[ANN] bitcoindata.science | sponsored by l0tt0.com

[dkbit98]

Well, I am under a DDOS attack. Even cloudflare couldn`t stop it. I switched to a far more aggressive configuration now.

I don't understand what would be the reason for attacking Bitmover website, unless they are just training and randomly attacking everyone they can, especially if website has some connection with Bitcoin 
Sometimes I think that hosting providers are somehow involved in attacks like this, in this way they are forcing you to upgrade and buy more expensive packages.

[bitmover]

It seems to me that the attack has slowed down a bit now.
I hope that the sharper configuration of CF will not cause problems with the operation of the tools, considering that they are all automated.

....

I wouldn't be surprised if it's a CloudFlare tactic to push him to a paid plan.

Thanks for your support examplens.

Attack has slowed, but looks to be increasing again


They are attacking basically the api. All attacks go to bitcoindata.science/api/.....


On another topic, I have updated the balance checker tool, so it supports QR Codes now.



https://bitcoindata.science/bitcoin-balance-check

This was a Hhampuz request, and I think it is very useful

Well, I am under a DDOS attack. Even cloudflare couldn`t stop it. I switched to a far more aggressive configuration now.

I don't understand what would be the reason for attacking Bitmover website, unless they are just training and randomly attacking everyone they can, especially if website has some connection with Bitcoin 
Sometimes I think that hosting providers are somehow involved in attacks like this, in this way they are forcing you to upgrade and buy more expensive packages.

Maybe examplens is right, and cloudflare is attacking so I get a paid plan.

[NotATether]

Maybe examplens is right, and cloudflare is attacking so I get a paid plan.

That doesn't make any sense either. I've never had any of my web properties attacked by cloudflare in order to make me pay up.

@LoyceV: Hm. I guess you are right on this one. However, I think the packet contens themselves don't need to be inspected, but just the TCP/IP metadata. That is not encrypted and will take care of everything up to Layer 7 attacks. For that, you can just measure the frequency of requests made to a particular URL (since that is unencrypted too).

[examplens]

Sometimes I think that hosting providers are somehow involved in attacks like this, in this way they are forcing you to upgrade and buy more expensive packages.

I guarantee that it is not up to the hosting provider in this case. 
Other sites (hosted with bitmover's site) do not have this problem, and from 01.01.2024 it is on a slightly more expensive package.


@bitmover, it looks like you messed up FeeBuddy with more aggressive settings on CloudFlare. I didn't see any posts from that side today.

[bitmover]

@bitmover, it looks like you messed up FeeBuddy with more aggressive settings on CloudFlare. I didn't see any posts from that side today.

Thanks.
I blocked all bots. Somehow, cloudflare is blocking bots from its own domain, but bots from other regions are still attacking.... I will see what I can do

[joker_josue]

Well, I am under a DDOS attack. Even cloudflare couldn`t stop it. I switched to a far more aggressive configuration now.

I don't understand what would be the reason for attacking Bitmover website, unless they are just training and randomly attacking everyone they can, especially if website has some connection with Bitcoin 
Sometimes I think that hosting providers are somehow involved in attacks like this, in this way they are forcing you to upgrade and buy more expensive packages.

I happened to think the same.

I don't know how you are managing the server, bitmover. But, I think you need to review this hosting company, as it could be a company that attracts these types of attacks.

Review your API code to check if there is anything that could be attracting the attention of these bots.

[bitmover]

Well, I am under a DDOS attack. Even cloudflare couldn`t stop it. I switched to a far more aggressive configuration now.

I don't understand what would be the reason for attacking Bitmover website, unless they are just training and randomly attacking everyone they can, especially if website has some connection with Bitcoin 
Sometimes I think that hosting providers are somehow involved in attacks like this, in this way they are forcing you to upgrade and buy more expensive packages.

I happened to think the same.

I don't know how you are managing the server, bitmover. But, I think you need to review this hosting company, as it could be a company that attracts these types of attacks.

Review your API code to check if there is anything that could be attracting the attention of these bots.

I was talking with a friend owns a somewhat big domain in Brazil.
He said people do this kind of attacks and usually ask money to stop the attack.

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

[paid2]

I was talking with a friend owns a somewhat big domain in Brazil.
He said people do this kind of attacks and usually ask money to stop the attack.

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

Where I live, when communism ended, insurance companies offered to protect and insure you against their own henchmen when you had a business lol
I think that's exactly what CF is doing in our case, I agree with examplens idea... I can imagine some DDOS attacks blackmailing dark net markets as they already are "XMR/BTC savvy" and generating a lot of money (perfect targets for this kind of activities IMO), but I'd be surprised if that was the case for a niche website like yours even if it is crypto-related.

I hope you get the hang of it soon bitmover!

[joker_josue]

I was talking with a friend owns a somewhat big domain in Brazil.
He said people do this kind of attacks and usually ask money to stop the attack.

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

I've never heard of this, but I've also never researched the topic. So I'm not going to say it won't happen.

Now, I think this is a bit of a conspiracy theory. Because there are companies competing with Cloudflare, and therefore, the person can simply switch to another company, as the plan they are using at Cloudflare is not delivering as promised.

Either way, I just hope that you can resolve these problems, and that everything is back to normal. If we can do something on this side, feel free. 

[bitmover]

[Now, I think this is a bit of a conspiracy theory. Because there are companies competing with Cloudflare, and therefore, the person can simply switch to another company, as the plan they are using at Cloudflare is not delivering as promised.

There aren't many companies competing with cloudflare.like  aws and azure and a few more, but Cloudflare is the most used.

I use the free cloudlfare plan now.
Their cheapest plan is 200 usd per year.

[joker_josue]

[Now, I think this is a bit of a conspiracy theory. Because there are companies competing with Cloudflare, and therefore, the person can simply switch to another company, as the plan they are using at Cloudflare is not delivering as promised.

There aren't many companies competing with cloudflare.like  aws and azure and a fee more, buy Cloudflare is the most used.

I use the free cloudlfare plan now.
Their cheapest plan is 200 usd per year.

Alternatives exist, but they may not have free plans with the same quality.
Does your hosting company not offer a DDoS protection service, for example? Of course, it never guarantees 100% security, but it is always another protective barrier.

[LoyceV]

@LoyceV: Hm. I guess you are right on this one. However, I think the packet contens themselves don't need to be inspected, but just the TCP/IP metadata. That is not encrypted and will take care of everything up to Layer 7 attacks. For that, you can just measure the frequency of requests made to a particular URL (since that is unencrypted too).

How are you going to distinguish between me, who tries to access DDOSed site 5 times an hour to see if it's back up, and 5 million bots who each send one request per hour to the site?

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

This falls in the same category as anti-virus companies releasing computer viruses.

[bitmover]

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

This falls in the same category as anti-virus companies releasing computer viruses.

The point is that you don't need an antivírus to have a computer.
But basically all big websites runs on cloudflare (most that i know of), not because they want, but because someone always is attacking who doesn't use it.

[examplens]

I don't know how you are managing the server, bitmover. But, I think you need to review this hosting company, as it could be a company that attracts these types of attacks.

The server is hosted by Hetzner.
I have 50-100 sites (small and large) on the same server, only bitmover's site is under attack. 10+ years on the same contract, several upgrades in the meantime, all this gives me very little room that this bad intention came from there.

I also asked them for a solution to solve this problem and I got a very similar answer as I advised bitmover myself, somewhat more radical settings on cloudflare.
@joker_josue You have well suggested this for a DDoS protection service, I will talk to them about it and whether there are such possibilities.

As far as I can see, most of this bad traffic has been halted so far, CF seems to be doing its job.

[bitmover]

As far as I can see, most of this bad traffic has been halted so far, CF seems to be doing its job.

Yeah, CF blocked most bad traffic as far as I can see.
However,  it blocked Feebudy (which is a bot lol).

I will try to reduce cf setting later to unblock him..

[joker_josue]

I don't know how you are managing the server, bitmover. But, I think you need to review this hosting company, as it could be a company that attracts these types of attacks.

The server is hosted by Hetzner.
I have 50-100 sites (small and large) on the same server, only bitmover's site is under attack. 10+ years on the same contract, several upgrades in the meantime, all this gives me very little room that this bad intention came from there.

I also asked them for a solution to solve this problem and I got a very similar answer as I advised bitmover myself, somewhat more radical settings on cloudflare.
@joker_josue You have well suggested this for a DDoS protection service, I will talk to them about it and whether there are such possibilities.

As far as I can see, most of this bad traffic has been halted so far, CF seems to be doing its job.

But they already have this service: https://www.hetzner.com/unternehmen/ddos-schutz/
Now, it seems to me that it is only available in the WEBHOSTING or MANAGED SERVERS service.

If you are using the dedicated server, I think this service is not included. But, it may be possible for an additional cost. Or, since you are using a dedicated server, you can choose a service for yourself. In addition to Cloudflare, there is Imunify360 - https://www.imunify360.com - you can take a look.

[dkbit98]

He also said the same examplens said : this could be an attack from cloudflare, to force me into a paid plan.

I wouldn't be surprised if that was the case  

There aren't many companies competing with cloudflare.like  aws and azure and a few more, but Cloudflare is the most used.

eXch admin once said there is a good alternative for cloudflare he is using, but I am sure it's not free or cheap.
$200 per year for cloudflare is not so expensive but nobody can guarantee you won't have ddos attacks again.

This falls in the same category as anti-virus companies releasing computer viruses.

I was just thinking the same thing, I think John McAfee explained very well that antiviruses are mostly doing nothing but spy people, and they are useless today

[examplens]

Yeah, CF blocked most bad traffic as far as I can see.
However,  it blocked Feebudy (which is a bot lol).

I've been monitoring your total bandwidth for the last few days, it seems you have a bit more traffic compared to before the attack, but within tolerable limits. These days I also noticed that many sites are under similar pressures.

I don't have much experience with more advanced CloudFlare settings, but have you tried adding some exceptions, for FeeBuddy for example? I saw that in Security>>WAF there is an option to add custom rules to protect API and known bots from malicious traffic.
Missing FeeBuddy 

[bitmover]

Yeah, CF blocked most bad traffic as far as I can see.
However,  it blocked Feebudy (which is a bot lol).

I've been monitoring your total bandwidth for the last few days, it seems you have a bit more traffic compared to before the attack, but within tolerable limits. These days I also noticed that many sites are under similar pressures.

I don't have much experience with more advanced CloudFlare settings, but have you tried adding some exceptions, for FeeBuddy for example? I saw that in Security>>WAF there is an option to add custom rules to protect API and known bots from malicious traffic.
Missing FeeBuddy 

Yeah, I am close to 13k visitors per month. Incredible number!! Never expected to reach that

I miss fee buddy too. The point is that I am working in other projects too. I have a broken api in withdrawal strategy as well (coingecko decide to move to a paid plan model)... I will fix it and then I will see what I can do for feebuddy. I added some protection against bots, which is probably blocking him

[RickDeckard]

While it doesn't happen to me often, in some rare instances when I try to access the website I am presented with the following message:

Code:

<!doctype html>
<html lang="en">
<head>
    <meta charset="utf-8">
    <meta name="robots" content="noindex, nofollow">
    <title>One moment, please...</title>
    <style>
    body {
        background: #F6F7F8;
        color: #303131;
        font-family: sans-serif;
        margin-top: 45vh;
        text-align: center;
    }
    </style>
    </head>
<body>
    <h1>Please wait while your request is being verified...</h1>
    <form id="wsidchk-form" style="display:none;" action="/z0f76a1d14fd21a8fb5fd0d03e0fdc3d3cedae52f" method="GET">
    <input type="hidden" id="wsidchk" name="wsidchk"/>
    </form>
 (...)

Is this some sort of broken captcha page that perhaps isn't compatible with some settings that I have going on with my browser? After a few tries (or coming back later) the website just loads normally.