Conversation

Notices

1. Embed this notice
   blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 09:29:16 JST blockbot
   DRC is getting attacked bad
   
   Have you seen this ddos attack before?
   
   84.239.12.133 - - [16/Jun/2024:23:19:25 -0600] "GET /api/v1/streaming HTTP/1.1" 504 167 "-" "-"
   84.239.12.133 - - [16/Jun/2024:23:19:25 -0600] "GET /api/v1/streaming HTTP/1.1" 504 167 "-" "-"
   84.239.12.133 - - [16/Jun/2024:23:19:25 -0600] "GET /api/v1/streaming HTTP/1.1" 504 167 "-" "-"
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 09:29:13 JST pistolero

     in reply to
     @blockbot iptables at that point. For stuff like that where someone's just doing the same pattern, I just tail the logs, someone passes a threshold and I drop the traffic. If it's enough to actually flood you, normal usage for that endpoint is about once a minute, so say something like more than ten times in ten seconds you could say is unlikely. I check our logs and in the last week, only two IPs hit 4 times in ten seconds and that only happened six times total, so setting it at ten times in ten seconds is pretty safe. So for your log format, something like this would work:
     
     tail -f /var/log/wherever | mawk -Winteractive '
     # Normally you'd just use the $vars but I'm setting them here so the post is easier to read:
     {ip = $1; timestamp = $4; tenseconds = substr(timestamp, 2, 19); path = $7}
     
     # So, check if they're hitting /api/v1/streaming or I think there's a v3 maybe.
     path ~ /\/api\/v[0-9]\/streaming/ {
     # Reasonable key, just cat the fields:
     ct = a[ip tenseconds]++
     # So, ten times in ten seconds from the IP:
     if(ct > 10) {
     print "Killing", ip
     # Or use whatever, ufw or some BSD thing.
     system("iptables -A INPUT -s " ip " -j DROP")
     }
     }
     '
     
     Here, they were too lazy to even set a UA, so it was probably just firing off nonsense over netcat (basic optimization for flooding: just abandon the connection after the request gets through instead of going through all the overhead of dealing with the HTTP library, which will do stuff like parse the response headers, etc.). Instead of worrying about thresholds, you could just kill anything that hits you more than once in a second and doesn't have a User-Agent set.
     
     One thing I do when testing this kind of script out is to replace "system" with "print" or put "echo" at the beginning of the program it runs, easy way to do a dry run.
     , ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 09:29:14 JST blockbot

     in reply to

     • pistolero
     @p
     
     It wasnt rate limited at the time of that screenshot
     Pleroma-tan repeated this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 09:29:15 JST blockbot

     in reply to

     • pistolero
     @p
     
     Here are the logs
     
     On nginx, i set that endpoint to deny all and even rate limited it and it still destroyed my server.
     
     Sync floods
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 09:29:15 JST pistolero

     in reply to
     @blockbot If the rate limit is kicking in, you don't get 504s, you get 429s.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 09:59:31 JST Pleroma-tan

     in reply to

     • pistolero
     @blockbot @p oom issue?
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 09:59:32 JST blockbot

     in reply to

     • pistolero
     @p
     
     Ty. This attack was annoying because it instantly crashed everything running on the server , even my dns. With dns broken, i cant login remotely and have to run to garage and login and diagnose. Cant even use internet to go to cloudflare to stop it
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:00:52 JST Pleroma-tan

     in reply to

     • Pleroma-tan
     • pistolero
     @blockbot @p as in some big SQL query caused server to die
     
     isn't it possible to configure certain applications to not go beyond a certain amount of memory in Linux?
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:04:07 JST Pleroma-tan

     in reply to

     • Pleroma-tan
     • pistolero
     @blockbot @p it is but it's for control groups
     
     Bet you if you configure a group and add like the postgresql user to it, the only thing that'll crash is akkoma
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:07:14 JST Pleroma-tan

     in reply to

     • Pleroma-tan
     • pistolero
     @blockbot @p or you could just, tweak the postgresql config, like a normal person
     
     https://stackoverflow.com/questions/28844170/how-to-limit-the-memory-that-is-available-for-postgresql-server
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 10:31:14 JST pistolero

     in reply to
     @blockbot Oh, shit. Yeah, that's a mess.
     Pleroma-tan repeated this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 10:31:14 JST pistolero

     in reply to

     • pistolero
     @blockbot You run dnsmasq for the local network? You'll wanna. And by default it only caches 150 entries, you'll want it way bigger, especially for a fedi server.
     
     One kind that I've never seen is a flood of "POST /inbox" with a signature for a pile of servers that don't exist but that do have DNS entries pointing somewhere slow; Revolver accepts provisionally and flags the entry, Mastodon and I *think* Pleroma hold the request open and don't respond until they have actually fetched the key. I haven't looked at how they behave if it's a blocked server, but since most Masto admins don't know what they are doing, I think they wouldn't know what was going on, and maybe it tries to fetch the key even for blocked instances; they go through some pageantry to stop your instance from automatically detecting that it is blocked. Like, if you block an instance on Masto, even if you've never seen it, it will start showing up in your peers (which is how fedilist found a bunch of non-fedi sites).
     
     On the bugout zone, I pretty heavily rate-limit /inbox but I think if you were clever about it, even that wouldn't solve it. Pleroma doesn't bottleneck outbound HTTP requests under most circumstances.
     
     You might actually even have a reflection attack if you were to make a DNS wildcard pointing at your target and then flooding all of fedi with "POST /inbox" and a key URL pointed at the DNS wildcard. Like, it's not super efficient but say you point it at a time-consuming endpoint for the other server (like /api/v1/streaming or the search endpoint or a hashtag; something that returns JSON, though, because a lot of the servers probably close the connection once they get back a header that says it's a video file or whatever without reading the body).
     
     This seems like a big enough problem that someone must have thought of it so either there's something I'm missing or we'll find out when someone decides to make a PoC.
     , ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:50:37 JST Pleroma-tan

     in reply to

     • pistolero
     @p @blockbot this is an interesting approach and what's interesting is that the ip in the first snippet [84.239.12.133] actually belongs to a vps company
     
     is this actually an approach they could've taken? is this someone that actually probably is not dumb but is doing dumb shit for some reason
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 10:54:30 JST pistolero

     in reply to

     • Pleroma-tan
     @kirby @blockbot It sounds like his upstream was flooded. Residential lines are lopsided.
     Pleroma-tan likes this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:56:51 JST Pleroma-tan

     in reply to

     • pistolero
     @p @blockbot well that's a lot more boring and makes sense. lame
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 10:58:22 JST Pleroma-tan

     in reply to

     • pistolero
     @p @blockbot i may be mildly. just mildly. uneducated
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 10:58:23 JST pistolero

     in reply to

     • Pleroma-tan
     @kirby @blockbot
     
     > as in some big SQL query caused server to die
     
     Nah, Postgres preallocates its memory.
     Pleroma-tan likes this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 11:01:35 JST Pleroma-tan

     in reply to

     • Pleroma-tan
     • pistolero
     @p @blockbot actually count this post as deleted because i sort of don't understand what you're talking about here
     
     i mean the problem is with the streaming api, right
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 11:02:48 JST Pleroma-tan

     in reply to

     • Pleroma-tan
     • pistolero
     @p @blockbot well not exactly a vps company "Telecom service provider"
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 13:06:51 JST pistolero

     in reply to

     • Pleroma-tan
     @kirby @blockbot If I leave something out, I keep switching between fedi and acme and I hit "^W" to erase a word and instead it closed the tab, so I am retyping it and sometimes this makes a feller think he has mentioned something but instead, he has said nothing because history has been erased.
     
     > the ip in the first snippet [84.239.12.133] actually belongs to a vps company
     
     Yeah, a lot of VPNs just lease cheap VPSs. It's not Tor, Mullvad, Cloudflare, or ProtonVPN, and those are the only ones I have in my "tell me some shit about this address" script. This one looks like it's from privateinternetaccess.com, which is a paid VPN service.
     
     > is this actually an approach they could've taken?
     
     I don't know. I don't even know if it works. There are a lot of accidental DoSs, it's network code and the network got huge, but the dev teams didn't get more time, and people are always yelling "FEATURES FEATURES" and no one sponsors "Fix the holes" or "Can we make this not absurdly slow" or anything like that.
     
     > is this someone that actually probably is not dumb but is doing dumb shit for some reason
     
     They don't seem dumb, but I don't know why they have decided to try to DoS the pedo instances. It's a moderately clever attack but it's really noisy and it's easy to stop completely and the execution is really lazy.
     
     Pedos have lots of websites, and you can't really remove someone from a decentralized network. I can understand why that might happen if the pedos were doing cop-bait shit and the admin was going out of his way to agitate, but they went after DRC, which is not a pedo instance (maybe confused DRC's Alice with someone on one of the other instances, there are a few people named that on those servers), so it can't be a response to anything they were actively doing, or this person would have started with whoever was actually causing trouble. Bored kid got a wild hair up his ass, no idea.
     babyfuck.png
     ✙ dcc :pedomustdie: :phear_slackware: and Pleroma-tan like this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 13:25:51 JST pistolero

     in reply to

     • Pleroma-tan
     @kirby @blockbot Let's hack the FBI!
     Pleroma-tan likes this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 13:25:58 JST pistolero

     in reply to

     • Pleroma-tan
     • pistolero
     @kirby @blockbot (It will be an educational experience.)
     Pleroma-tan likes this.
   • Embed this notice
     Pleroma-tan (kirby@lab.nyanide.com)'s status on Tuesday, 18-Jun-2024 13:31:10 JST Pleroma-tan

     in reply to

     • pistolero
     @p @blockbot nooooooooo... i wanted to believe fantasy :(
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:12 JST pistolero

     in reply to

     • Pleroma-tan
     @blockbot @kirby Yeah. A single TCP frame is easy to send.
     
     > Possible SYN flooding
     
     This just means really heavy traffic; at the level of the kernel's routing table, it can be difficult to tell the difference between high traffic and a syn flood.
     ytcracker--strictly_for_my_streamers--05_terminal.mp3
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:12 JST pistolero

     in reply to

     • Pleroma-tan
     • pistolero
     @blockbot @kirby Like, the TCP handshake:
     
     :mgsgb_1::mycomputer::ddr_r::hal9000: SYN
     :mgsgb_2::hal9000::ddr_r::mycomputer: ACK/SYN
     :mgsgb_3::mycomputer::ddr_r::hal9000: ACK
     
     After step 3, the connection is established. Sending a SYN flood looks a lot like creating a large number of incoming connections, because it's just repeating step 1 and ignoring the responses in step 2. The from address can be forged, so how do you tell the difference? The syncookie thing is basically embedding some private data in a hash in the TCP sequence number so that the server can skip the connection overhead: when step 3 happens, it validates the hash and then it can assume the connection is really open.
     
     Since actual requests were coming in, it wasn't a syn flood: you can't send the "GET /api/v1/streaming HTTP/1.1\r\n" unless you've finished the handshake.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 14:40:13 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     @p @kirby
     
     It was strong enough to ruin everything running on the Server
     
     Jun 17 14:57:49 nas kernel: TCP: request_sock_TCP: Possible SYN flooding on port 0.0.0.0:443. Sending cookies.
     
     Made NGINX his bitch
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:41 JST pistolero

     in reply to

     • Pleroma-tan
     @blockbot @kirby I don't think it's new, there's not a good way to fix it in Pleroma.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 14:40:42 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     @p @kirby
     
     The vulnerability he found with nginx/Pleroma is major..... can't even protect ourselves. Sucks
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:49 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby I don't know, man, FSE always seems to survive DDoS just fine.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 14:40:50 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @blockbot @p @kirby lmao imouto managed to "protect themselves" from the ddos attacks by heavily limiting network traffic but it ended up causing everyone to deal with connectivity issues and a ton of people were unable to access their instance because of their poor mitigations 😭

   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 14:40:50 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @p @kirby
     
     Did they rate limit /api with nginx? bad move lol
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:55 JST pistolero

     in reply to

     • Pleroma-tan
     • SilverDeth
     @SilverDeth @blockbot @kirby Don't worry, I'm behind 7 proxies.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     SilverDeth (silverdeth@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:40:56 JST SilverDeth

     in reply to

     • Pleroma-tan
     • pistolero
     @p @kirby @blockbot
     
     Please don't... I like this place...
   • Embed this notice
     ✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Tuesday, 18-Jun-2024 14:42:02 JST ✙ dcc :pedomustdie: :phear_slackware:

     in reply to

     • Pleroma-tan
     • pistolero
     • SilverDeth
     @p @blockbot @SilverDeth @kirby *DING DING DING*
     :dont_panic: HACK COMPLETE :dont_panic:
     :we_did_it:
     hacking.gif
   • Embed this notice
     ✙ dcc :pedomustdie: :phear_slackware: (dcc@annihilation.social)'s status on Tuesday, 18-Jun-2024 14:42:49 JST ✙ dcc :pedomustdie: :phear_slackware:

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @p @kirby @85f02109a28864e4713d3f972ab66a More horsepower anyways helps with ddo's
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 14:42:51 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @p @kirby @85f02109a28864e4713d3f972ab66a
     
     This was the atomic bomb of Fedi DDOS
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:42:57 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby
     
     > it totally BTFO's anything you can do in NGINX.
     
     It doesn't, though.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 14:42:59 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @blockbot @p @kirby it's so bad that after 3 refreshes nginx starts throwing 503s

   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 14:42:59 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @p @kirby
     
     Your attack method is interesting because it totally BTFO's anything you can do in NGINX.
     
     This had no effect at all.
     
     location /api/v1/streaming {
     limit_req zone=foo burst=1 nodelay;
     
     deny all;
     }
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 14:48:56 JST pistolero

     in reply to

     • Pleroma-tan
     @kirby @blockbot I don't know which fantasy, but hopefully it's not the one about doing rapes at a bus stop.
     Pleroma-tan likes this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 15:37:17 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby limit_conn.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 15:37:18 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @p @kirby @85f02109a28864e4713d3f972ab66a
     
     Nginx tried to deny and rate limit but the system still got messed up.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 15:49:38 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby
     
     > Come on P!
     
     Do you think that sending more messages makes me catch up on messages faster?
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 15:49:40 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @blockbot @p @kirby he isnt responding 😭

   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 15:49:40 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @p @kirby
     
     Come on P!
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 15:49:41 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @blockbot @kirby The hell are they doing that is making it toss 503s?
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 15:49:41 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @p @blockbot @kirby can i see if your instance is protected

   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 15:49:41 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @p @kirby
     
     Do it for Science P!
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 16:05:32 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @p @blockbot @kirby don't give the pedophiles any tips

   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 16:05:32 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @blockbot @kirby I'm not, I don't talk to them. The pedos instance-block FSE: https://fba.ryona.agency/?domain=fsebugoutzone.org
     
     I am gonna say stuff in public about how to fix bugs.
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 16:05:33 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby Well, DoS unless there were more IPs. But I can see what was happening, and rate-limiting the endpoint and capping the number of open connections per host fixes it even before just killing off the VPN's IPs.
   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 16:15:53 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @blockbot @85f02109a28864e4713d3f972ab66a @kirby Let's fucking GOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO
     fse_mood_meter.png
     ✙ dcc :pedomustdie: :phear_slackware: likes this.
   • Embed this notice
     blockbot (blockbot@detroitriotcity.com)'s status on Tuesday, 18-Jun-2024 16:15:54 JST blockbot

     in reply to

     • Pleroma-tan
     • pistolero
     • 85f02109a28864e4713d3f972ab66a
     @p @kirby @85f02109a28864e4713d3f972ab66a
     
     
     let's go!
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 16:15:55 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @p @blockbot @kirby do you want to test

   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 16:15:55 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @blockbot @kirby Knock yourself out.
   • Embed this notice
     85f02109a28864e4713d3f972ab66a (85f02109a28864e4713d3f972ab66a@pawoo.net)'s status on Tuesday, 18-Jun-2024 16:16:13 JST 85f02109a28864e4713d3f972ab66a

     in reply to

     • Pleroma-tan
     • pistolero

     @p @blockbot @kirby what does this mean lmao

   • Embed this notice
     pistolero (p@fsebugoutzone.org)'s status on Tuesday, 18-Jun-2024 16:16:13 JST pistolero

     in reply to

     • Pleroma-tan
     • 85f02109a28864e4713d3f972ab66a
     @85f02109a28864e4713d3f972ab66a @blockbot @kirby It means go for it, do it. Looks like it stopped. Turn it back on on, crank it way up.
     
     Let me give you an idea of the scale. To test out the software I am working on, I exploited a different bug to DDoS myself: https://git.pleroma.social/pleroma/pleroma/-/issues/2765 . We had a sustained 800+r/s, and that's successful requests, right? I turned off the rate-limiting on /objects for that. Just compulsive posting in the hellthread. 800r/s isn't that amazing, but it's way bigger than 14.22 I don't know how many it would have taken to break it, because I couldn't get up the other instances to fetch posts any faster.
     
     People have hit the streaming endpoint before. We got aggressively scraped by several places, boardreader.com was feeding it to the FBI, we got DDoS'd by a DDoS mitigation company, we got flooded by Gab. Short of saturating the pipe (please don't, that *is* a pain), FSE is really hard to knock down. If you find a bug and *can* knock it down, feel free. Your existing strategy does not work here, but there are lots of holes in fedi, I'm sure you can find another one.
     koddos.png
     ✙ dcc :pedomustdie: :phear_slackware: likes this.