Cloudflare errors getting more frequent?

[captain_to_fire]

Just as the title says, Cloudflare error messages are getting more and more frequent. Does it mean LTT is under attack? Is it a false positive on Cloudflare's side? I have to refresh multiple times just to post this. I can't even view my notifications.

• Windows 10 Home
• Chrome 67

 

[samuel74258]

@captain_to_fire Me too

 

[Techicolors]

i got a DDoS protection screen, is it the attacker from before redesign?

[colonel_mortis]

We're currently being subject to a gigantic DDoS attack. We are attempting to mitigate it, and you will see a cloudflare javascript challenge before accessing the site as part of this, but while it's ongoing you might get occasional errors like that.

[Wh0_Am_1]

I don't think so, I think that it may have been a server error on LTT part, at least according to cloudflare. Though funnily as I was logging on this time, I got the "checking your browser" screen for the first time on the forum.

[Wh0_Am_1]

1 minute ago, colonel_mortis said:

We're currently being subject to a gigantic DDoS attack. We are attempting to mitigate it, and you will see a cloudflare javascript challenge before accessing the site as part of this, but while it's ongoing you might get occasional errors like that.

Wow. Well, that explains it.

[captain_to_fire]

1 minute ago, colonel_mortis said:

We're currently being subject to a gigantic DDoS attack. We are attempting to mitigate it, and you will see a cloudflare javascript challenge before accessing the site as part of this, but while it's ongoing you might get occasional errors like that.

Who could be behind a DDoS attack on LTT to create a massive botnet? Nonetheless I tried connecting to a VPN server and everything works fine now. Hopefully the DDoS situation get sorted out.

 

*Part of me thinks that the one behind the DDoS attack on LTT is a previously banned member/s...

[Wh0_Am_1]

6 minutes ago, captain_to_fire said:

 

*Part of me thinks that the one behind the DDoS attack on LTT is a previously banned member/s...

That's a bit unlikely due to the fact that such an attack necessitates a large botnet to work effectively, then again if that former member were a hacker I suppose that would make sense. ... I had to attempt 3 times it post this.

[Tabs]

I only just realised that cloudflare proxying had been configured. Wow, must be pretty harsh.

 

@colonel_mortis Can you share any more information on this attack? When it started etc? Reasons for it and/or demands? Relative volumes? I was on the site replying to a message a few hours ago and everything seemed normal.

 

I know most of this is need to know info until this is over but I'm still curious.

[captain_to_fire]

7 minutes ago, Wh0_Am_1 said:

That's a bit unlikely due to the fact that such an attack necessitates a large botnet to work effectively, then again if that former member were a hacker I suppose that would make sense. ... I had to attempt 3 times it post this.

From what I understand, anti-DDoS protection like Cloudflare should be able to filter out unwanted traffic by determining if it's likely to come from a botnet while keeping websites like LTT up and running while reducing downtime. Looks like this time Cloudflare is having a little bit of trouble.

[Adorable Cat]

who tf would go through the trouble to DDOS this forum, I can think of literally nothing they'd gain

[SuperCooling87]

Yep, I just had the same issue. Good luck with mitigating the attack. Please let us know the details afterwards.

[colonel_mortis]

4 minutes ago, Tabs said:

I only just realised that cloudflare proxying had been configured. Wow, must be pretty harsh.

 

@colonel_mortis Can you share any more information on this attack? When it started etc? Reasons for it and/or demands? Relative volumes? I was on the site replying to a message a few hours ago and everything seemed normal.

 

I know most of this is need to know info until this is over but I'm still curious.

Half an hour ago, I have no idea about the motive and have received no demands.

This is the largest attack that I have been able to measure. It's a layer 7 attack, which means spamming with HTTP requests (other types are 100% blocked by Cloudflare).

They happen from time to time, sometimes because people want to see it discussed in a video (spoiler alert: I live in a different country to the LMG team, so there's definitely no video coming), sometimes because they're pissed off at some moderation, and sometimes because they're bored and have enough money to buy a large botnet.

[captain_to_fire]

2 minutes ago, colonel_mortis said:

This is the largest attack that I have been able to measure. It's a layer 7 attack, which means spamming with HTTP requests

Based on what I just read right now, a layer 7/application layer attack is much harder to fend off than typical volumetric attack that just generating large traffic. I'm guessing Cloudflare is having a bit of trouble fending off against layer 7 attacks?

 

3 minutes ago, colonel_mortis said:

sometimes because they're pissed off at some moderation, and sometimes because they're bored and have enough money to buy a large botnet.

I signed up in 2015 and only posted a year later so I don't know who are the past members that got banned before that but I can't think off any banned member that I know to have such big vendetta towards the mods or even have enough money to buy a botnet.

[Razor Blade]

31 minutes ago, Wh0_Am_1 said:

That's a bit unlikely due to the fact that such an attack necessitates a large botnet to work effectively, then again if that former member were a hacker I suppose that would make sense. ... I had to attempt 3 times it post this.

I would never consider an instigator of a DDoS attack a hacker any more than I would consider someone that uses a hammer to install a nail to hang a picture a carpenter. DDoS might be a tool certain groups use but it doesn't make someone a hacker if they use it. 

 

 

I appreciate the work keeping this forum online. It has been a great outlet for the hobby and it makes me sad that there is some person or group out there trying to take that away.

[Tabs]

6 minutes ago, captain_to_fire said:

Based on what I just read right now, a layer 7/application layer attack is much harder to fend off than typical volumetric attack that just generating large traffic. I'm guessing Cloudflare is having a bit of trouble fending off against layer 7 attacks?

 

I signed up in 2015 and only posted a year later so I don't know who are the past members that got banned before that but I can't think off any banned member that I know to have such big vendetta towards the mods or even have enough money to buy a botnet.

The problem with layer 7 attacks is that legitimate traffic is also layer 7. It takes a lot of engineering effort and network configuration chops to be able to discern the difference for a sophisticated attack using Layer 7.

 

If it were just a flood of syn/acks or something it'll be blocked easily by cloudflare, that just becomes a case of bandwidth at that point. Layer 7 is more difficult because you don't want to be overzealous and block legitimate traffic as well.

[LogicalDrm]

35 minutes ago, Tabs said:

Reasons for it and/or demands?

 

Based on past, these are just bored kids who want attention. Sometimes it may be traced back to banned member when they can't keep their mouth shut (gloating on Twitter or PCPP forums or maybe Reddit).

 

19 minutes ago, captain_to_fire said:

I signed up in 2015 and only posted a year later so I don't know who are the past members that got banned before that but I can't think off any banned member that I know to have such big vendetta towards the mods or even have enough money to buy a botnet.

 

It wouldn't be after so long time. It would be someone rather recent, maybe someone who got timeout and then perm quickly after that. Or perma because of dual accounts during ban. It could even be someone banned from Discord.

[Zodiark1593]

Oh goody, the most "mature" means of attacking a website. I am in such awe of the matureness of the rat kids that pay to spam a small forum site (a tiny blip compared to something like Reddit) into oblivion, or in this case, fail with very little impact to users besides the minor annoyance factor.

 

54 minutes ago, colonel_mortis said:

 

I'm kind of curious. How big of an attack is this? Several dozens of gbps, or perhaps tbps? I'm not certain what qualifies as "gigantic" in this day and age. 

 

Also, will mitigating the DDoS incur additional fees?

[colonel_mortis]

1 hour ago, Zodiark1593 said:

I'm kind of curious. How big of an attack is this? Several dozens of gbps, or perhaps tbps? I'm not certain what qualifies as "gigantic" in this day and age. 

It's a layer 7 attack so it's measured in requests per second rather than bits per second. It was of the order thousands of requests per second. Probably not gigantic by really big website standards, but definitely big by ours.

1 hour ago, Zodiark1593 said:

Also, will mitigating the DDoS incur additional fees?

No, it just takes up a little bit of my time.

[Wh0_Am_1]

6 hours ago, captain_to_fire said:

From what I understand, anti-DDoS protection like Cloudflare should be able to filter out unwanted traffic by determining if it's likely to come from a botnet while keeping websites like LTT up and running while reducing downtime. Looks like this time Cloudflare is having a little bit of trouble.

Well yes that's the goal, and that is what it was doing, but DDoS attacks are hard to filter properly, due to the fact that it requires separating a bot computer from a user that wants to access the services that the website that they are attempting to reach, and when a bunch of bots are sending as many as several thousand request per bot controlled computer a second it even further increases the difficulty of distinguishing bots from users, honestly Cloudflare should be commended for their impressive services at performing this task with only a few reattempts required by a user.

[Wh0_Am_1]

6 hours ago, Razor Blade said:

I would never consider an instigator of a DDoS attack a hacker any more than I would consider someone that uses a hammer to install a nail to hang a picture a carpenter. DDoS might be a tool certain groups use but it doesn't make someone a hacker if they use it. 

 

 

I appreciate the work keeping this forum online. It has been a great outlet for the hobby and it makes me sad that there is some person or group out there trying to take that away.

True sometimes an attack is performed by a group of activists, or in the case of Baidu, diverting searches to an undesirable website to take it down for extended periods of time, but generally speaking, due to extensive hardware required to perform a DDoS attack, most are performed by hacker groups, whom create botnets via worms and etc. such as the infamous IoT Mirai botnet that attacked DYN DNS services back in October of 2016, leading to at the time, the largest botnet attack in history. Though of course, it is also possible to pay other hackers to launch a DDoS attack.

[TopHatProductions115]

So in other words, an attention-seeking script-kiddie is messing around with a botnet possibly? 

[colonel_mortis]

4 hours ago, TopHatProductions115 said:

So in other words, an attention-seeking script-kiddie is messing around with a botnet possibly? 

Pretty much, yeah 

[LogicalDrm]

1 hour ago, VegetableStu said:

it's sentences like these that makes the person saying it sound like a superhero or mad genius to me o_o ,_,

People who do this shit should also hear how little they actually affect. They think people screaming in agony, CEOs shouting to their phones and people angry-tweeting to companies in masses. When in reality everything sort of still works and admin presses button to run clean-up script. Only the massive ones get segment in news. Usually just general tech issues get more time on news than DDoS attacks (which is how it should be).

[JoostinOnline]

On 7/7/2018 at 11:25 AM, colonel_mortis said:

We're currently being subject to a gigantic DDoS attack. We are attempting to mitigate it, and you will see a cloudflare javascript challenge before accessing the site as part of this, but while it's ongoing you might get occasional errors like that.

Did it just happen again?