Bitcoin Forum
July 22, 2018, 05:17:04 PM *
News: Latest stable version of Bitcoin Core: 0.16.1  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Moving to Cloudflare  (Read 2604 times)
Raize
Donator
Legendary
*
Offline Offline

Activity: 1414
Merit: 1004


View Profile
December 14, 2017, 08:33:09 PM
Merited by OgNasty (1), qwk (1), nullius (1)
 #61

I assume some of those attacks come through Tor and VPN users.

This does happen, but it's a whole lot more rare in practice. In reality, most attacks come from thousands of compromised IPs [botnets] run by people or organizations looking to blackmail operators into paying a fee or doing something like giving up user data. It has long been rumored that these entities with blackmailing power are often state-run themselves, in order to bully providers into sharing their data with "a trusted anti-DDoS company" that the governments can force to give up plain-text info about their customers more easily. Why bother even trying to get an operative in a position to run the site when you can sniff all the data and who is writing what via an anti-DDoS provider?

Cloudflare regularly provides the US gov't data on its customers. I'm not sure I'd go so far as theymos and say they are basically CIA-run, but I do think they are forced to work with three-letter agencies all the time. If there are any people with principles that work for Cloudflare, it doesn't matter, they have to comply in order to keep their job, and I doubt they are allowed to talk about it even after they have left. Cloudflare itself might have state contracts, or do contracts for other DoD-like agencies and groups, all of which have the specific purpose of cataloging citizens for the government in clear violation of the fourth amendment and chilling the free speech guarantees of the first amendment.

I’ve oftentimes wondered how Cloudflare can afford to offer “free” DDoS protection.

For the same reason that OpenDNS sold to Cisco for a whopping $635 million. DoD contracts are phat loot and the CIA/NSA need the data routed in about who is doing what.

OrganofCorti's Neighbourhood Pool Watch - The most informative website on blockchain health
1532279824
Hero Member
*
Offline Offline

Posts: 1532279824

View Profile Personal Message (Offline)

Ignore
1532279824
Reply with quote  #2

1532279824
Report to moderator
1532279824
Hero Member
*
Offline Offline

Posts: 1532279824

View Profile Personal Message (Offline)

Ignore
1532279824
Reply with quote  #2

1532279824
Report to moderator
1532279824
Hero Member
*
Offline Offline

Posts: 1532279824

View Profile Personal Message (Offline)

Ignore
1532279824
Reply with quote  #2

1532279824
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1532279824
Hero Member
*
Offline Offline

Posts: 1532279824

View Profile Personal Message (Offline)

Ignore
1532279824
Reply with quote  #2

1532279824
Report to moderator
nullius
Copper Member
Full Member
***
Offline Offline

Activity: 168
Merit: 742


Help! I’ve got the Pleurodelinaemia! @nym.zone


View Profile WWW
January 03, 2018, 03:42:36 AM
 #62

[Edit again:  Raize, that was the post of the thread.  I’d intended to reply before, to simply say:  Well said.]

This blocked a post.  I will try again, and edit if it’s still blocked.

Edit:  This is persistently blocking a particular post.  It is a very long post, which I spent much time writing in a text editor.  It contains a modest snippet of C code in BBcode code tags.  Other than that, I cannot imagine what trigger this is hitting.


Bambulee
Sr. Member
****
Offline Offline

Activity: 434
Merit: 291



View Profile
January 03, 2018, 08:55:23 AM
 #63

what about a solution like Protonmail using it?
https://protonmail.com/blog/ddos-protection-guide/

Radware’s technology does not require our SSL keys to operate effectively, meaning both layers of encryption that ProtonMail offers (SSL and OpenPGP) can be kept intact. Thus, there is no compromise in the privacy of our secure email service.

            ▄▄████▄▄
        ▄▄██████████████▄▄
      ███████████████████████▄▄
      ▀▀█████████████████████████
██▄▄       ▀▀█████████████████████
██████▄▄        ▀█████████████████
███████████▄▄       ▀▀████████████
███████████████▄▄        ▀████████
████████████████████▄▄       ▀▀███
 ▀▀██████████████████████▄▄
     ▀▀██████████████████████▄▄
▄▄        ▀██████████████████████▄
████▄▄        ▀▀██████████████████
█████████▄▄        ▀▀█████████████
█████████████▄▄        ▀▀█████████
██████████████████▄▄        ▀▀████
▀██████████████████████▄▄
  ▀▀████████████████████████
      ▀▀█████████████████▀▀
           ▀▀███████▀▀



.SEMUX
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
  Semux uses 100% original codebase
  Superfast with 30 seconds instant finality
  Tested 5000 tx per block on open network
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
█ █
Phash2k
Full Member
***
Offline Offline

Activity: 294
Merit: 101



View Profile WWW
January 03, 2018, 10:25:40 AM
 #64

Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

   SEMUX   -   An innovative high-performance blockchain platform  
▬▬▬▬▬      Powered by Semux BFT consensus algorithm      ▬▬▬▬▬
Github    -    Discord    -    Twitter    -    Telegram    -    Get Free Airdrop Now!
1337leet
Hero Member
*****
Offline Offline

Activity: 742
Merit: 502



View Profile
January 25, 2018, 09:31:53 PM
 #65


What I meant is that Cloudflare can see your unencrypted password when you log in.


How dumb can someone be?

I will not use this forum anymore because of that.

Bye
nullius
Copper Member
Full Member
***
Offline Offline

Activity: 168
Merit: 742


Help! I’ve got the Pleurodelinaemia! @nym.zone


View Profile WWW
March 04, 2018, 03:14:59 PM
 #66

Quoting from another thread:

Here you go: https://bitcointalk.org/merit.txt.xz

Similar to trust.txt.xz, it'll be updated weekly. It will show only the last 120 days of data; someone else should archive the old ones if you want them.

Through Tor—and this is not the first time I’ve had this problem:

Code:
$ wget -S https://bitcointalk.org/merit.txt.xz
--2018-03-04 14:59:20--  https://bitcointalk.org/merit.txt.xz
Resolving bitcointalk.org (bitcointalk.org)... 104.20.208.69
Connecting to bitcointalk.org (bitcointalk.org)|104.20.208.69|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Date: Sun, 04 Mar 2018 14:59:41 GMT
  Content-Type: text/html; charset=UTF-8
  Transfer-Encoding: chunked
  Connection: close
  Set-Cookie: __cfduid=d96a5721469bb369ae9866953b833f0d91520175581; expires=Mon, 04-Mar-19 14:59:41 GMT; path=/; domain=.bitcointalk.org; HttpOnly; Secure
  CF-Chl-Bypass: 1
  Cache-Control: max-age=2
  Expires: Sun, 04 Mar 2018 14:59:43 GMT
  X-Frame-Options: SAMEORIGIN
  Strict-Transport-Security: max-age=2592000
  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
  Server: cloudflare
  CF-RAY: 3f65354a2c56729b-AMS
2018-03-04 14:59:23 ERROR 403: Forbidden.

I have had the same problem with PGP keys and the trust database.  Even right-clicking to save images from within a browsing session oft (inconsistently) results in a Cloudflare 403 HTML file, apparently due to some weird quirks in how Tor Browser interacts with Cloudflare’s control-freakiness.

I request a workaround or solution for this general problem.  (Note: “VPN” is a non-answer.)

BenOnceAgain
Member
**
Offline Offline

Activity: 211
Merit: 72

🌐 www.btric.org 🌐


View Profile WWW
March 04, 2018, 05:04:40 PM
 #67

Quoting from another thread:

Here you go: https://bitcointalk.org/merit.txt.xz

Similar to trust.txt.xz, it'll be updated weekly. It will show only the last 120 days of data; someone else should archive the old ones if you want them.

Through Tor—and this is not the first time I’ve had this problem:

Code:
$ wget -S https://bitcointalk.org/merit.txt.xz
--2018-03-04 14:59:20--  https://bitcointalk.org/merit.txt.xz
Resolving bitcointalk.org (bitcointalk.org)... 104.20.208.69
Connecting to bitcointalk.org (bitcointalk.org)|104.20.208.69|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 403 Forbidden
  Date: Sun, 04 Mar 2018 14:59:41 GMT
  Content-Type: text/html; charset=UTF-8
  Transfer-Encoding: chunked
  Connection: close
  Set-Cookie: __cfduid=d96a5721469bb369ae9866953b833f0d91520175581; expires=Mon, 04-Mar-19 14:59:41 GMT; path=/; domain=.bitcointalk.org; HttpOnly; Secure
  CF-Chl-Bypass: 1
  Cache-Control: max-age=2
  Expires: Sun, 04 Mar 2018 14:59:43 GMT
  X-Frame-Options: SAMEORIGIN
  Strict-Transport-Security: max-age=2592000
  Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
  Server: cloudflare
  CF-RAY: 3f65354a2c56729b-AMS
2018-03-04 14:59:23 ERROR 403: Forbidden.

I have had the same problem with PGP keys and the trust database.  Even right-clicking to save images from within a browsing session oft (inconsistently) results in a Cloudflare 403 HTML file, apparently due to some weird quirks in how Tor Browser interacts with Cloudflare’s control-freakiness.

I request a workaround or solution for this general problem.  (Note: “VPN” is a non-answer.)

For the downloads problem, if the downloads do not require you to be logged in, accessing the BCT server by its direct IP address and/or a DNS record that resolves to the IP should make it accessible, provided BCT hasn't blacklisted all non-CF IPs.

For the website issue, how about 2FA, that could help the situation?  As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

You could also make a login URL that is not routed through CF.  I don't know how much hacking of SMF it would take to implement that.  Actually, cloudflare might have a way to direct certain URLs to directly point to the backend (BCT) servers.  I haven't messed with them in a while, since before they started doing their shared SSL service, so I'm not positive about this.

On the other hand, this might not address the problem that putting in a CDN was designed to prevent.  If the DDOS attacks were directed to the login URL it would then be vulnerable again.

I have an inherent distrust of infrastructure services that I don't control, which is why I try to avoid CDNs.  However, I have no website with as much traffic as BCT, so have never had to deal with that situation.

Best regards,
Ben

RYXES
Member
**
Offline Offline

Activity: 140
Merit: 10

Merit me or don't.


View Profile
March 04, 2018, 05:08:22 PM
 #68

Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.

Merit me or don't.
nullius
Copper Member
Full Member
***
Offline Offline

Activity: 168
Merit: 742


Help! I’ve got the Pleurodelinaemia! @nym.zone


View Profile WWW
March 04, 2018, 05:57:32 PM
Merited by qwk (1)
 #69


Through Tor—and this is not the first time I’ve had this problem:

[...403 error...]

For the downloads problem, if the downloads do not require you to be logged in, accessing the BCT server by its direct IP address and/or a DNS record that resolves to the IP should make it accessible, provided BCT hasn't blacklisted all non-CF IPs.

For the website issue, how about 2FA, that could help the situation?  As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

You could also make a login URL that is not routed through CF.  I don't know how much hacking of SMF it would take to implement that.  Actually, cloudflare might have a way to direct certain URLs to directly point to the backend (BCT) servers.  I haven't messed with them in a while, since before they started doing their shared SSL service, so I'm not positive about this.

On the other hand, this might not address the problem that putting in a CDN was designed to prevent.  If the DDOS attacks were directed to the login URL it would then be vulnerable again.

Thanks for the suggestions, Ben.

Unfortunately, to the best of my knowledge, all of your suggestions would require action by theymos; there’s nothing there which I could do myself, as a workaround to obtain downloads right now.  If there’s a legitimate public means to find a direct IP address, I’d appreciate being corrected here.  But I rather suspect that theymos wishes to keep his real IP addresses unknown to DDoSers; and if I could find it, so could they.

I have an inherent distrust of infrastructure services that I don't control, which is why I try to avoid CDNs.  However, I have no website with as much traffic as BCT, so have never had to deal with that situation.

Same here.  Specifically as to Cloudflare, in addition to how they sometimes cavity-search you with Javascript while still failing to keep the site reliably available, see e.g.:

https://trac.torproject.org/24351

As you know, anytime a CDN has your certificate, they can intercept your traffic if they choose.

Cloudflare intercepts all traffic (and modifies at least HTTP response headers), as a matter of course!

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. [...]

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, [...]

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

To get a gauge on what independent, no-MITM DDoS protection can require for a(n extremely) high-profile target, I found Protonmail’s experience interesting:

https://protonmail.com/blog/ddos-protection-guide/

Quote from: Protonmail
The attack faced by ProtonMail was highly sophisticated and unfortunately required extraordinary effort to defeat. In the next section, some technical details of the attack against us are discussed.

In defeating this attack, we were able to benefit from strong in-house technical expertise, along with a partnership with IP-Max, the leading networking experts in Switzerland. Defending against large scale DDoS attacks remains an expensive undertaking. Below are the typical costs for this type of DDoS protection:

Networking equipment: $30’000
BGP/GRE DDoS Mitigation (per year): $50’000  $100’000
Dedicated IP Transit (per year): $20’000
Maintenance Overhead: $10’000+

(N.b. that I don’t trust in-browser Javascript crypto which is downloaded separately for each session, and thus cannot be in any way verified and kept at a “known good” version.  That would be most dangerous for targeted attacks.  Moreso for a service which offers no alternative, as would allow people to choose according to their own security needs.  I’m not endorsing Protonmail by linking to them for other reasons; do your own PGP on your own hardware!)

For an easier limited workaround on theymos’ end, ChipMixer had an excellent suggestion upthread:

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at.
Is there an official .onion proxy of BitcoinTalk that bypass Cloudflare? We do sometimes get support request PMs.

How about BitcoinTalk Pro accounts with monthly payments, private proxy without Cloudflare and captchas, bot access?

Though I would be concerned about the affordability of an ongoing subscription, an official .onion proxy would solve many problems.  I may even offer to help with such a project, depending on what would be required of me.  See my reply to ChipMixer upthread.


Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.

And congratulations, Phash2k reinvented Steem.  This sort of nonsense reminds me of one of the earliest posts to which I awarded merit.  It spoke of how DHTs...

...get invoked in ignorance to every distributed systems problem because they're the first distributed systems tool people have heard of (sadly, "blockchain" is seems to be stealing this role), much as "neural network" has infested lay understanding of machine learning, or perhaps in other times "XML" was treated as a magical solution for inter-working serialization in places where it made little sense.

No, the problem will not be fixed by sprinkling some magical blockchain pixie dust on it.

BenOnceAgain
Member
**
Offline Offline

Activity: 211
Merit: 72

🌐 www.btric.org 🌐


View Profile WWW
March 04, 2018, 08:06:14 PM
 #70


Thanks for the suggestions, Ben.

Unfortunately, to the best of my knowledge, all of your suggestions would require action by theymos; there’s nothing there which I could do myself, as a workaround to obtain downloads right now.  If there’s a legitimate public means to find a direct IP address, I’d appreciate being corrected here.  But I rather suspect that theymos wishes to keep his real IP addresses unknown to DDoSers; and if I could find it, so could they.

...

Same here.  Specifically as to Cloudflare, in addition to how they sometimes cavity-search you with Javascript while still failing to keep the site reliably available, see e.g.:

...

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

Yes, you are absolutely right.  I don't know what I was thinking, the only way you could exclude from CloudFlare is with a subdomain.  Anything else would terminate SSL on their side, even if there's another SSL connection between CF and BCT.

I thought that potentially BCT's IP was known/listed somewhere since it was known by all of our DNS resolvers before CF came into the picture, but a quick Google search didn't turn up anything, so perhaps not.

I had no idea they were doing what I assume is some sort of browser fingerprinting with javascript.  That makes it even worse.  I remember reading last summer, in connection with some white supremacist website that was being shut down by hosters, CF, even the domain registrars, that CF made a claim that they provide service to some high percentage of all global web traffic.

I can't find the number now, and while I certainly am not supporting that website or that sort of hate, I also don't believe that an entity should have such a high percentage of control over internet traffic.  With very little exception, anytime there is high concentrations of power in the hands of a few, the power is abused.

Which of course 99.9% of the people reading this are well aware, considering we are on the Bitcoin Forum.

My biggest complaint is that Cloudflare is a MITM attack against TLS on a substantial portion of the whole Internet.  From the user end of things, I generally boycott Cloudflared sites insofar as practical.  But I support the Bitcoin Forum, out of my respect for how theymos was honest with people when he was effectually forced behind Cloudflare by Internet arsonists:

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. [...]

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, [...]

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. [...]

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

I agree with each of theymos's statements here.  The need for large sites to use one of just a few services that provide high-capacity DDoS mitigation is just another point of control.  I don't know if the "intelligence" agencies own Cloudflare or not (would not be surprised), but I'm betting they have a nice convenient backdoor regardless.

HTTPS as a centralized protocol will hopefully be obsoleted by better, decentralized ways of propagating HTML.  I look to IPFS as an interesting approach that may be part of that solution.  Also, considering that multicast in IPv6 might actually properly function instead of crap implementations from ISP to ISP, that could be a great way to save on needless duplicative packets for broadcast data (such as Bitcoin blocks, for example).

The cost that Protonmail incurs for independent DDoS mitigation is ridiculous.  It's almost a form of extortion.  Watch it turn out that these companies are behind the DDoS attacks themselves, nothing suprises me anymore as to the lengths that greedy people will go to.


Why no bitcointalk forum coin with ICO
You earn coins by posting, and devs & sysadmins are paid with it?

Everything is creating tokens and ICOs... Even without value...
This place here is valuable!

Decentralise the Forums!

That would mad, the whole point of this forum is to have the public have a balanced or neutral stance in the cryptocurrency community.

Creating a token or ICO for BTCtalk is effectively the same as losing net neutrality in the CC industry.

I don't support ICOs for everything under the sun, nor are distributed ledgers code that solve all problems of humanity.  Both of these things are tools that have proper uses and, unfortunately, many attempts at applying them well beyond their competencies.  If I had a spare 10 or 50 BTC I would certainly donate it to this forum because it has taught me so much over the years and remains one of the few gems that remains free from moderation for political reasons.  Despite many complaints I've read, I believe the new merit system will make big impacts on the number of crap posts and improve the fidelity of the forum.

Personally, I would never want this forum to be closed or behind a paywall of some sort.  I believe that community communication benefits all those that pursue truth.  When it comes to information, such as the discussion that takes place on this forum, everyone should be able to openly share their views.  This is a big part of the reason that the world is increasingly being seen as the huge corrupt racket that it is, and has been for many decades, even centuries.  We just couldn't share our findings with each other easily before.  Because we can now, we've been able to build off of each others knowledge, as a collective, that can be expanded upon.  This is the power of the Internet, the ability to communicate your message to the world instantly.  Next phase, to pull that corruption down and rebuild it with better, more fair and transparent constructs.  Bitcoin being the very first of those, and arguably the most impactful as it goes straight to the core of the corruption, the banksters.

Best regards,
Ben

bitpop
Legendary
*
Offline Offline

Activity: 2324
Merit: 1022


https://keybase.io/bitpop


View Profile WWW
March 21, 2018, 11:09:08 AM
 #71

They attack you until you give in and move to Cloudflare, not much choice. Are you at least using that temporary ssl feature?
https://www.cloudflare.com/ssl/keyless-ssl/

Are you using https://origin-pull.cloudflare.com/
It helps enforce Cloudflare

Reputation  |  PGP  |  DigitalOcean  |  TorGuard  |  Ethereum Classic
Bitcoin: 3DSh6AnmvBpDJFUz2mnLirMLmTMcFs9nDm
Bitmessage: BM-2cXN9j8NFT2n1FxDVQ6HQq4D4MZuuaBFyb
jojo69
Legendary
*
Offline Offline

Activity: 1092
Merit: 1379


no FOMO


View Profile
April 08, 2018, 03:23:25 AM
 #72

yeah Theymos

that wasn't working out so well this afternoon

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
theymos
Administrator
Legendary
*
Offline Offline

Activity: 3094
Merit: 3281


View Profile
April 08, 2018, 03:24:26 AM
 #73

yeah Theymos

that wasn't working out so well this afternoon

The recent downtime was my screw-up, not Cloudflare's fault.

1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
jojo69
Legendary
*
Offline Offline

Activity: 1092
Merit: 1379


no FOMO


View Profile
April 08, 2018, 03:26:10 AM
 #74

lol, right on

thanks for owning it, I was getting pretty jittery there

This is not some pseudoeconomic post-modern Libertarian cult, it's an un-led, crowd-sourced mega startup organized around mutual self-interest where problems, whether of the theoretical or purely practical variety, are treated as temporary and, ultimately, solvable.
Censorship of e-gold was easy. Censorship of Bitcoin will be… entertaining.
Gleb Gamow
Legendary
*
Offline Offline

Activity: 1428
Merit: 1118



View Profile
April 08, 2018, 03:31:02 AM
Merited by suchmoon (1)
 #75

yeah Theymos

that wasn't working out so well this afternoon

The recent downtime was my screw-up, not Cloudflare's fault.

Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  Tongue Tongue Tongue
Silent26
Full Member
***
Offline Offline

Activity: 308
Merit: 202


Politeness: 1227: - 0 / +1


View Profile
April 08, 2018, 03:58:07 AM
 #76

Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  Tongue Tongue Tongue
Same here, I checked out this thread having thoughts that it was a server down again. But there's no too much update, I thought newbies will flood the Meta section with earlier problem of the Forum but it seems like they are behave this time. Seeing "Error 526" in my browser gave me a little nervous and a bit happiness. A little bit happiness because I saw my own number in the error which is "526".
By the way Teacher, I'm going out to make a snow man for a while. I'll be back in the chemistry class.  Tongue

SamaelDNM
Jr. Member
*
Offline Offline

Activity: 238
Merit: 3

Everything to use AREPA/Bolivarcoin (BOLI)


View Profile WWW
April 08, 2018, 04:44:55 AM
 #77

Came here to see if such was the case and if so would you admit it. Class! Now go back outside and play in the snow.  Tongue Tongue Tongue
Same here, I checked out this thread having thoughts that it was a server down again. But there's no too much update, I thought newbies will flood the Meta section with earlier problem of the Forum but it seems like they are behave this time. Seeing "Error 526" in my browser gave me a little nervous and a bit happiness. A little bit happiness because I saw my own number in the error which is "526".
By the way Teacher, I'm going out to make a snow man for a while. I'll be back in the chemistry class.  Tongue
the cloudflare stopped for a long time. I'm a little worried  Cry . the good thing is that it has already activated again  Smiley

 Everything to use AREPA ● Bolivarcoin (BOLI)● Translator to Spanish  (http://www.arepacoinve.info/en/)
Silent26
Full Member
***
Offline Offline

Activity: 308
Merit: 202


Politeness: 1227: - 0 / +1


View Profile
April 08, 2018, 04:55:23 AM
 #78

Snip
Its already fixed. Sir theymos said it just killed the connection when Cloudfare's strict TLS enforcement was enabled, that caused the downtime earlier.
Check here https://bitcointalk.org/index.php?topic=3279125.0

signalbitbot
Jr. Member
*
Offline Offline

Activity: 112
Merit: 0


View Profile WWW
April 08, 2018, 07:37:47 AM
 #79

With regret, I am (for now) admitting defeat on the DDoS front, and we will soon be using using Cloudflare to protect against DDoS attacks. This change is in progress, and will take ~24 hours for everyone to see.

I really don't believe in willingly putting a man-in-the-middle in your HTTPS like this, but my homebrew DDoS mitigation has been one of my biggest time sinks for the last 6 months or so, and the necessary servers are still pretty expensive. If I had more manpower, then I would prioritize maintaining our own DDoS protection, but with me as the only sysadmin and current-software developer, it's become unsustainable.

I especially dislike Cloudflare, which I'm almost certain is basically owned by US intelligence agencies. I considered several alternatives to Cloudflare, but the smaller ones (eg. Stackpath and OVH) didn't strike me as reputable/competent enough, and the enterprise-targeted ones like Incapsula and Akamai are around $3500/month. Even though $3500/month seems absolutely ridiculous to me, I was seriously considering Incapsula due to its pretty good reputation, but then they were having all sorts of technical issues while I was trying to set it up. So I gave up for now and went with Cloudflare.

The Internet is seriously flawed if everyone needs to huddle behind these huge centralized anti-DDoS companies in order to survive...

The security implications are that Cloudflare can read everything you send to or receive from the server, including your cleartext password and any PMs you send or look at. They can't access the database arbitrarily, though: they can only see data that passes over the Internet.

Tor users and benevolent-bot operators: please wait a couple of days for the current DDoS to subside, and then post your complaints here. I am able and willing to tune Cloudflare to be minimally annoying. Not every Cloudflare site has to do that "Using Tor? Here's an impossible captcha" thing.

Dear admin, cloud protection from CloudFlare is a bad idea. And yes, the CloudFlare is cooperating. CloudFlare falls with jsbypass very easily.
You need an individual cluster, it will disperse the attack and thus ddos will not be felt. Write to me in PM, we have a big team is engaged in this just.

And consider the important point: your real ip should not fall into the wrong hands. Many ill-wishers will be recognized through mail (password recovery) or through a sniffer.

And in general, there is an expert on attacks, his name is Agata, he has been dealing with attacks for a long time, everybody knows him.
https://forum.zloy.bz/showthread.php?t=130510

🌐 World Cryptocurrency Betting
📊 Cryptocurrency analysis
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!