...
If only they would let us donate, we could buy the greatest largest pipes for TD. Pipes so large, that even the left’s salt mines couldn’t fill them.
I don't think Cloudflare is technically a CDN, I think they are considered a reverse proxy. I don't get the semantics between what a company like Akamai vs Cloudflare
Cloudflare has both. But the CDN is not useful for dynamic content, but can be used to serve up cached images, CSS, etc
At a former company we used Akamai for our DDoS protection. If we started getting attacked we would stop advertising our IP space out of our ISP and would advertise to Akamai so inbound traffic was forced to come through Akamai, who did a fantastic job of cleaning that shit up. I'm sure it was expensive though and it's more of an enterprise solution.
Yes, because if your company owns any class C or larger space, that information is public domain so eventually the DDoS campaign becomes more intelligent and they will bypass the CDNs to target your class C range. The only way to mitigate that is to route through Akamai, etc. and it is extremely expensive.
Thanks for explaining that. So it's a scaling problem from all the winning.
Some of it is likely a scaling problem. The attacks though are an effort to silence our voices.
Daaang. Thedonald even has the Director of Security Engineering. Legit hahaha. Thank you for what you do. I always wanted to know who was battling the ddos war for thedonald. Seems super exciting and fulfilling.
I’m a Director, not the director for thedonald.win. I work for one of those large companies that provides cybersecurity services for others.
Ahhh regardless, your job seems super fulfilling since you get to see your work in real time. Sometimes I wish I went into computer security since it sounds pretty cool when you compare it to my work day where majority of my schedule is listening to meetings and then rest of my work day is making slides for the next meeting. Feels absolutely useless.
I hate to break it to you, but meetings and crap is a lot of what I do. Granted, I’m doing management and I still do the architecture. It is fun when I can just deal with the tech. The tech is the “easy” and fun part. The sucky part is when you get into compliance, audits, budgets, etc. I say “easy”, but its just easier and more fun than the nasty/stinky bureaucratic stuff. So much virtualization, cloud, containerization, etc. stuff out there now. I wonder how newbies can ever learn this stuff.
Thank you though. I often lose sight of what I’m doing. The horrible part of my job is that when I do it right, nobody notices.
Cloudflare is fine, it is the host that is the problem in this instance
Can you explain that?
I guess zipodk says that based on the Error 504 showed by CloudFlare.
Though isnt CloudFlare just covering their ass?
Unlikely. Everything that happens on the network can be logged and monitored.
Cloudflare would be opening themselves up to liability if they lied.
Sure. Simply put Cloudflare filters/blocks malicious traffic. It isn't a perfect system, but what's critical to note is that it filters -- it doesn't ultimately provide the requested webpages. That comes from a server or servers that are "behind" the protection on Cloudflare (a webserver). Once Cloudflare passes on the traffic it deems to be a legitimate request, then that needs to be dealt with by the webserver, which in this case is shitting the bed. Imagine a bouncer at restaurant's door (bouncer=Cloudflare), but once the bouncer lets someone inside, then you still have to have the capacity to seat/serve the customer (capacity=thedonald.win's webserver).
Thanks for explaining that. Maybe its time for a host upgrade
Any winners out there with the means and inclination to start his or her own DDOS Protection Service?
Because this would be a great opportunity to get that business off the ground.
I think a lot of us would love to, but are a bit short on the means. Although, maybe if we pooled enough cash, or sold shares in the company we could make it work.
SysAdmin/network dev here.
I've toyed with it on and off. I've decided it's not egregiously difficult, but is expensive.
Basically, you need a lot of bandwidth and a few points of presence. The bandwidth gets expensive, although not impossible.
One could start with hosted dedicated servers in public cloud before building out their own datacenters.
The trick is, you'd want to use AnyCast to have multiple servers with the same IP addresses in different regions, to load balance both real traffic and the DDoS traffic. (These advertisements are handled through BGP, a protocol that routers use to determine where a particular IP block is located. AnyCast is why the ping time to something like Google DNS 8.8.8.8 or Cloudflare DNS 1.1.1.1 is rarely very high)
Clarification: you would need MANY reverse proxy/CDN servers.
Ok, so are we talking 3 Elon’s or 2 retired farmers? If it’s not too expensive (I’m thinking like $5-10M) maybe we can sell shares on here to the users. 250K users with $100 each and you start looking at real money.
as long as it's a good service that works, it'd be great to do business
Ddos is inevitable. You can only do so much to prevent it. We have pretty decent server dudes that get us going again quick and dont cancel us cuz the left says so
I wouldn't be shocked if this site is already cloud hosted as a web service behind cloudflare as a DNS and CDN provider.
There are more alternatives to that list.... Google shield, netscout (formerly arbor), neustar, etc.
You can also do some of your own flow / anomaly detection using systems like Kentik, but at the end of the day you'll need to count on someone else's bandwidth and network capacity / redundancy.
Though with google shield, google will nuke you even before a ddos because ... you are a racist reeee
ಠ_ಠ
Yeah isnt it funny how the whole point of CloudFlare is to prevent ddos, you pay them money to be safe and when a ddos come they just wont help you. Seems like a good business though.
They are probably using Cloudflare’s free plan
Here’s a silly question, what would it take for us to set up our own alternatives? What would it take to be truly un-cancelable?
CF is good despite what LARP faggots say.
W/O CF we could get dossed for 2 weeks straight until our hosting provider just cancelled us.
If you dont know shit about DDOS, stfu.
I never mind a short interruption of service in order to be "site safe" and as importantly, allowed to remain open to Free Speech by cloudfare... Hate to make a change and then get sjw'd !!!
If Cloudflare is good enough for DonaldJTrump.com, it's good enough for us
https://www.fastcompany.com/90205668/every-2016-presidential-campaign-operation-was-cyber-attacked-says-security-provider
Personally I don't think this is a Cloudflare problem, they coped with the Lulzsec attacks and I doubt this is worse than that
https://www.zdnet.com/article/cloudflare-how-we-got-caught-in-lulzsec-cia-crossfire/
Yeah time to get your own hardware. Dell R730+ISP with static ips and you’re pretty good. Plus DDOS mitigation is much easier
I don't think you understand the scale of a heavy DDoS attack. These things can run into the terabit range when coordinated through some botnets. Your ISP will be easily overwhelmed and that physical server will be equally useless against such a threat.
What would it take to set up an ISP with enough bandwidth?
I spend roughly 300 a month for my internet service, which includes static ips
What would it take to set up an ISP with enough bandwidth?
I’m fully aware of what a DDOS attack is. Usually Business Level Service includes DDOS protections. If an ISP was quickly overwhelmed by connections attempting to shut something down, then they would have no ability to guarantee and maintain the level of service they’ve contractually agreed to.
on top of that, implementing standard network procedures, load balancers and ensuring that there are no connections into your internal network unless you’ve explicitly allowed them will go verrrrrrrrry far in mitigating these attacks.
The big problem here is by relying on cloud infrastructure you aren’t getting Custom tailored protections, you are buying into a service that, with the exception of a handful of preferences, is pretty uniform regarding what they offer you.
Sure you can get a bunch of them on ebay cheap, but they're still 4 years old.
4yrs old is totally fine for a server.
I wouldn’t suggest getting a ‘cheap’ one on eBay though. If you’re going to buy a server second hand you should be guaranteed that it’s not DOA and the parts included are under some sort of warranty that’ll last until you’re familiar with the machine.