jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 29, 2018, 10:01:29 PM |
|
I was being redirected to the cloudflare site earlier with the static version on it... As far as i have heard that this is one of the methods how hackers could gain acces to information which is stored to server..? like passwords. Also as others have mentioned before, it could be an attemt to extort webpage owners if the server or admin cant handle the attack.
Yes, I think Theymos is too intelligent to fall for ddos attacks. Now i'm getting the hashcash redirection initially also (I think it's hashcash anyway). Crypto related email addresses sell like hotcakes on the black market (as far as I understand it anyway). And if you can login to one, you can reset someone's password if you can't get it from the forum. Equally people have hashed passwords stored on this forum but there are certain ways to find some peoples' passwords if they're particularly weak.
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
August 29, 2018, 11:15:03 PM |
|
I wonder who are the no-lifers always attacking this forum. Perhaps they are Roger Ver related? they want to see this forum dead so bad so he can get all the traffic into his bitcoin dot com forum, similar to how he wants the bitcoin subreddit dead so traffic is sent to the btc subredddit, or ideally, taking control of it.
You always have to be alert because they will keep trying. As far as todays ddos, it has ruined any chances of me using the forum today, specially with Tor, the nodes were struggling, wereas in clearnet you had a chance to browse it in insanely slow mode.
|
|
|
|
Insanerman
|
|
August 29, 2018, 11:33:49 PM |
|
It looks like another batch of butthurts tries to disable the whole system. Maybe because of merits lol I thought it was the configuration of the language code published by theymos making the forum down for about 3 hours. Or maybe the new bitcointalk forum or the badge system.
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5418
Merit: 13499
|
|
August 29, 2018, 11:42:29 PM Last edit: August 30, 2018, 12:08:02 AM by theymos |
|
Can I assume that the DDoS attack is finally over now? Site response time is fast again.
They were trying various different things for several hours, but they stopped for now. I wouldn't be surprised if they try it again tomorrow, but I re-activated one of the systems which was part of my custom anti-DDoS setup before moving to Cloudflare, and that's been able to identify and block them so far. DDoS attacks are back-and-forth affairs: 1. The attacker tries something. 2. Your automated systems handle it, or the site goes down until you manually figure out how to mitigate it. 3. The attacker tries something else. 4. Repeat until one side gets sick of it. Why don't you work on that after you're done with he new forum? I've always though cloudflare was crap. If something better can be made then I'm sure you could make a business out of it, or at the very least the forum would benefit.
It's not my main area of interest, so I might never get around to it. If I was interested in that, what I'd do is create an open source project which would basically replicate Cloudflare (plus improvements) by using your own AWS, Azure, Google Cloud, etc. account. So you'd download the open source script, give it your cloud-provider credentials, and it'd set it all up for you, maybe even including a nice Web interface. It would create a small CDN of a few very-lightweight instances spread across the world, and automatically spin up more instances in the correct regions when the existing ones are overloaded. The instances would reverse-proxy your site, cache appropriately, keep track of IP reputation, sometimes insert challenges, etc. Costs would probably be higher than the cheaper Cloudflare plans, but much cheaper than Cloudflare Enterprise. Also, that this sort of need exists shows that the Internet is fundamentally broken. PoW should be part of TCP, not a janky hack which requires hiding behind huge networks and probably accepting a MITM.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 30, 2018, 12:04:12 AM |
|
Why don't you work on that after you're done with he new forum? I've always though cloudflare was crap. If something better can be made then I'm sure you could make a business out of it, or at the very least the forum would benefit.
It's not my main area of interest, so I might never get around to it. If I was interested in that, what I'd do is create an open source project which would basically replicate Cloudflare (plus improvements) by using your own AWS, Azure, Google Cloud, etc. account. So you'd download the open source script, give it your cloud-provider credentials, and it'd set it all up for you, maybe even including a nice Web interface. It would create a small CDN of a few very-lightweight instances spread across the world, and automatically spin up more instances in the correct regions when the existing ones are overloaded. The instances would reverse-proxy your site, cache appropriately, keep track of IP reputation, sometimes insert challenges, etc. Costs would probably be higher than the cheaper Cloudflare plans, but much cheaper than Cloudflare Enterprise. Also, that this sort of need exists shows that the Internet is fundamentally broken. PoW should be part of TCP, not a janky hack which requires hiding behind huge networks and probably accepting a MITM. It might be easier to make a dark web sersion of this site (.onion) so that we can access it during ddos attacks although I'm not sure whether that would work very well (having two instances of the same software/systems). We should have a new BIP where bitcoin nodes broadcast bitcointalk topics and the site instead of using the main server so that people can put in "bitcointalk.org" and access their closest node .
|
|
|
|
theymos
Administrator
Legendary
Offline
Activity: 5418
Merit: 13499
|
|
August 30, 2018, 12:10:39 AM |
|
It might be easier to make a dark web sersion of this site (.onion) so that we can access it during ddos attacks although I'm not sure whether that would work very well (having two instances of the same software/systems).
.onion is even worse for DDoS attacks because the clients are all anonymous, so you can't ban abusive IPs. That's why I haven't created a .onion, even though it would be very easy to do. Tor needs to address this somehow. I've mentioned some ideas in the past.
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 30, 2018, 11:06:14 AM |
|
It might be easier to make a dark web sersion of this site (.onion) so that we can access it during ddos attacks although I'm not sure whether that would work very well (having two instances of the same software/systems).
.onion is even worse for DDoS attacks because the clients are all anonymous, so you can't ban abusive IPs. That's why I haven't created a .onion, even though it would be very easy to do. Tor needs to address this somehow. I've mentioned some ideas in the past. Ahh, I thought that the .onion versions of sites are generally a bit stronger as people are then limited to the speeds that tor can function at, meaning people that are further away from the DDoSers should be less affected by it (although I'm probably wrong). And yes but I sense they're unlikely to do major updates of the system anytime soon, which is a shame, they'd also then have to start tracking people somewhat...
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
August 30, 2018, 12:10:17 PM |
|
It might be easier to make a dark web sersion of this site (.onion) so that we can access it during ddos attacks although I'm not sure whether that would work very well (having two instances of the same software/systems).
.onion is even worse for DDoS attacks because the clients are all anonymous, so you can't ban abusive IPs. That's why I haven't created a .onion, even though it would be very easy to do. Tor needs to address this somehow. I've mentioned some ideas in the past. Ahh, I thought that the .onion versions of sites are generally a bit stronger as people are then limited to the speeds that tor can function at, meaning people that are further away from the DDoSers should be less affected by it (although I'm probably wrong). And yes but I sense they're unlikely to do major updates of the system anytime soon, which is a shame, they'd also then have to start tracking people somewhat... Apparently there is a new .onion format that is very improved and works faster. But still, all the encryption and so on will always make things slower than clearnet. So this default slowness will make things as bad when ddos'd or even worse (even if ddossed have a harder time ddossing, it will still be effective) Also the problem that theymos mentioned of unbanned IP's. The solution is most likely a blockchain based forum. Perhaps with sidechains somehow we can use BTC's blockchain to host a forum? who knows. I just hope it doesn't require javascript. Cloudfare forces javascript and then add the google catpcha. Not good.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 30, 2018, 12:17:20 PM |
|
Apparently there is a new .onion format that is very improved and works faster. But still, all the encryption and so on will always make things slower than clearnet. So this default slowness will make things as bad when ddos'd or even worse (even if ddossed have a harder time ddossing, it will still be effective)
Tor runs quite quickly on my computer. My internet history is very long on firefox so when I put it to connect through tor it doesn't slow down very much. The solution is most likely a blockchain based forum. Perhaps with sidechains somehow we can use BTC's blockchain to host a forum? who knows. I just hope it doesn't require javascript. Cloudfare forces javascript and then add the google catpcha. Not good.
I don't think theymos likes to hand out copies of the forum (as it opens up the potential for the site to gain phishing attempts). The login stuff would still need to be done by the loginserver otherwise there would be a lot of issues (unless we get masternodes that moderators and legendaries can have which can allow users to autehnticate their way onto the website)... All of the core devs also seem to have ditched bitcointalk so I'm not sure how kindly they'd take to a suggestion of hosting it.
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
August 30, 2018, 02:33:08 PM |
|
Apparently there is a new .onion format that is very improved and works faster. But still, all the encryption and so on will always make things slower than clearnet. So this default slowness will make things as bad when ddos'd or even worse (even if ddossed have a harder time ddossing, it will still be effective)
Tor runs quite quickly on my computer. My internet history is very long on firefox so when I put it to connect through tor it doesn't slow down very much. The solution is most likely a blockchain based forum. Perhaps with sidechains somehow we can use BTC's blockchain to host a forum? who knows. I just hope it doesn't require javascript. Cloudfare forces javascript and then add the google catpcha. Not good.
I don't think theymos likes to hand out copies of the forum (as it opens up the potential for the site to gain phishing attempts). The login stuff would still need to be done by the loginserver otherwise there would be a lot of issues (unless we get masternodes that moderators and legendaries can have which can allow users to autehnticate their way onto the website)... All of the core devs also seem to have ditched bitcointalk so I'm not sure how kindly they'd take to a suggestion of hosting it. The copies would need to be encrypted kind of like freenet style, and it decrypts as you log in.. the passes could be hashes that check in the blockchain so it's like keeping your private keys from bitcoin safe... just throwing in some ideas. It could probably be done but im not a good enough coder to actually get it working. I would wait until we have sidechains, I don't really see people throwing in electricity for a PoW that only servers this forum, we need to take advantage of the BTC blockchain hashrate. Too complicated so for now we'll have to deal with the ddosers the oldschool way.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 30, 2018, 03:37:19 PM |
|
The copies would need to be encrypted kind of like freenet style, and it decrypts as you log in.. the passes could be hashes that check in the blockchain so it's like keeping your private keys from bitcoin safe... just throwing in some ideas.
It could probably be done but im not a good enough coder to actually get it working. I would wait until we have sidechains, I don't really see people throwing in electricity for a PoW that only servers this forum, we need to take advantage of the BTC blockchain hashrate.
Too complicated so for now we'll have to deal with the ddosers the oldschool way.
I could probably do quite a bit of the signatures stuff. The transmission would be what I struggle with though but that could already be sampled from the regular core. As for the proof of work, that would be done whn you post, each post is a block and y'all get the score (or it could even be each topic is a block, you download the block, sign your new block, verify the entire block after checking the signatures of all the transactions/posts inside of that block/thread)...
|
|
|
|
inPRIVACYweBELIEVE (OP)
Member
Offline
Activity: 164
Merit: 35
Earn 20% ref commission https://bit.ly/2MaHCEr
|
|
August 31, 2018, 10:30:12 AM |
|
They are cousin brothers. Okay, I'm kidding. @hilariousetc is the alternative account of @hilariousandco. Or, @hilariousandco is the alternative account of @hilariousetc, but I think the first one is correct assuming @hilariousandco was created before and is in the DT, or has been a part of DT for a longer time, because I'm not sure if @hilariousetc is in the DT or not. Thanks for the information. I am keeping it simple meaning they are alt to each others.
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
August 31, 2018, 10:35:13 AM |
|
They are cousin brothers. Okay, I'm kidding. @hilariousetc is the alternative account of @hilariousandco. Or, @hilariousandco is the alternative account of @hilariousetc, but I think the first one is correct assuming @hilariousandco was created before and is in the DT, or has been a part of DT for a longer time, because I'm not sure if @hilariousetc is in the DT or not. Thanks for the information. I am keeping it simple meaning they are alt to each others. I think that's unlikely as hilariousandco was the first username I spotted (moderating bitcoin discussion) and hilarious is quite a common word. They seem to be seperate people (but maybe I'm wrong)...
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
August 31, 2018, 06:28:19 PM |
|
The copies would need to be encrypted kind of like freenet style, and it decrypts as you log in.. the passes could be hashes that check in the blockchain so it's like keeping your private keys from bitcoin safe... just throwing in some ideas.
It could probably be done but im not a good enough coder to actually get it working. I would wait until we have sidechains, I don't really see people throwing in electricity for a PoW that only servers this forum, we need to take advantage of the BTC blockchain hashrate.
Too complicated so for now we'll have to deal with the ddosers the oldschool way.
I could probably do quite a bit of the signatures stuff. The transmission would be what I struggle with though but that could already be sampled from the regular core. As for the proof of work, that would be done whn you post, each post is a block and y'all get the score (or it could even be each topic is a block, you download the block, sign your new block, verify the entire block after checking the signatures of all the transactions/posts inside of that block/thread)... Interesting take on it, but im not sure about post per block, even thread per block, I mean, as with everything in life, it is prone to exploits, in this case people could just spam the fuck out of it, I mean this forum is pretty fast paced already, so I have my doubts this would work out well. Perhaps more advanced members would have their "blocks" mined with a priority.. merit could act as a "fee" of sorts? im not sure, there are some good angles to research in the field of decentralizing a forum and protecting it against ddos. But then, if it becomes too complicated for noobs to get started and posting, someone else may just attack the niche with a classic forum and get traffic away from deflecting users of this forum in current form, ranking better in Google and then ending in ad revenue loss... very hard to balance things out here.
|
|
|
|
Beans
|
|
September 01, 2018, 02:34:18 AM |
|
sometime i also have issue with error 504 when login to forum, but reload and wait a little bit, every thing is oke.
|
|
|
|
inPRIVACYweBELIEVE (OP)
Member
Offline
Activity: 164
Merit: 35
Earn 20% ref commission https://bit.ly/2MaHCEr
|
|
September 04, 2018, 05:26:44 PM |
|
They seem to be seperate people (but maybe I'm wrong)...
Good to see you again Jack. After exploring the accounts I am confident that hilariousandco and hilariousetc are alts to each others. My alt account used on unsecure connections/computers. Do not send any coins or do any business with this account without confirming it with my main one first. Ref: https://bitcointalk.org/index.php?action=trust;u=164822I spotted another one which is hilarious* Ref: https://bitcointalk.org/index.php?topic=4958912.msg44695485#msg44695485So, to summarise: hilariousandco, hilariousetc and hilarious* are indeed alt to each others and I am 100% positive about it By the way: After the last 504 issues have we had any other server crashing?
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
September 04, 2018, 07:45:25 PM |
|
They seem to be seperate people (but maybe I'm wrong)...
Good to see you again Jack. After exploring the accounts I am confident that hilariousandco and hilariousetc are alts to each others. My alt account used on unsecure connections/computers. Do not send any coins or do any business with this account without confirming it with my main one first. Ref: https://bitcointalk.org/index.php?action=trust;u=164822I spotted another one which is hilarious* Ref: https://bitcointalk.org/index.php?topic=4958912.msg44695485#msg44695485So, to summarise: hilariousandco, hilariousetc and hilarious* are indeed alt to each others and I am 100% positive about it By the way: After the last 504 issues have we had any other server crashing? Ah yes I seem to be being too ignorant for my own good at this stage... - nice spot! I don't think there has been much errors recently (or at least ones I've noticed) this forum seems to be back up to quite a good speed.
|
|
|
|
|