Voat is being maliciously attacked (CHECK FOR UPDATES)

Voat is being maliciously attacked (CHECK FOR UPDATES) (announcements)

submitted 7.6 years ago by PuttItOut

Edit 5:

It's not over, they haven't given up entirely. I took down this sticky a few hours ago thinking that it was old news, but Voat is still being probed and attacked so I am putting this sticky back up.

Edit 4:

As many of you know already Voat is still being attacked, but in many different ways. We now believe this is related to Voat not taking down material without a court order.

Edit 3:

We are still being sent high amounts of traffic. For the time being let's just be happy we have remained online throughout this assault. Sorry about the thumbnails (text only Voat is so 1990s).

Top Traffic Last 24 Hours

DDOS Inflow

Edit 2:

This attack is relentless and dynamic. They have found holes in our system and hit us where we never expected. This has forced us to reconfigure our network and site behavior to prevent repeat attacks.

Voat has been put into "lockdown" mode so things like thumbnail generation are disabled.

Edit:

These guys are actually fairly creative. We might have a worthy opponent here. Buckle up Voat.

One of the reasons yesterday's attempt at rolling forward the port code failed was that Voat was being sent DDOS style requests in very large numbers. See yesterdays announcement about this topic.

Voat is at a stage now that the code can somewhat deal with this without capitulating. Usually these attacks only last 10-12 hours, but this current run has been longer in duration than normal so we are now informing the community that we are actually being maliciously targeted.

Below are some interesting graphs showing some stat data:

Top traffic sources in Last 24 hours

Requests over last 30 days

CPU drop when CF DDOS Protection turned on

I'll provide more info when we have it, but PG.

Until then, enjoy having your bits closely inspected. Please don't be shy about it either, just go with it. This includes the ladies as well... ;)

https://voat.co/v/announcements/1330806

718 comments

You are viewing a single comment's thread.

view the rest of the comments →

10794596? 7.6 years ago

How about block the entire countries until it's sorted out? or at least the subnet? Like I said the best method to prevent such attack is installing a flood protection, and limit the number of concurrent connections per IP of a port . Use CSF firewall and enable flood protection to 443 port, and redirect traffic coming to 80 to 443. Also you could move to OVH. Their DDOS protection can suck large attacks with ease, and it's also completely for free.

In csf.conf file you can add this line. This limits number of concurrent connections to 8 of port 443. Nowadays a browser like Chrome allows maximum 8 concurrent connections per host, so if there are multiple subdomains/domains then each one doubles this value. The second one limits the connections per time based. 20 connections within 6 seconds to 443/TCP port per IP. I am not sure about Windows host, but still you could proxy the traffic. Use a Linux Nginx server in front of the Windows host, and filter the traffic. Nginx is super fast, and it with combination of CSF you could relieve this DDOS attack somewhat. If it still doesn't work, get a OVH host their bandwidth is unlimited, and use it as a proxy server in front of your actual server. In OVH host install nginx and CSF as well to make it more effective. And finally make sure to block all the ports that are not used.

CONNLIMIT = "443;8" PORTFLOOD = "443;tcp;20;6"

link