Win / TheDonald
Communities Topics
Sign In
Hot
All Posts
Settings
Win uses cookies, which are essential for the site to function. We don't want your data, nor do we share it with anyone. I accept.
DEFAULT COMMUNITIES All General AskWin Funny Technology Animals Sports Gaming DIY Health Positive Privacy
TheDonald America First!
hot new rising top

Sign In or Create an Account

Reason: None provided.

First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.

Coming from a web dev pepe that deals with some DDOS on site mitigation. Any POST (data from user to site) is always the #1 "ez" attack vector to check for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern. I've seen some ddos scripts that use actual programatic browser emulation to bypass "browser checks" offered by cloudflare. Some of them can even bypass weak captchas.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works it weeds out offending ips... until the next pattern starts-- or it will rotate attack vectors along with rotating ips.... And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

And all of this is contingent on the level of bandwidth attempting to reach the server, sometimes they can be so big theres almost virtually nothing that can be done about it unless you have insane hardware in front of the server doing additional packet inspection/filtering. DDOS IS A NIGHTMARE.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search. Understand the effort this team probably puts forward to just keep the site online and responsive is probably most of the time spent/effort spent on this site.

Godspeed admins.

142 days ago
1 score
Reason: None provided.

First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.

Coming from a web dev pepe that deals with DDOS on site mitigation. Any POST (data from user to site) is always the #1 "ez" attack vector to check for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern. I've seen some ddos scripts that use actual programatic browser emulation to bypass "browser checks" offered by cloudflare. Some of them can even bypass weak captchas.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search. Understand the effort this team probably puts forward to just keep the site online and responsive is probably most of the time spent/effort spent on this site.

Godspeed admins.

142 days ago
1 score
Reason: None provided.

First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.

Coming from a web dev pepe that deals with DDOS on site mitigation. Any POST (data from user to site) is always the #1 "ez" attack vector to check for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern. I've seen some ddos scripts that use actual programatic browser emulation to bypass "browser checks" offered by cloudflare. Some of them can even bypass weak captchas.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: None provided.

First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.

Coming from a web dev pepe that deals with DDOS on site mitigation. Any POST (data from user to site) is always the #1 "ez" attack vector to check for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: None provided.

First comment hit the nail on the head. I'm a Nerd and also want to expand on what the first commenter said.

Coming from a web dev pepe that deals with DDOS on site mitigation. Any POST (data from user to site) is always the #1 attack vector for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: None provided.

Coming from a web dev pepe that deals with DDOS on site mitigation-- This is the explanation-- Any POST (data from user to site) is always the #1 attack vector for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work. Most DDOS attacks arent script kiddies, typically its someone with equal or more knowledge than you actively looking for the next hole to hit, and as soon as you plug it they go to the next one.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: None provided.

Coming from a web dev pepe that deals with DDOS on site mitigation-- This is the explanation-- Any POST (data from user to site) is always the #1 attack vector for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof. Aside from banning swaths of IP addresses that follow a pattern.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort along with some levels of automation.

The last site I had to protect, I had to implement a script that read logs in real time (thats after you take the server offline to unfuck it so you can actually read the logs with out a 100% cpu load essentially locking up the server), I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare. Everyone thinks that cloudflare is the solution and it will just work. Let me tell you its not the case-- Its a tool you have to work to make it work.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: None provided.

Coming from a web dev pepe that deals with DDOS on site mitigation-- This is the explanation-- Any POST (data from user to site) is always the #1 attack vector for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof.

Its a rock and a hardplace. Most DDOS attacks have to be handled in multiple layers, real DDOS mitigation takes real active human effort.

The last site I had to protect, I had to implement a script that read logs in real time, I had to find a pattern of the attack vector, then write recognition regexes to identify the obvious attacks. Then you have to decide how many times in X seconds does this pattern have to appear to be "banned". Then you ban at server firewall level and took it a step further to then send that IP to cloudflare to ban it at the proxy level as well. Once you write this script it works... until the next pattern starts. And its a nightmare.

I praise the administrators efforts and ability to keep the site online. Its totally understandable that they disabled the search.

142 days ago
1 score
Reason: Original

Coming from a web dev pepe that deals with DDOS on site mitigation-- This is the explanation-- Any POST (data from user to site) is always the #1 attack vector for a DDOS attack. The next suggestion would be to do some rate limiting on the search on a client by client basis-- But this usually relies on IP addresses. First thing a typical DDOS does is-- rotate IP addresses.

Putting up forced captchas and browser checks when they click search is the only way... but its not bullet proof.

Its a rock and a hardplace.

142 days ago
1 score