Bitcoin Forum

Other => Meta => Topic started by: theymos on November 29, 2017, 08:07:39 PM



Title: Moving to Cloudflare
Post by: theymos on November 29, 2017, 08:07:39 PM
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.


Title: Re: Moving to Cloudflare
Post by: Coin-Keeper on November 29, 2017, 11:01:07 PM
Quote
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

The thought of willingly passing passwords in clear text is quit disturbing for a security concerned member (me).  I can counter the PM issue as I do elsewhere by using GPG'd PMs, which are encrypted and decrypted ONLY locally on this end as needed.  At some sites I only respond to PM's where both sides have good OPSec using GPG on messages.  Is there any chance that bitcointalk could counter assault this huge password weakness by allowing U2F keys for members?  Even cloudfare can't do shit about getting around an encrypted key from a member's U2F and the site server?  I am not asking you to require U2F just allow it for those that are security concerned.  With the price of BTC and users that have been in the game for awhile the risks of doing stuff in "plain text" during logins is not Plan A by any means.


Title: Re: Moving to Cloudflare
Post by: theymos on November 29, 2017, 11:35:34 PM
The thought of willingly passing passwords in clear text is quit disturbing for a security concerned member (me).  I can counter the PM issue as I do elsewhere by using GPG'd PMs, which are encrypted and decrypted ONLY locally on this end as needed.  At some sites I only respond to PM's where both sides have good OPSec using GPG on messages.  Is there any chance that bitcointalk could counter assault this huge password weakness by allowing U2F keys for members?  Even cloudfare can't do shit about getting around an encrypted key from a member's U2F and the site server?  I am not asking you to require U2F just allow it for those that are security concerned.  With the price of BTC and users that have been in the game for awhile the risks of doing stuff in "plain text" during logins is not Plan A by any means.

What I meant is that Cloudflare can see your unencrypted password when you log in. It's still encrypted from the real server to Cloudflare and from Cloudflare to you. So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything. If you use PGP for important communications and use a unique password, then IMO this addresses the plausible attacks well enough.

The U2F thing is a good idea in principle, but I've long been uneasy about fiddling with the authentication. I don't want to make a mistake which breaks security.


Title: Re: Moving to Cloudflare
Post by: Quickseller on November 30, 2017, 12:27:22 AM
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Have you considering setting up a www2.bitcointalk.org subdomain for PMs? (that would operate outside of cloudflare)

If cloudflare can read our plaintext password, does that mean someone from google could impersonate us by entering our password, and read our PMs?


Title: Re: Moving to Cloudflare
Post by: hilariousetc on November 30, 2017, 08:20:29 AM
Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? I have no idea how much it would cost to create or run something like this but I'm sure it would be a worthy project people could get behind and would make for a decent ICO. Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.


Title: Re: Moving to Cloudflare
Post by: radeone on November 30, 2017, 09:52:35 AM
I suppose it is a necessary evil.


Title: Re: Moving to Cloudflare
Post by: vv181 on November 30, 2017, 10:58:16 AM
The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...
https://gladius.io/ Could be the solution. But the project not yet finished though.


Title: Re: Moving to Cloudflare
Post by: Mitchell on November 30, 2017, 11:31:24 AM
To be honest, I rather have a forum with a lot of downtime, because of a DDoS, than handing over everything I do on Bitcointalk to Cloudflare/NSA. If we really have to go down this path, make it at least possible to bypass CloudFlare when logging in, updating your password and anything else that might be seen as sensitive data.


Title: Re: Moving to Cloudflare
Post by: ibminer on November 30, 2017, 02:14:59 PM
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.

Interesting.... nothing bad could happen here....  ???  Are the DDoS's using the search feature?  What else could be disabled to mitigate?  I can only imagine the types of attacks the site gets but the decision seems quick and a bit extreme, haven't there been worse attacks?  I honestly don't have anything to hide from the NSA but I do value my privacy. And the general thought of the NSA collecting usernames/passwords on bitcointalk users is going to give me nightmares.  :(


Title: Re: Moving to Cloudflare
Post by: Jet Cash on November 30, 2017, 03:38:59 PM
I suspect there may be many members like me who don't really care if their posts or messages are read. If I need to make some confidential arrangements with somebody, then I would do this away from the forum. My primary concern is the protection of my posting. You may not agree with my opinions and ideas, but at least they are mine, and I don't want anybody pretending to be me to post other information, or to perpetrate any fraud. Anything that helps to reduce spam and malicious attacks is good in my opinion.


Title: Re: Moving to Cloudflare
Post by: Welsh on November 30, 2017, 04:44:35 PM
I suspect there may be many members like me who don't really care if their posts or messages are read. If I need to make some confidential arrangements with somebody, then I would do this away from the forum. My primary concern is the protection of my posting. You may not agree with my opinions and ideas, but at least they are mine, and I don't want anybody pretending to be me to post other information, or to perpetrate any fraud. Anything that helps to reduce spam and malicious attacks is good in my opinion.
Everyone should be concerned about privacy, especially storing things in plain text. Compromises have to be done though to assure the stability of the server. It's sad that this protection is also under a monopoly and really only one company can protect against it or has the resources too. Nothing has changed in terms of personal messages though as any sensitive messages should have already been encrypted.


Title: Re: Moving to Cloudflare
Post by: Jet Cash on November 30, 2017, 05:25:14 PM
There are two aspects to privacy. Reading other people's communications, and watching their actions. I'm now old enough to be boring, so I'm not too worried about this. I believe that it is better to use "the system" legally, rather than try to fight it, so I suspect that the government and its controlling superiors are well aware of my actions. The other aspect is identity theft, and this is where we need to take precautions, and be aware of potential problems.


Title: Re: Moving to Cloudflare
Post by: achow101 on November 30, 2017, 07:00:40 PM
The current Cloudflare solution appears to be blocking bots.

I run two bots that crawl the site periodically, the one for bctalkaccountpricer.info and another one for ACE. Both of these have been blocked from accessing the forum.


Title: Re: Moving to Cloudflare
Post by: ibminer on November 30, 2017, 07:14:45 PM
So it's not blatantly insecure except in that Cloudflare is very probably an NSA honeypot, and it's not like the NSA is going to steal your password in order to scam people on bitcointalk.org or anything.

If a secret service agent is willing to break the law to get bitcoins, why wouldn't an NSA agent?  And why is it they can only read... couldn't traffic be altered?

The recent data leak is also not comforting: https://techcrunch.com/2017/02/23/major-cloudflare-bug-leaked-sensitive-data-from-customers-websites/





The current Cloudflare solution appears to be blocking bots.

I run two bots that crawl the site periodically, the one for bctalkaccountpricer.info and another one for ACE. Both of these have been blocked from accessing the forum.

Not sure if this is related or not?

--snip--
Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.


Title: Re: Moving to Cloudflare
Post by: Jet Cash on November 30, 2017, 07:35:41 PM
Is this active at the moment. I'm getting server 500 errors. It's not really a problem because a reload seems to clear it.


Title: Re: Moving to Cloudflare
Post by: InvoKing on November 30, 2017, 08:53:54 PM
Is this active at the moment. I'm getting server 500 errors. It's not really a problem because a reload seems to clear it.

Have the same error frequently but since it gets resolved rapidly when reloading, well, it is relatively tolerated..
BTW, couldn't be the NSA conducting the ddos attacks? and what's the point of ddosing the forums?
Downtime isn't a good thing for sure but the idea of hilarious is good if feasible


Title: Re: Moving to Cloudflare
Post by: Jet Cash on November 30, 2017, 09:02:55 PM
It's probably some guy who got the hump because he was banned.


Title: Re: Moving to Cloudflare
Post by: FFrankie on December 01, 2017, 12:26:59 AM
Sounds like you just sold the site to the NSA.

I agree with Mittchell I would rather have downtime than being a sell out


Title: Re: Moving to Cloudflare
Post by: minifrij on December 01, 2017, 09:16:22 AM
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
If this is the case, I think that now would be a good time to implement this plugin (https://bitcointalk.org/index.php?topic=364307.msg7733979#msg7733979) or something similar to keep accounts secure, should another Cloudbleed happen. It's well overdue regardless.

Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? ... Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.
This is something that I would happily support with my BTC. Please consider this, theymos.


Title: Re: Moving to Cloudflare
Post by: hilariousetc on December 01, 2017, 11:21:02 AM
Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? ... Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.
This is something that I would happily support with my BTC. Please consider this, theymos.

Same, as I'm sure many others would also. Most ICOs are just hollow get rich quick schemes run by greedy scammers but I'd happily support one for a valuable service created by reputable people and it could actually be one that makes a lot of money as a business which we could give back to investors as dividends. Maybe bitcointalk could create it's own coin and give that out for promoting the ICO and bonuses for helping out the forum as well.


Title: Re: Moving to Cloudflare
Post by: vv181 on December 01, 2017, 01:47:35 PM
Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? ... Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.
This is something that I would happily support with my BTC. Please consider this, theymos.

Same, as I'm sure many others would also. Most ICOs are just hollow get rich quick schemes run by greedy scammers but I'd happily support one for a valuable service created by reputable people and it could actually be one that makes a lot of money as a business which we could give back to investors as dividends. Maybe bitcointalk could create it's own coin and give that out for promoting the ICO and bonuses for helping out the forum as well.
Instead of wasting such tremendous amount of energy to create our own DDOS protection system, There is an existing project for that https://gladius.io/. I have not done some research yet, but I hope it's a good reference for Theymos to consider using decentralized anti-DDOS service.


Title: Re: Moving to Cloudflare
Post by: hilariousetc on December 01, 2017, 02:36:18 PM
Well there's always room for competition but I'll have to check it out as well like you, but if that meets all our needs then great. Maybe theymos could donate some funds to the development of that instead.


Title: Re: Moving to Cloudflare
Post by: theymos on December 01, 2017, 08:08:32 PM
Here's what would need to be done to replace Cloudflare: https://bitcointalk.org/index.php?topic=2497008.0


Title: Re: Moving to Cloudflare
Post by: nullius on December 01, 2017, 10:11:40 PM
I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, […]

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.

Thank you, theymos, for honestly disclosing and discussing the facts about Cloudflare.  It is for exactly the reasons you stated that I filed Tor Browser bug #24351: Block Global Active Adversary Cloudflare (https://trac.torproject.org/projects/tor/ticket/24351).

I usually dislike Cloudflared sites.  Well, here is one run by someone who actually understands.  What a conundrum!  I suppose I simply won’t send any data to this forum which I would not publish openly.

Good luck stopping the DDoS attacks; and I hope you can find a better solution someday soon.


Title: Re: Moving to Cloudflare
Post by: nullius on December 04, 2017, 06:12:29 PM
I just got Cloudflare CAPTCHAed.  I infer it may only have been the “currently offline” error page?  Was the site down?  What is going on here?


I didn’t do the CAPTCHA; I just waited awhile for the site to come back up, and then it loaded without CAPTCHA.  I don’t know whether the wait also resulted in me using a different Tor circuit, due to Tor’s circuit dirtiness timeout.

(I then got more Cloudflare errors when trying to post this, but no CAPTCHA.  Error 504, then 502.  I guess the first time, Cloudflare decided the error message was too precious to be served without CAPTCHA.)


Title: Re: Moving to Cloudflare
Post by: ibminer on December 04, 2017, 06:16:27 PM
I've been getting several 504 (gateway time-out) errors from Cloudflare today, seems to come and go.


Title: Re: Moving to Cloudflare
Post by: jojo69 on December 04, 2017, 06:46:54 PM
that sucks

I am sorry that it has come to this Theymos

thank you for your efforts


Title: Re: Moving to Cloudflare
Post by: savetherainforest on December 05, 2017, 12:33:30 AM


The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...



How about a forum based on blockchain?? We would just log into a software and we will be the servers. And hell, we can even have shares and trade on them like a coin. :)


Title: Re: Moving to Cloudflare
Post by: nullius on December 05, 2017, 01:34:51 AM


The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...



How about a forum based on blockchain?? We would just log into a software and we will be the servers. And hell, we can even have shares and trade on them like a coin. :)

Sigh.  A “blockchain” is not some magic pixie dust you can sprinkle onto any problem and make it disappear.  If you don’t believe me, try setting up your own Steem full node.  Yup.  Not happening.  —  Oh, Steem is exactly your idea, including the coin part.  To run a full node, minimum listed requirements are a dedicated server with at least 32GiB RAM and large, fast disks.  For this and other reasons, Steem is quite centralized; instead of “being their own servers”, almost all users just log into the centrally managed Steemit website.  I’m not sure what the point is, other than “blockchain”.


Title: Re: Moving to Cloudflare
Post by: Ivor Biggun on December 07, 2017, 09:20:28 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.


Title: Re: Moving to Cloudflare
Post by: nullius on December 07, 2017, 09:32:08 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

A fee to log in!?  Are you serious?

N.b. that (a) the move behind Cloudflare at the end of November is absolutely irrelevant to login issues, discussed separately since October (https://bitcointalk.org/index.php?topic=2286988.0); (b) everybody’s connections go through Cloudflare, for every connection to the site; and (c) Tor users (among others) are already charged a fee to create an account.


Title: Re: Moving to Cloudflare
Post by: Ivor Biggun on December 07, 2017, 10:11:53 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

A fee to log in!?  Are you serious?

N.b. that (a) the move behind Cloudflare at the end of November is absolutely irrelevant to login issues, discussed separately since October (https://bitcointalk.org/index.php?topic=2286988.0); (b) everybody’s connections go through Cloudflare, for every connection to the site; and (c) Tor users (among others) are already charged a fee to create an account.

Theymos said he's unenthusiastically using Cloudflare to protect against DDoS attacks. I assume some of those attacks come through Tor and VPN users. Those users couldn't DDoS if they had to pay a tiny fee to login, and further fees if they make excessive HTTP requests. They are already prepared to pay a registration fee for privacy, charging small log in fees isn't much different.

Furthermore, charging a fee for excessive HTTP requests could protect against botnet DDoS attacks from regular IP addresses. Normal users wouldn't even notice because they don't make huge numbers of HTTP requests.

I guess most of the accounts involved in DDoSing are newbies. During times of excessively heavy load on the forum newbie accounts could be asked to either pay a small log in fee, or return later when there's less users accessing the system.


Title: Re: Moving to Cloudflare
Post by: stompix on December 08, 2017, 03:11:57 PM
Forum is slow on loading, that is not something new I assume since the move.

But, I've never encountered an error apart from guess what, reporting a post/thread.
Tried several times this today (different reports of course) but I always get a timeout (error 524) that picture with:

Browser Working
Cloudfare Working
Bitcointalk host error

It has never happened on anything else, post/search/pm.



Title: Re: Moving to Cloudflare
Post by: hilariousetc on December 08, 2017, 03:16:24 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).


Title: Re: Moving to Cloudflare
Post by: nullius on December 08, 2017, 08:48:25 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).

Thank you.  As a Tor user, I admire this forum’s high-level culture of respect for privacy.


Title: Re: Moving to Cloudflare
Post by: Ivor Biggun on December 08, 2017, 09:52:46 PM
Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).

Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.


Title: Re: Moving to Cloudflare
Post by: frodocooper on December 09, 2017, 03:48:49 AM
Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.

Not every wallet has the ability to sign messages. Also, one registers for a forum account using an email address, not a Bitcoin address.


Title: Re: Moving to Cloudflare
Post by: Ivor Biggun on December 09, 2017, 03:58:08 AM
Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.

 registering for a forum account doesn't require a Bitcoin address, only an email address.

Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.


Title: Re: Moving to Cloudflare
Post by: frodocooper on December 09, 2017, 04:06:08 AM
Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.

The Tor user may pay the fee from a bitcoin exchange account. As far as I'm aware, exchanges do not offer their customers the option of signing messages.

Also, if the Tor user's non-exchange wallet has many inputs to many addresses, and pays the fee from that wallet, which address(es) would the Tor user then have to use to sign the message? And if the Tor user pays the fee from non-P2PKH addresses (e.g., segwit P2SH addresses or multisig P2SH addresses), the Tor user can't sign the message using those addresses.

And again, not every wallet has the ability to sign messages, with mobile and web wallets being the most obvious examples.


Title: Re: Moving to Cloudflare
Post by: Ivor Biggun on December 09, 2017, 04:17:32 AM

The Tor user may pay the fee from a bitcoin exchange account. As far as I'm aware, exchanges do not offer their customers the option of signing messages.


The average fee users pay is below most exchanges minimum withdrawal allowed. Any users who couldn't sign messages from an address could be given an option to associate another address with their account.



if the Tor user's non-exchange wallet has many inputs to many addresses, and pays the fee from that wallet, which address(es) would the Tor user then have to use to sign the message?


Signing from any of those addresses should be OK.





not every wallet has the ability to sign messages, mobile and web wallets being the most obvious examples.

They can export the private key from their mobile or web wallet, then import it into a wallet capable of signing messages. The blockchain.info web wallet allows exporting private keys.



Title: Re: Moving to Cloudflare
Post by: Quickseller on December 09, 2017, 06:37:45 AM
And if the Tor user pays the fee from non-P2PKH addresses (e.g., segwit P2SH addresses or multisig P2SH addresses), the Tor user can't sign the message using those addresses.
Sure they can. They can sign from the private key(s) used to sign the transaction. The public key associated with the private key(s) used to sign a transaction is public information once the transaction is broadcast.


Title: Re: Moving to Cloudflare
Post by: nullius on December 09, 2017, 07:26:21 AM

The Tor user may pay the fee from a bitcoin exchange account. As far as I'm aware, exchanges do not offer their customers the option of signing messages.


The average fee users pay is below most exchanges minimum withdrawal allowed.

Single data point:  This applies to me.  I don’t wish to discuss details publicly.  I did overpay.

Any users who couldn't sign messages from an address could be given an option to associate another address with their account.

Well, then why bother with the large (and futile) effort of trying to associate a payment-from address?  Delegating trust to a public key (Bitcoin or otherwise) is an ordinary key management issue; and it’s orthogonal to the anti-abuse payment mechanism.

And if the Tor user pays the fee from non-P2PKH addresses (e.g., segwit P2SH addresses or multisig P2SH addresses), the Tor user can't sign the message using those addresses.
Sure they can. They can sign from the private key(s) used to sign the transaction. The public key associated with the private key(s) used to sign a transaction is public information once the transaction is broadcast.

https://github.com/bitcoin/bitcoin/issues/10542 (only discusses Segwit P2WPKH-in-P2SH; generalizing a signature scheme for P2SH would be a non sequitur.)

I recently made this mistake, much to my embarrassment.



Anyway, this whole discussion is on the wrong thread.  The login CAPTCHA issue is distinct from the Cloudflare issue.  theymos added the login CAPTCHA sometime before 2017-10-19 (https://bitcointalk.org/index.php?topic=2286988.0), and moved behind Cloudflare 2017-11-29 (https://bitcointalk.org/index.php?topic=2485318.msg25449826#msg25449826).  The login CAPTCHA is not from Cloudflare.


Title: Re: Moving to Cloudflare
Post by: ImHash on December 09, 2017, 08:58:18 AM
No matter using cloudflare or something else, NSA already had access to forum's servers, Since they are in USA.


Title: Re: Moving to Cloudflare
Post by: nullius on December 09, 2017, 09:12:40 AM
No matter using cloudflare or something else, NSA already had access to forum's servers, Since they are in USA.

Why would they bother trying the back door, when sites (and browsers (https://bugs.debian.org/831835)) grant them front-door access?

Cloudflare is a global active adversary which MITMs (https://trac.torproject.org/projects/tor/ticket/24351) every connection by design, as theymos wisely noted.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS [...]

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.


Title: Re: Moving to Cloudflare
Post by: Md.Esamul Haque on December 09, 2017, 09:15:38 AM
I think there might be numerous individuals like me who don't generally mind if their posts or messages are perused. On the off chance that I have to make some secret courses of action with some individual, at that point I would do this far from the discussion. My essential concern is the security of my posting. You may not concur with my assessments and thoughts, but rather at any rate they are mine, and I don't need anyone putting on a show to be me to post other data, or to execute any extortion. Anything that diminishes spam and pernicious assaults is great as I would like to think.


Title: Re: Moving to Cloudflare
Post by: ChipMixer on December 09, 2017, 01:31:13 PM
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Is there an official .onion proxy of BitcoinTalk that bypass Cloudflare? We do sometimes get support request PMs.

How about BitcoinTalk Pro accounts with monthly payments, private proxy without Cloudflare and captchas, bot access?


Title: Re: Moving to Cloudflare
Post by: subSTRATA on December 10, 2017, 09:13:17 PM
Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.

 registering for a forum account doesn't require a Bitcoin address, only an email address.

Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.
that's only if the exit node ip has points of evil associated with it though, i could imagine some new nodes might not have any points linked to them.


Title: Re: Moving to Cloudflare
Post by: nullius on December 10, 2017, 09:27:42 PM
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Is there an official .onion proxy of BitcoinTalk that bypass Cloudflare? We do sometimes get support request PMs.

How about BitcoinTalk Pro accounts with monthly payments, private proxy without Cloudflare and captchas, bot access?

THIS.  Thank you.  A Bitcointalk .onion was on my mind all week, together with other anti-DDoS mitigation ideas about which I hope to write up suggestions.  It is also something I may perhaps, maybe, perhaps be willing to not only talk about (hint, hint).

.onion sites already have less exposure to DDoS than sites on the open Internet.  Connections to .onion have no access to a full network stack—only to streams through Tor’s circuit protocol, a custom stream transport layer.  No TCP handshake tricks, no amplified UDP floods to clog the pipes, etc.  I suppose theymos’ “homebrew” anti-DDoS had already stopped those.  But also, the capacity limitations and cell queuing mechanisms of the Tor network and its nodes provide some upper bounds on any type of DDoS which uses high bandwidth.  That leaves (1) specialized attacks against the Tor onion proxy, (2) DDoS against introduction points, and (3) any relatively moderate-/low-bandwidth application-layer attacks.  (“Relatively” compared to DDoS which uses tens or hundreds of gigabits per second.)

For (1), lock down that onion proxy tight and isolate it from the web backend—which you should do anyway.  At least it can’t take down the site itself, or affect reachability from clearnet.  Better still, use onionbalance (https://onionbalance.readthedocs.io/en/latest/) with multiple onion proxies; that gives load-balancing and failover, and also permits isolating v2 .onion private keys from the machines handling visitor traffic.  (2) is really a Tor network issue, though maxing out your intro points with onionbalance will help.  For (3), well, as always—don’t run poorly designed software.  nginx is already robust against HTTP-level DDoS; I have no idea about the vulnerability profile of SMF, other than that it’s database-intensive forum software written in PHP.  I guess, start by disabling the search function through .onion...

I don’t see why a monthly paid subscription should be required.  If that was intended as an idea for .onion, it would effectually restrict .onion use to people who directly make money off the forum—signature campaigners, etc.  Instead, to prevent abuse, I’d suggest that full posting privileges through .onion be restricted to full Members or paid Copper Members.  (I am guessing that Junior Member accounts may be too cheap on the account sale market, especially for hacked accounts.)  .onion posters without those ranks should be restricted through a “newbie jail”-like system.  Those who could not afford paid membership, could spend a few months ranking up in the .onion jail—or through clearnet exits, just like now.  For spammers and scammers, throwaway accounts would be prohibitively expensive.

Perhaps also add a “.onion” tag below the username and rank for posts made through .onion.  I am reluctant to suggest that, given the level of prejudice some people have against Tor users; but I don’t think the moderators here have such a bias, which is the important part to me, personally.  I myself would be proud to wear a “.onion” tag.  I would explicitly add it, if it were offered as an option.

For a non-location-hidden .onion, as I presume this would be, single-onion mode should be snappy for users.  Projects such as Debian (https://onion.debian.org/) and Tor Project (https://onion.torproject.org/) successfully run high-bandwidth services such as public apt repositories through .onions, using onionbalance.  Debian users can do all their OS updates without ever touching clearnet!  Use of .onion also helps the Tor network, by shifting load off the bottleneck of exit nodes.  Any relay can serve as as a rendezvous point, including the far more numerous “middle nodes”.

Note that any .onion version of the forum must be verified to work with Javascript disabled.  Excepting signup and login functions, basic functionality seems to work fine that way.

Anything that diminishes spam and pernicious assaults is great as I would like to think.

Cloudflare’s effect on spam should be somewhere between negligible and nil.  It’s an anti-DDoS reverse proxy network and caching CDN; it also filters out attacks against braindead applications which can’t handle Bobby Tables.  I don’t see how it could help much against spam; how could the HTTP requests involved in spam posts be distinguished from legitimate network traffic?  Especially the spam posts made by nominal humans?  Though I suppose that forum spam is a wetware-layer DDoS.  It does “deny service” when the forum is unreadable.

Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.
that's only if the exit node ip has points of evil associated with it though, i could imagine some new nodes might not have any points linked to them.

I wonder whether theymos’ “evil IP” system uses the publicly known IPs of Tor exits, as published in the consensus.  It would make sense to charge a set price to all Tor users, rather than varying the fee by measurements taken on a particular exit IP.  But n.b., not all exits actually exit through the same IP as they use for their ORPort.  I recall some research finding that as many as 10% of exits did otherwise.  This is useful for avoiding blocks, but risky for node operators since the IP is not listed in the “exonerator”.


Title: Re: Moving to Cloudflare
Post by: Quickseller on December 11, 2017, 12:23:35 AM
The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Is there an official .onion proxy of BitcoinTalk that bypass Cloudflare? We do sometimes get support request PMs.

How about BitcoinTalk Pro accounts with monthly payments, private proxy without Cloudflare and captchas, bot access?

THIS.  Thank you.  A Bitcointalk .onion was on my mind all week, together with other anti-DDoS mitigation ideas about which I hope to write up suggestions.  It is also something I may perhaps, maybe, perhaps be willing to not only talk about (hint, hint).

.onion sites already have less exposure to DDoS than sites on the open Internet. 
There have been plenty of .onion sites that have been DDoS'ed over the years. I know that Silk Road had a decent number of DDoS issues, and Ulbright apparently spent a decent amount of money fighting it. I am not sure if he implemented any of what you suggested though.


Title: Re: Moving to Cloudflare
Post by: nullius on December 11, 2017, 01:37:09 PM
A Bitcointalk .onion was on my mind all week, together with other anti-DDoS mitigation ideas about which I hope to write up suggestions.  It is also something I may perhaps, maybe, perhaps be willing to not only talk about (hint, hint).

.onion sites already have less exposure to DDoS than sites on the open Internet. 

There have been plenty of .onion sites that have been DDoS'ed over the years. I know that Silk Road had a decent number of DDoS issues, and Ulbright apparently spent a decent amount of money fighting it. I am not sure if he implemented any of what you suggested though.

I was careful not to suggest that .onions be DDoS-proof.  Of course, they’re not.  But they do radically change the attack surface, largely for the better (at least against DDoS).

In practice, I would suppose that probably, the best means to deny access to a .onion would be to DDoS its introduction points.  Those have publicly known IP addresses; and I doubt many Tor node operators are prepared to handle even something so commonplace as an amplified flood of UDP packets in response to forged DNS requests.  The .onion will become available again as it changes introduction points; but meanwhile, users will have an awful time getting through.  I am not saying anything which is not already well-known and widely discussed amongst Tor devs.

On another note, I would not deem Ulbricht competent to admin the website for a hot-dog cart.  Let alone to run a site under a threat model far beyond my abilities, and likely beyond the capability of the Tor network.  He couldn’t even keep PHP (!) errors from spilling his servers’ guts.  I guess he must have been high on drugs (https://bitcointalk.org/index.php?topic=1184641.msg26140103#msg26140103).  I would not take any lessons from his experience, other than mining it for examples of what not to do.  Whereas .onions run by competent sysadmins have survived extreme DDoS attempts.


Title: Re: Moving to Cloudflare
Post by: nullius on December 11, 2017, 03:22:02 PM
Hot off the presses, a Cloudflare-blocking browser add-on!  a.m.o. currently says it was last updated “an hour ago (Dec 11, 2017)”:

https://addons.mozilla.org/en-US/firefox/addon/block-cloudflare-mitm-attack/

I have not yet examined the code.  Use at your own risk, pending review.

Referred by:

https://trac.torproject.org/projects/tor/ticket/24351#comment:25

Cheers to whomever did this.  “Cypherpunks write code.”


Title: Re: Moving to Cloudflare
Post by: Meuh6879 on December 12, 2017, 01:12:08 PM
can you (theymos) suppress the automated filtered ip.bitcointalk.org picture recreation ... if we are on cloudflare, now ?

many pictures are not recreate now (on popular thread : the Wall Observer).


Title: Re: Moving to Cloudflare
Post by: nullius on December 12, 2017, 07:57:54 PM
can you (theymos) suppress the automated filtered ip.bitcointalk.org picture recreation ... if we are on cloudflare, now ?

How is Cloudflare thus relevant?  The purpose of the image proxy is to “improve privacy and eliminate mixed content warnings (https://bitcointalk.org/index.php?topic=343912.msg3684352#msg3684352)”.  (I also speculate that it might filter some evil, though that’s only an idle guess.)  It has nothing to do with DDoS protection, other than needing it.



On a related note, I am now working to spearhead the development of a browser add-on to block Cloudflare (https://github.com/nym-zone/block_cloudflare_mitm_fx/).  Bitcointalk.org is discussed in Issue 4 (https://github.com/nym-zone/block_cloudflare_mitm_fx/issues/4#issue-281169062).

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...


Title: Re: Moving to Cloudflare
Post by: jojo69 on December 13, 2017, 04:59:30 PM
it isn't working


Title: Re: Moving to Cloudflare
Post by: hilariousetc on December 13, 2017, 05:22:29 PM
it isn't working

Yeah, I'm not sure it even works very well because every other website that uses it seems to have a lot of downtime and cloudflare errors. There's seemingly no difference between when we had theymos' own version and it's been especially bad today. Barely been able to use the site at all, so not sure how effective the service really is if the forum is still going to be unusable.


Title: Re: Moving to Cloudflare
Post by: InvoKing on December 13, 2017, 05:24:08 PM
I can hardly connect to bitcointalk.org and read the topics without many errors / downtime.
Another DDOS attack?
What's the difference between having cloudflare and not?

Edit : more than 3 minutes to pass this post (and i think the same time to pass this edit). Agree totally with hilarious.


Title: Re: Moving to Cloudflare
Post by: hilariousetc on December 13, 2017, 05:25:59 PM
Seemingly nothing at the moment.


Title: Re: Moving to Cloudflare
Post by: ibminer on December 13, 2017, 06:34:54 PM
Connectivity has sucked all day. NSA must have finally implemented their traffic analyzer  ;D  >:(  :(

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

Cloudflare is seriously flawed if your homemade DDoS protection works better than theirs.


Title: Re: Moving to Cloudflare
Post by: nullius on December 13, 2017, 08:43:40 PM
@theymos, this isn’t what you signed up for!  Not the downtime, and not the following—as seen through Tor.  Not changed by rotating circuits.  I can’t dump cookies, because I need to stay logged in (https://bitcointalk.org/index.php?topic=2549690.0); and once Cloudflare decided to demand from me an Internet cavity search, they locked me out of bitcointalk.org with a demand that I let them run their executable code on my machine.  I waited it out, and they eventually let me pass.


Cloudflare also repeatedly tried to Google-CAPTCHA me on their error pages.  No, thanks; I can do without seeing the holy secret errors.

This interrupted my repeated attempts to post the following.  (Anybody awaiting a reply from me elsewhere, please understand if it may be slow in coming.)



I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies.

it isn't working

Yeah, I'm not sure it even works very well because every other website that uses it seems to have a lot of downtime and cloudflare errors. There's seemingly no difference between when we had theymos' own version and it's been especially bad today. Barely been able to use the site at all, so not sure how effective the service really is if the forum is still going to be unusable.

I’ve oftentimes wondered how Cloudflare can afford to offer “free” DDoS protection.  Their product requires serious network bandwidth, hardware, sysadmin, and engineering.  Those cost money—lots of money.

Usually, “free” products (https://www.google.com/) which cost (https://www.facebook.com/) big money (https://www.youtube.com/) to offer (https://mail.google.com/) can be explained with the aphorism, “You are not the customer; you are the product.”  That raises the question, who pays?

In practice, who pays? is isomorphic to the ancient idiom:  Cui bono?

“You are the product.”  Bitcointalk.org is now a product.  For whom?  And does the customer truly wish for Bitcointalk.org to succeed?

At that, does Cloudflare itself like customers who “especially dislike Cloudflare”?  One of the great benefits of dependence on “huge centralized anti-DDoS companies” is that you can’t bite the hand which feeds you—at least, not more than that hand will deign to tolerate.  Too bad.  Even if this is only some generalized Cloudflare failure, I doubt that theymos stands at the front of their support queue.

Connectivity has sucked all day. NSA must have finally implemented their traffic analyzer  ;D  >:(  :(

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

Cloudflare is seriously flawed if your homemade DDoS protection works better than theirs.


Title: Re: Moving to Cloudflare
Post by: nullius on December 13, 2017, 10:08:43 PM
Well, it’s not only Cloudflare.  It’s that and/or something else:


Admins may e-mail me for details, if that would be useful.  (I doubt it; that’s all I saw.)  PM seems not so useful right now.


Title: Re: Moving to Cloudflare
Post by: Raize on December 14, 2017, 08:33:09 PM
I assume some of those attacks come through Tor and VPN users.

This does happen, but it's a whole lot more rare in practice. In reality, most attacks come from thousands of compromised IPs [botnets] run by people or organizations looking to blackmail operators into paying a fee or doing something like giving up user data. It has long been rumored that these entities with blackmailing power are often state-run themselves, in order to bully providers into sharing their data with "a trusted anti-DDoS company" that the governments can force to give up plain-text info about their customers more easily. Why bother even trying to get an operative in a position to run the site when you can sniff all the data and who is writing what via an anti-DDoS provider?

Cloudflare regularly provides the US gov't data on its customers (https://www.cloudflare.com/transparency/). I'm not sure I'd go so far as theymos and say they are basically CIA-run, but I do think they are forced to work with three-letter agencies all the time. If there are any people with principles that work for Cloudflare, it doesn't matter, they have to comply in order to keep their job, and I doubt they are allowed to talk about it even after they have left. Cloudflare itself might have state contracts, or do contracts for other DoD-like agencies and groups, all of which have the specific purpose of cataloging citizens for the government in clear violation of the fourth amendment and chilling the free speech guarantees of the first amendment.

I’ve oftentimes wondered how Cloudflare can afford to offer “free” DDoS protection.

For the same reason that OpenDNS sold to Cisco for a whopping $635 million. DoD contracts are phat loot and the CIA/NSA need the data routed in about who is doing what.


Title: Re: Moving to Cloudflare
Post by: nullius on January 03, 2018, 03:42:36 AM
[Edit again:  Raize, that (https://bitcointalk.org/index.php?topic=2485318.msg26336128#msg26336128) was the post of the thread.  I’d intended to reply before, to simply say:  Well said.]

This blocked a post.  I will try again, and edit if it’s still blocked.

Edit:  This is persistently blocking a particular post.  It is a very long post, which I spent much time writing in a text editor.  It contains a modest snippet of C code in BBcode code tags.  Other than that, I cannot imagine what trigger this is hitting.



Title: Re: Moving to Cloudflare
Post by: Bambulee on January 03, 2018, 08:55:23 AM
what about a solution like Protonmail using it?
https://protonmail.com/blog/ddos-protection-guide/

Radware’s technology does not require our SSL keys to operate effectively, meaning both layers of encryption that ProtonMail offers (SSL and OpenPGP) can be kept intact. Thus, there is no compromise in the privacy of our secure email service.


Title: Re: Moving to Cloudflare
Post by: Phash2k on January 03, 2018, 10:25:40 AM
Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!


Title: Re: Moving to Cloudflare
Post by: 1337leet on January 25, 2018, 09:31:53 PM

What I meant is that Cloudflare can see your unencrypted password when you log in.


How dumb can someone be?

I will not use this forum anymore because of that.

Bye


Title: Cloudflare inhibits downloads from bitcointalk.org
Post by: nullius on March 04, 2018, 03:14:59 PM
Quoting from another thread:

Here you go: https://bitcointalk.org/merit.txt.xz

Similar to trust.txt.xz, it'll be updated weekly. It will show only the last 120 days of data; someone else should archive the old ones if you want them.

Through Tor—and this is not the first time I’ve had this problem:

Code:
$ wget -S https://bitcointalk.org/merit.txt.xz
--2018-03-04 14:59:20--  https://bitcointalk.org/merit.txt.xz
Resolving bitcointalk.org (bitcointalk.org)... 104.20.208.69
Connecting to bitcointalk.org (bitcointalk.org)|104.20.208.69|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Date: Sun, 04 Mar 2018 14:59:41 GMT
  Content-Type: text/html; charset=UTF-8
  Transfer-Encoding: chunked
  Connection: close
  Set-Cookie: __cfduid=d96a5721469bb369ae9866953b833f0d91520175581; expires=Mon, 04-Mar-19 14:59:41 GMT; path=/; domain=.bitcointalk.org; HttpOnly; Secure
  CF-Chl-Bypass: 1
  Cache-Control: max-age=2
  Expires: Sun, 04 Mar 2018 14:59:43 GMT
  X-Frame-Options: SAMEORIGIN
  Strict-Transport-Security: max-age=2592000
  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
  Server: cloudflare
  CF-RAY: 3f65354a2c56729b-AMS
2018-03-04 14:59:23 ERROR 403: Forbidden.

I have had the same problem with PGP keys and the trust database.  Even right-clicking to save images from within a browsing session oft (inconsistently) results in a Cloudflare 403 HTML file, apparently due to some weird quirks in how Tor Browser interacts with Cloudflare’s control-freakiness.

I request a workaround or solution for this general problem.  (Note: “VPN” is a non-answer.)


Title: Re: Cloudflare inhibits downloads from bitcointalk.org
Post by: BenOnceAgain on March 04, 2018, 05:04:40 PM
Quoting from another thread:

Here you go: https://bitcointalk.org/merit.txt.xz

Similar to trust.txt.xz, it'll be updated weekly. It will show only the last 120 days of data; someone else should archive the old ones if you want them.

Through Tor—and this is not the first time I’ve had this problem:

Code:
$ wget -S https://bitcointalk.org/merit.txt.xz
--2018-03-04 14:59:20--  https://bitcointalk.org/merit.txt.xz
Resolving bitcointalk.org (bitcointalk.org)... 104.20.208.69
Connecting to bitcointalk.org (bitcointalk.org)|104.20.208.69|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Date: Sun, 04 Mar 2018 14:59:41 GMT
  Content-Type: text/html; charset=UTF-8
  Transfer-Encoding: chunked
  Connection: close
  Set-Cookie: __cfduid=d96a5721469bb369ae9866953b833f0d91520175581; expires=Mon, 04-Mar-19 14:59:41 GMT; path=/; domain=.bitcointalk.org; HttpOnly; Secure
  CF-Chl-Bypass: 1
  Cache-Control: max-age=2
  Expires: Sun, 04 Mar 2018 14:59:43 GMT
  X-Frame-Options: SAMEORIGIN
  Strict-Transport-Security: max-age=2592000
  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
  Server: cloudflare
  CF-RAY: 3f65354a2c56729b-AMS
2018-03-04 14:59:23 ERROR 403: Forbidden.

I have had the same problem with PGP keys and the trust database.  Even right-clicking to save images from within a browsing session oft (inconsistently) results in a Cloudflare 403 HTML file, apparently due to some weird quirks in how Tor Browser interacts with Cloudflare’s control-freakiness.

I request a workaround or solution for this general problem.  (Note: “VPN” is a non-answer.)

For the downloads problem, if the downloads do not require you to be logged in, accessing the BCT server by its direct IP address and/or a DNS record that resolves to the IP should make it accessible, provided BCT hasn't blacklisted all non-CF IPs.

For the website issue, how about 2FA, that could help the situation?  As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

You could also make a login URL that is not routed through CF.  I don't know how much hacking of SMF it would take to implement that.  Actually, cloudflare might have a way to direct certain URLs to directly point to the backend (BCT) servers.  I haven't messed with them in a while, since before they started doing their shared SSL service, so I'm not positive about this.

On the other hand, this might not address the problem that putting in a CDN was designed to prevent.  If the DDOS attacks were directed to the login URL it would then be vulnerable again.

I have an inherent distrust of infrastructure services that I don't control, which is why I try to avoid CDNs.  However, I have no website with as much traffic as BCT, so have never had to deal with that situation.

Best regards,
Ben


Title: Re: Moving to Cloudflare
Post by: RYXES on March 04, 2018, 05:08:22 PM
Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.


Title: Re: Cloudflare inhibits downloads from bitcointalk.org
Post by: nullius on March 04, 2018, 05:57:32 PM
Here you go: https://bitcointalk.org/merit.txt.xz

Through Tor—and this is not the first time I’ve had this problem:

[...403 error...]

For the downloads problem, if the downloads do not require you to be logged in, accessing the BCT server by its direct IP address and/or a DNS record that resolves to the IP should make it accessible, provided BCT hasn't blacklisted all non-CF IPs.

For the website issue, how about 2FA, that could help the situation?  As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

You could also make a login URL that is not routed through CF.  I don't know how much hacking of SMF it would take to implement that.  Actually, cloudflare might have a way to direct certain URLs to directly point to the backend (BCT) servers.  I haven't messed with them in a while, since before they started doing their shared SSL service, so I'm not positive about this.

On the other hand, this might not address the problem that putting in a CDN was designed to prevent.  If the DDOS attacks were directed to the login URL it would then be vulnerable again.

Thanks for the suggestions, Ben.

Unfortunately, to the best of my knowledge, all of your suggestions would require action by theymos; there’s nothing there which I could do myself, as a workaround to obtain downloads right now.  If there’s a legitimate public means to find a direct IP address, I’d appreciate being corrected here.  But I rather suspect that theymos wishes to keep his real IP addresses unknown to DDoSers; and if I could find it, so could they.

I have an inherent distrust of infrastructure services that I don't control, which is why I try to avoid CDNs.  However, I have no website with as much traffic as BCT, so have never had to deal with that situation.

Same here.  Specifically as to Cloudflare, in addition to how they sometimes cavity-search you with Javascript (https://bitcointalk.org/index.php?topic=3001981.msg30867189#msg30867189) while still failing to keep the site reliably available, see e.g.:

https://trac.torproject.org/24351

As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

Cloudflare intercepts all traffic (and modifies at least HTTP response headers), as a matter of course!

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. [...]

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, [...]

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

To get a gauge on what independent, no-MITM DDoS protection can require for a(n extremely) high-profile target, I found Protonmail’s experience interesting:

https://protonmail.com/blog/ddos-protection-guide/

Quote from: Protonmail
The attack faced by ProtonMail was highly sophisticated and unfortunately required extraordinary effort to defeat. In the next section, some technical details of the attack against us are discussed.

In defeating this attack, we were able to benefit from strong in-house technical expertise, along with a partnership with IP-Max (http://www.ip-max.net/), the leading networking experts in Switzerland. Defending against large scale DDoS attacks remains an expensive undertaking. Below are the typical costs for this type of DDoS protection:

Networking equipment: $30’000
BGP/GRE DDoS Mitigation (per year): $50’000  $100’000
Dedicated IP Transit (per year): $20’000
Maintenance Overhead: $10’000+

(N.b. that I don’t trust in-browser Javascript crypto which is downloaded separately for each session, and thus cannot be in any way verified and kept at a “known good” version.  That would be most dangerous for targeted attacks.  Moreso for a service which offers no alternative, as would allow people to choose according to their own security needs.  I’m not endorsing Protonmail by linking to them for other reasons; do your own PGP on your own hardware!)

For an easier limited workaround on theymos’ end, ChipMixer had an excellent suggestion upthread:

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Is there an official .onion proxy of BitcoinTalk that bypass Cloudflare? We do sometimes get support request PMs.

How about BitcoinTalk Pro accounts with monthly payments, private proxy without Cloudflare and captchas, bot access?

Though I would be concerned about the affordability of an ongoing subscription, an official .onion proxy would solve many problems.  I may even offer to help with such a project, depending on what would be required of me.  See my reply to ChipMixer (https://bitcointalk.org/index.php?topic=2485318.msg26106645#msg26106645) upthread.


Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.

And congratulations, Phash2k reinvented Steem.  This sort of nonsense reminds me of one of the earliest posts to which I awarded merit.  It spoke of how DHTs...

...get invoked in ignorance to every distributed systems problem because they're the first distributed systems tool people have heard of (sadly, "blockchain" is seems to be stealing this role), much as "neural network" has infested lay understanding of machine learning, or perhaps in other times "XML" was treated as a magical solution for inter-working serialization in places where it made little sense.

No, the problem will not be fixed by sprinkling some magical blockchain pixie dust on it.


Title: Re: Cloudflare inhibits downloads from bitcointalk.org
Post by: BenOnceAgain on March 04, 2018, 08:06:14 PM

Thanks for the suggestions, Ben.

Unfortunately, to the best of my knowledge, all of your suggestions would require action by theymos; there’s nothing there which I could do myself, as a workaround to obtain downloads right now.  If there’s a legitimate public means to find a direct IP address, I’d appreciate being corrected here.  But I rather suspect that theymos wishes to keep his real IP addresses unknown to DDoSers; and if I could find it, so could they.

...

Same here.  Specifically as to Cloudflare, in addition to how they sometimes cavity-search you with Javascript (https://bitcointalk.org/index.php?topic=3001981.msg30867189#msg30867189) while still failing to keep the site reliably available, see e.g.:

...

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

Yes, you are absolutely right.  I don't know what I was thinking, the only way you could exclude from CloudFlare is with a subdomain.  Anything else would terminate SSL on their side, even if there's another SSL connection between CF and BCT.

I thought that potentially BCT's IP was known/listed somewhere since it was known by all of our DNS resolvers before CF came into the picture, but a quick Google search didn't turn up anything, so perhaps not.

I had no idea they were doing what I assume is some sort of browser fingerprinting with javascript.  That makes it even worse.  I remember reading last summer, in connection with some white supremacist website that was being shut down by hosters, CF, even the domain registrars, that CF made a claim that they provide service to some high percentage of all global web traffic.

I can't find the number now, and while I certainly am not supporting that website or that sort of hate, I also don't believe that an entity should have such a high percentage of control over internet traffic.  With very little exception, anytime there is high concentrations of power in the hands of a few, the power is abused.

Which of course 99.9% of the people reading this are well aware, considering we are on the Bitcoin Forum.

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. [...]

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, [...]

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

I agree with each of theymos's statements here.  The need for large sites to use one of just a few services that provide high-capacity DDoS mitigation is just another point of control.  I don't know if the "intelligence" agencies own Cloudflare or not (would not be surprised), but I'm betting they have a nice convenient backdoor regardless.

HTTPS as a centralized protocol will hopefully be obsoleted by better, decentralized ways of propagating HTML.  I look to IPFS as an interesting approach that may be part of that solution.  Also, considering that multicast in IPv6 might actually properly function instead of crap implementations from ISP to ISP, that could be a great way to save on needless duplicative packets for broadcast data (such as Bitcoin blocks, for example).

The cost that Protonmail incurs for independent DDoS mitigation is ridiculous.  It's almost a form of extortion.  Watch it turn out that these companies are behind the DDoS attacks themselves, nothing suprises me anymore as to the lengths that greedy people will go to.


Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.

I don't support ICOs for everything under the sun, nor are distributed ledgers code that solve all problems of humanity.  Both of these things are tools that have proper uses and, unfortunately, many attempts at applying them well beyond their competencies.  If I had a spare 10 or 50 BTC I would certainly donate it to this forum because it has taught me so much over the years and remains one of the few gems that remains free from moderation for political reasons.  Despite many complaints I've read, I believe the new merit system will make big impacts on the number of crap posts and improve the fidelity of the forum.

Personally, I would never want this forum to be closed or behind a paywall of some sort.  I believe that community communication benefits all those that pursue truth.  When it comes to information, such as the discussion that takes place on this forum, everyone should be able to openly share their views.  This is a big part of the reason that the world is increasingly being seen as the huge corrupt racket that it is, and has been for many decades, even centuries.  We just couldn't share our findings with each other easily before.  Because we can now, we've been able to build off of each others knowledge, as a collective, that can be expanded upon.  This is the power of the Internet, the ability to communicate your message to the world instantly.  Next phase, to pull that corruption down and rebuild it with better, more fair and transparent constructs.  Bitcoin being the very first of those, and arguably the most impactful as it goes straight to the core of the corruption, the banksters.

Best regards,
Ben


Title: Re: Moving to Cloudflare
Post by: bitpop on March 21, 2018, 11:09:08 AM
They attack you until you give in and move to Cloudflare, not much choice. Are you at least using that temporary ssl feature?
https://www.cloudflare.com/ssl/keyless-ssl/

Are you using https://origin-pull.cloudflare.com/
It helps enforce Cloudflare


Title: Re: Moving to Cloudflare
Post by: jojo69 on April 08, 2018, 03:23:25 AM
yeah Theymos

that wasn't working out so well this afternoon


Title: Re: Moving to Cloudflare
Post by: theymos on April 08, 2018, 03:24:26 AM
yeah Theymos

that wasn't working out so well this afternoon

The recent downtime was my screw-up, not Cloudflare's fault.


Title: Re: Moving to Cloudflare
Post by: jojo69 on April 08, 2018, 03:26:10 AM
lol, right on

thanks for owning it, I was getting pretty jittery there


Title: Re: Moving to Cloudflare
Post by: Gleb Gamow on April 08, 2018, 03:31:02 AM
yeah Theymos

that wasn't working out so well this afternoon

The recent downtime was my screw-up, not Cloudflare's fault.

Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  :P :P :P


Title: Re: Moving to Cloudflare
Post by: Silent26 on April 08, 2018, 03:58:07 AM
Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  :P :P :P
Same here, I checked out this thread having thoughts that it was a server down again. But there's no too much update, I thought newbies will flood the Meta section with earlier problem of the Forum but it seems like they are behave this time. Seeing "Error 526" in my browser gave me a little nervous and a bit happiness. A little bit happiness because I saw my own number in the error which is "526".
By the way Teacher, I'm going out to make a snow man for a while. I'll be back in the chemistry class.  :P


Title: Re: Moving to Cloudflare
Post by: SamaelDNM on April 08, 2018, 04:44:55 AM
Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  :P :P :P
Same here, I checked out this thread having thoughts that it was a server down again. But there's no too much update, I thought newbies will flood the Meta section with earlier problem of the Forum but it seems like they are behave this time. Seeing "Error 526" in my browser gave me a little nervous and a bit happiness. A little bit happiness because I saw my own number in the error which is "526".
By the way Teacher, I'm going out to make a snow man for a while. I'll be back in the chemistry class.  :P
the cloudflare stopped for a long time. I'm a little worried  :'( . the good thing is that it has already activated again  :)
https://image.ibb.co/kyiLZx/photo_2018_04_07_22_51_37.jpg


Title: Re: Moving to Cloudflare
Post by: Silent26 on April 08, 2018, 04:55:23 AM
Snip
Its already fixed. Sir theymos said it just killed the connection when Cloudfare's strict TLS enforcement was enabled, that caused the downtime earlier.
Check here https://bitcointalk.org/index.php?topic=3279125.0


Title: Re: Moving to Cloudflare
Post by: signalbitbot on April 08, 2018, 07:37:47 AM
With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.

Dear admin, cloud protection from CloudFlare is a bad idea. And yes, the CloudFlare is cooperating. CloudFlare falls with jsbypass very easily.
You need an individual cluster, it will disperse the attack and thus ddos will not be felt. Write to me in PM, we have a big team is engaged in this just.

And consider the important point: your real ip should not fall into the wrong hands. Many ill-wishers will be recognized through mail (password recovery) or through a sniffer.

And in general, there is an expert on attacks, his name is Agata, he has been dealing with attacks for a long time, everybody knows him.
https://forum.zloy.bz/showthread.php?t=130510


Title: Re: Moving to Cloudflare
Post by: PrimeNumber7 on December 15, 2019, 07:21:33 AM
I tried to post (https://bitcointalk.org/index.php?topic=5209723.0) my Code (https://github.com/numberedprime7/self-moderator-bot/blob/master/self_moderator.py) and received a "Sorry you have been blocked" error message from Cloudflare saying that I was blocked, possibly for posting a SQL command, certain word, or malformed command.

I guess code can no longer be posted here?


Title: Re: Moving to Cloudflare
Post by: LoyceV on December 15, 2019, 08:41:57 AM
I tried to post (https://bitcointalk.org/index.php?topic=5209723.0) my Code (https://github.com/numberedprime7/self-moderator-bot/blob/master/self_moderator.py) and received a "Sorry you have been blocked" error message from Cloudflare saying that I was blocked, possibly for posting a SQL command, certain word, or malformed command.

I guess code can no longer be posted here?
See theymos' post:
That "blocked" page is almost always a Cloudflare WAF false positive related to some data you submitted.
Just PM theymos, he can fix this.

There are 2 lines in your code that trigger it:
Quote from: edited from PrimeNumber7's code
delete_link = delete_link.split('href="')[1].split('" onclick=')[0]  
onclick='

delete_link = page_posts[post].find('a', onclick="return confirm('Remove this message?');")
onclick=confirm()
For both lines, I've isolated the problem to a smaller code (in bold) by removing code that doesn't trigger it. I used Teletype-tags on 1 character to be able to post this.


Title: Re: Moving to Cloudflare
Post by: n0nce on January 05, 2023, 01:05:21 PM
Has anything changed on the topic of DDoS protection? Maybe new, better options? Cheaper, easier to set up?
I remember a while back when Cloudflare was having issues, what felt like half of the internet was inaccessible for a period of time.

Regardless of conspiracy theories about who is behind this company, for the sake of the stability, reliability and decentralization of the internet, I believe that Cloudflare usage should be reduced if possible. It's just such a big single point of failure.


Title: Re: Moving to Cloudflare
Post by: krishnaverma on January 05, 2023, 01:29:42 PM
Maybe new, better options? Cheaper, easier to set up?
These three features are hard to co-exist in one tool usually.


Title: Re: Moving to Cloudflare
Post by: n0nce on January 05, 2023, 02:49:09 PM
Maybe new, better options? Cheaper, easier to set up?
These three features are hard to co-exist in one tool usually.
I meant cheaper and easier to set up than the alternatives which existed in 2017. I don't think it's unlikely that the space has evolved since then and better alternatives exist today. (either entirely new ones or the ones theymos tried back when he wrote the original post, have evolved and fixed the issues he had during setup etc.)

I don't think price is the biggest issue for Bitcointalk, judging by the generous donations that have been made way back and HODL'ed so far.


Title: Re: Moving to Cloudflare
Post by: theymos on January 05, 2023, 09:09:41 PM
Has anything changed on the topic of DDoS protection? Maybe new, better options? Cheaper, easier to set up?

Not really. I don't know of any better solution which wouldn't require a lot of manual work to keep it working.

Cloudflare actually isn't even very good at identifying bad traffic or delivering on several of its claimed features, but it offers two extremely valuable tools:
 1. It completely blocks even massive IP/UDP/TCP flooding without any thought on the end-user's part. My custom DDoS protection was also able to block these attacks, but it required a significant amount of sysadmin work.
 2. My custom protection failed against layer-7 attacks from 100k+ IPs. To handle these attacks, there needs to be some sort of proof-of-work/CAPTCHA challenge before the application starts making database queries and such. These challenges must exist on servers which will automatically scale to handle any number of requests, as needed. The challenge servers must have the HTTPS key in order to function. It would definitely be possible to do this without something like Cloudflare, and I've posted a general description of how it could be done, but both the coding and sysadmin work are more than I want to deal with.

Cost is a consideration, but not the primary one: I'd consider paying 10-30x more than Cloudflare's $250/mo, if this came with significant improvements. But as far as I know, you don't actually get much more by paying an "enterprise" DDoS protection company $5000/mo than you do by paying Cloudflare $250/mo, and in fact you often seem to get less.


Title: Re: Moving to Cloudflare
Post by: Raize on March 15, 2023, 05:44:16 AM
As problematic as a solution like Cloudflare is, it's still probably the only serious option, even today. Anything else is a constant cat-and-mouse game. I've done a bit of fail2ban work to make my own anti-DDOS or psuedo-WAF and such, but any site under the threat of an arbitrary DDOS attack really only has Cloudflare (or other, worse options like Akamai, cloud, etc).


Title: Re: Moving to Cloudflare
Post by: Daltonik on April 27, 2023, 09:09:42 AM
As problematic as a solution like Cloudflare is, it's still probably the only serious option, even today. Anything else is a constant cat-and-mouse game. I've done a bit of fail2ban work to make my own anti-DDOS or psuedo-WAF and such, but any site under the threat of an arbitrary DDOS attack really only has Cloudflare (or other, worse options like Akamai, cloud, etc).

Cloudflare regularly posts reports on DDOS attacks, the latest for Q1 of this year https://blog.cloudflare.com/ddos-threat-report-2023-q1/  but if it comes to protecting your personal data, then no matter what hosting you use, you risk trusting it to a third party anyway.


Title: Re: Moving to Cloudflare
Post by: LoyceV on April 27, 2023, 10:01:53 AM
if it comes to protecting your personal data, then no matter what hosting you use, you risk trusting it to a third party anyway.
Trusting 2 third parties is always worse for privacy than trusting just one.


Title: Re: Moving to Cloudflare
Post by: paid2 on February 27, 2024, 10:30:51 AM
This topic is inactive for almost a year now, sorry to necrobump it  ::)

Just in case theymos missed the following message:

--snip--
I have however decided to use a residential proxy on top of my setup to access this forum from now. Hopefully theymos will consider some better alternative to Cloudflare within next years or at least could re-configure the current Cloudflare settings to facilitate access to users with complex Tor setups. We are also ready to provide technical assistance in Cloudflare-less DDoS protection setup if it's the case.