Bitcoin Forum
December 14, 2017, 01:41:44 PM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: Moving to Cloudflare  (Read 2001 times)
vv181
Sr. Member
****
Offline Offline

Activity: 308


★Bitvest.io★ Play Plinko or Invest!


View Profile
December 01, 2017, 01:47:35 PM
 #21

Have you thought about maybe creating your own ddos protection service as from your concerns it seems like there'd be a gap in the market for a trusted product? ... Could even use the money we get from any potential new donator ranks we implement to invest in it. Something to consider at least.
This is something that I would happily support with my BTC. Please consider this, theymos.

Same, as I'm sure many others would also. Most ICOs are just hollow get rich quick schemes run by greedy scammers but I'd happily support one for a valuable service created by reputable people and it could actually be one that makes a lot of money as a business which we could give back to investors as dividends. Maybe bitcointalk could create it's own coin and give that out for promoting the ICO and bonuses for helping out the forum as well.
Instead of wasting such tremendous amount of energy to create our own DDOS protection system, There is an existing project for that https://gladius.io/. I have not done some research yet, but I hope it's a good reference for Theymos to consider using decentralized anti-DDOS service.



BITVEST DICE
HAS BEEN RELEASED!


▄████████████████████▄
██████████████████████
██████████▀▀██████████
█████████░░░░█████████
██████████▄▄██████████
███████▀▀████▀▀███████
██████░░░░██░░░░██████
███████▄▄████▄▄███████
████▀▀████▀▀████▀▀████
███░░░░██░░░░██░░░░███
████▄▄████▄▄████▄▄████
██████████████████████
▀████████████████████▀
▄████████████████████▄
██████████████████████
█████▀▀█▀▀▀▀▀▀██▀▀████
█████░░░░░░░░░░░░░▄███
█████░░░░░░░░░░░░▄████
█████░░▄███▄░░░░██████
█████▄▄███▀░░░░▄██████
█████████░░░░░░███████
████████░░░░░░░███████
███████░░░░░░░░███████
███████▄▄▄▄▄▄▄▄███████
██████████████████████
▀████████████████████▀
▄████████████████████▄
███████████████▀▀▀▀▀▀▀
███████████▀▀▄▄█░░░░░█
█████████▀░░█████░░░░█
███████▀░░░░░████▀░░░▀
██████░░░░░░░░▀▄▄█████
█████░▄░░░░░▄██████▀▀█
████░████▄░███████░░░░
███░█████░█████████░░█
███░░░▀█░██████████░░█
███░░░░░░████▀▀██▀░░░░
███░░░░░░███░░░░░░░░░░
▀██░▄▄▄▄░████▄▄██▄░░░░
▄████████████▀▀▀▀▀▀▀██▄
█████████████░█▀▀▀█░███
██████████▀▀░█▀░░░▀█░▀▀
███████▀░▄▄█░█░░░░░█░█▄
████▀░▄▄████░▀█░░░█▀░██
███░▄████▀▀░▄░▀█░█▀░▄░▀
█▀░███▀▀▀░░███░▀█▀░███░
▀░███▀░░░░░████▄░▄████░
░███▀░░░░░░░█████████░░
░███░░░░░░░░░███████░░░
███▀░██░░░░░░▀░▄▄▄░▀░░░
███░██████▄▄░▄█████▄░▄▄
▀██░████████░███████░█▀
▄████████████████████▄
████████▀▀░░░▀▀███████
███▀▀░░░░░▄▄▄░░░░▀▀▀██
██░▀▀▄▄░░░▀▀▀░░░▄▄▀▀██
██░▄▄░░▀▀▄▄░▄▄▀▀░░░░██
██░▀▀░░░░░░█░░░░░██░██
██░░░▄▄░░░░█░██░░░░░██
██░░░▀▀░░░░█░░░░░░░░██
██░░░░░▄▄░░█░░░░░██░██
██▄░░░░▀▀░░█░██░░░░░██
█████▄▄░░░░█░░░░▄▄████
█████████▄▄█▄▄████████
▀████████████████████▀




Rainbot
Daily Quests
Faucet
1513258904
Hero Member
*
Offline Offline

Posts: 1513258904

View Profile Personal Message (Offline)

Ignore
1513258904
Reply with quote  #2

1513258904
Report to moderator
1513258904
Hero Member
*
Offline Offline

Posts: 1513258904

View Profile Personal Message (Offline)

Ignore
1513258904
Reply with quote  #2

1513258904
Report to moderator
1513258904
Hero Member
*
Offline Offline

Posts: 1513258904

View Profile Personal Message (Offline)

Ignore
1513258904
Reply with quote  #2

1513258904
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
hilariousetc
Hero Member
*****
Online Online

Activity: 700


Avatar and Personal text available for rent.


View Profile WWW
December 01, 2017, 02:36:18 PM
 #22

Well there's always room for competition but I'll have to check it out as well like you, but if that meets all our needs then great. Maybe theymos could donate some funds to the development of that instead.

theymos
Administrator
Legendary
*
Offline Offline

Activity: 2870


View Profile
December 01, 2017, 08:08:32 PM
 #23

Here's what would need to be done to replace Cloudflare: https://bitcointalk.org/index.php?topic=2497008.0

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
nullius
Copper Member
Newbie
*
Offline Offline

Activity: 28

@nym.zone


View Profile
December 01, 2017, 10:11:40 PM
 #24

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, […]

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.

Thank you, theymos, for honestly disclosing and discussing the facts about Cloudflare.  It is for exactly the reasons you stated that I filed Tor Browser bug #24351: Block Global Active Adversary Cloudflare.

I usually dislike Cloudflared sites.  Well, here is one run by someone who actually understands.  What a conundrum!  I suppose I simply won’t send any data to this forum which I would not publish openly.

Good luck stopping the DDoS attacks; and I hope you can find a better solution someday soon.

Bitcoin address, Segwit P2WPKH-in-P2SH: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8 (Tips welcome.)
PGP Ed25519: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (preferred) — RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
‘If you’re not doing anything wrong, you have nothing to hide.’  No!  Because I do nothing wrong, I have nothing to show.” — nullius@nym.zone
nullius
Copper Member
Newbie
*
Offline Offline

Activity: 28

@nym.zone


View Profile
December 04, 2017, 06:12:29 PM
 #25

I just got Cloudflare CAPTCHAed.  I infer it may only have been the “currently offline” error page?  Was the site down?  What is going on here?


I didn’t do the CAPTCHA; I just waited awhile for the site to come back up, and then it loaded without CAPTCHA.  I don’t know whether the wait also resulted in me using a different Tor circuit, due to Tor’s circuit dirtiness timeout.

(I then got more Cloudflare errors when trying to post this, but no CAPTCHA.  Error 504, then 502.  I guess the first time, Cloudflare decided the error message was too precious to be served without CAPTCHA.)

Bitcoin address, Segwit P2WPKH-in-P2SH: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8 (Tips welcome.)
PGP Ed25519: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (preferred) — RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
‘If you’re not doing anything wrong, you have nothing to hide.’  No!  Because I do nothing wrong, I have nothing to show.” — nullius@nym.zone
ibminer
Legendary
*
Offline Offline

Activity: 998


ALU Services - https://goo.gl/Yqey3W


View Profile
December 04, 2017, 06:16:27 PM
 #26

I've been getting several 504 (gateway time-out) errors from Cloudflare today, seems to come and go.

            ▄▄▄█████████▄▄▄
        ▄▄███████████████████▄▄
      ▄████████████▀▀▀██████████▄
    ▄█████████████▄█  ▐███████████▄
   ████████▀▀██████▌  ██▀▀██████████▄
  ██████▀ ▄██▄  ███  ▐█▄▌  ███  ▐█████
 ██████  ████▌ ▐██▌  ███  ▐██▌  ███████
██████▌  ████  ███  ▐██▌  ███  ▐████████
██████▌  ██▀▌ ▐█▀█  █▀█  ▐█▀▀  █▀███████
████████▄▄▄█▄▄▄▄██▄▄▄██▄▄▄▄█▄▄▄▄████████
████████████████████████████████████████

████████████████████████████████████████
.TRUSTED ★ EXPERIENCED ★ READY.       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄███████████████▀▀▀█████▄
▄████████████▀▀     ██████▄
█████████▀▀   ▄▄▀   ███████
██████▄    ▄▄█▀    ████████
█████████▄██▀      ████████
▀██████████▄▄    ████████▀
 ▀████████▄█████▄████████▀
  ▀█████████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄████████▀▀█▀▀████████▄
 ▄██████▀▀▀  ▀  ▀████████▄
▄███████▄▄   ▄▄   ▀███████▄
██████████   ███   ████████
██████████        ▀████████
██████████   ███▌  ▐███████
▀███████▀▀   ▀▀▀  ▄███████▀
 ▀██████▄▄▄  ▄  ▄████████▀
  ▀████████▄▄█▄▄████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████████████████████▄
 ▄██▀                 ▀██▄
▄██▌ ▄▀█████████████▀▄ ▐██▄
███▌ ██▄ ▀███████▀ ▄██ ▐███
███▌ ████   ▀▀▀   ████ ▐███
███▌ ██▀▄▄██▄▄▄██▄▄▀██ ▐███
▀██▌ ▀▄█████████████▄▀ ▐██▀
 ▀██▄                 ▄██▀
  ▀█████████████████████▀
    ▀█████████████████▀
       ▀▀█████████▀▀
jojo69
Hero Member
*****
Offline Offline

Activity: 882


no FOMO


View Profile
December 04, 2017, 06:46:54 PM
 #27

that sucks

I am sorry that it has come to this Theymos

thank you for your efforts

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
savetherainforest
Hero Member
*****
Offline Offline

Activity: 574


Plant 1xTree for each Satoshi earned!


View Profile
December 05, 2017, 12:33:30 AM
 #28



The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...



How about a forum based on blockchain?? We would just log into a software and we will be the servers. And hell, we can even have shares and trade on them like a coin. Smiley
nullius
Copper Member
Newbie
*
Offline Offline

Activity: 28

@nym.zone


View Profile
December 05, 2017, 01:34:51 AM
 #29



The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...



How about a forum based on blockchain?? We would just log into a software and we will be the servers. And hell, we can even have shares and trade on them like a coin. :)

Sigh.  A “blockchain” is not some magic pixie dust you can sprinkle onto any problem and make it disappear.  If you don’t believe me, try setting up your own Steem full node.  Yup.  Not happening.  —  Oh, Steem is exactly your idea, including the coin part.  To run a full node, minimum listed requirements are a dedicated server with at least 32GiB RAM and large, fast disks.  For this and other reasons, Steem is quite centralized; instead of “being their own servers”, almost all users just log into the centrally managed Steemit website.  I’m not sure what the point is, other than “blockchain”.

Bitcoin address, Segwit P2WPKH-in-P2SH: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8 (Tips welcome.)
PGP Ed25519: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (preferred) — RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
‘If you’re not doing anything wrong, you have nothing to hide.’  No!  Because I do nothing wrong, I have nothing to show.” — nullius@nym.zone
Ivor Biggun
Newbie
*
Offline Offline

Activity: 28


View Profile
December 07, 2017, 09:20:28 PM
 #30

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.
nullius
Copper Member
Newbie
*
Offline Offline

Activity: 28

@nym.zone


View Profile
December 07, 2017, 09:32:08 PM
 #31

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

A fee to log in!?  Are you serious?

N.b. that (a) the move behind Cloudflare at the end of November is absolutely irrelevant to login issues, discussed separately since October; (b) everybody’s connections go through Cloudflare, for every connection to the site; and (c) Tor users (among others) are already charged a fee to create an account.

Bitcoin address, Segwit P2WPKH-in-P2SH: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8 (Tips welcome.)
PGP Ed25519: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (preferred) — RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
‘If you’re not doing anything wrong, you have nothing to hide.’  No!  Because I do nothing wrong, I have nothing to show.” — nullius@nym.zone
Ivor Biggun
Newbie
*
Offline Offline

Activity: 28


View Profile
December 07, 2017, 10:11:53 PM
 #32

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

A fee to log in!?  Are you serious?

N.b. that (a) the move behind Cloudflare at the end of November is absolutely irrelevant to login issues, discussed separately since October; (b) everybody’s connections go through Cloudflare, for every connection to the site; and (c) Tor users (among others) are already charged a fee to create an account.

Theymos said he's unenthusiastically using Cloudflare to protect against DDoS attacks. I assume some of those attacks come through Tor and VPN users. Those users couldn't DDoS if they had to pay a tiny fee to login, and further fees if they make excessive HTTP requests. They are already prepared to pay a registration fee for privacy, charging small log in fees isn't much different.

Furthermore, charging a fee for excessive HTTP requests could protect against botnet DDoS attacks from regular IP addresses. Normal users wouldn't even notice because they don't make huge numbers of HTTP requests.

I guess most of the accounts involved in DDoSing are newbies. During times of excessively heavy load on the forum newbie accounts could be asked to either pay a small log in fee, or return later when there's less users accessing the system.
stompix
Hero Member
*****
Offline Offline

Activity: 546



View Profile
December 08, 2017, 03:11:57 PM
 #33

Forum is slow on loading, that is not something new I assume since the move.

But, I've never encountered an error apart from guess what, reporting a post/thread.
Tried several times this today (different reports of course) but I always get a timeout (error 524) that picture with:

Browser Working
Cloudfare Working
Bitcointalk host error

It has never happened on anything else, post/search/pm.


hilariousetc
Hero Member
*****
Online Online

Activity: 700


Avatar and Personal text available for rent.


View Profile WWW
December 08, 2017, 03:16:24 PM
 #34

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).

nullius
Copper Member
Newbie
*
Offline Offline

Activity: 28

@nym.zone


View Profile
December 08, 2017, 08:48:25 PM
 #35

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).

Thank you.  As a Tor user, I admire this forum’s high-level culture of respect for privacy.

Bitcoin address, Segwit P2WPKH-in-P2SH: 36finjay27E5XPDtSdLEsPR1RypfhNW8D8 (Tips welcome.)
PGP Ed25519: 0xC2E91CD74A4C57A105F6C21B5A00591B2F307E0C (preferred) — RSA: 0xA232750664CC39D61CE5D61536EBB4AB699A10EE
‘If you’re not doing anything wrong, you have nothing to hide.’  No!  Because I do nothing wrong, I have nothing to show.” — nullius@nym.zone
Ivor Biggun
Newbie
*
Offline Offline

Activity: 28


View Profile
December 08, 2017, 09:52:46 PM
 #36

Why not charge Tor and VPN users a small bitcoin fee to log in? Most of those users would probably rather pay a  fee than use cloudflare. They already have to pay a fee to register.

Paying a small fee to register and paying a fee every time you want to log in are two very different things (not to mention the latter being ridiculous and not sure why we should punish all legitimate tor users).

Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.
frodocooper
Staff
Full Member
***
Offline Offline

Activity: 234


View Profile
December 09, 2017, 03:48:49 AM
 #37

Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.

Not every wallet has the ability to sign messages. Also, one registers for a forum account using an email address, not a Bitcoin address.
Ivor Biggun
Newbie
*
Offline Offline

Activity: 28


View Profile
December 09, 2017, 03:58:08 AM
 #38

Well how about asking tor users to sign a message from the bitcoin address they registered with instead?

Each time they log in they could be given a unique code and asked to sign a message containing it. That wouldn't cost them anything, and signing a message would be faster than going through endless cloudflare captchas.

 registering for a forum account doesn't require a Bitcoin address, only an email address.

Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.
frodocooper
Staff
Full Member
***
Offline Offline

Activity: 234


View Profile
December 09, 2017, 04:06:08 AM
 #39

Anyone registering through tor has to pay a small bitcoin fee, so all those users have bitcoin addresses associated with their accounts.

The Tor user may pay the fee from a bitcoin exchange account. As far as I'm aware, exchanges do not offer their customers the option of signing messages.

Also, if the Tor user's non-exchange wallet has many inputs to many addresses, and pays the fee from that wallet, which address(es) would the Tor user then have to use to sign the message? And if the Tor user pays the fee from non-P2PKH addresses (e.g., segwit P2SH addresses or multisig P2SH addresses), the Tor user can't sign the message using those addresses.

And again, not every wallet has the ability to sign messages, with mobile and web wallets being the most obvious examples.
Ivor Biggun
Newbie
*
Offline Offline

Activity: 28


View Profile
December 09, 2017, 04:17:32 AM
 #40


The Tor user may pay the fee from a bitcoin exchange account. As far as I'm aware, exchanges do not offer their customers the option of signing messages.


The average fee users pay is below most exchanges minimum withdrawal allowed. Any users who couldn't sign messages from an address could be given an option to associate another address with their account.



if the Tor user's non-exchange wallet has many inputs to many addresses, and pays the fee from that wallet, which address(es) would the Tor user then have to use to sign the message?


Signing from any of those addresses should be OK.





not every wallet has the ability to sign messages, mobile and web wallets being the most obvious examples.

They can export the private key from their mobile or web wallet, then import it into a wallet capable of signing messages. The blockchain.info web wallet allows exporting private keys.

Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!