/meta/ - Meta

Meta Discussion and Admin Announcements


New Reply
Name
×
Email
Subject
Message
Files Max 5 files32MB total
Tegaki
Password
Captcha*Select the solid/filled icons
[New Reply]


aom13a9dnbs21.png
[Hide] (108.2KB, 210x240)
some stupid fucking script kiddie was hitting the login endpoint a few hundred times per second from the onion

stop being a skid faggot.
Replies: >>4000 >>4002 >>4005
checkem.png
[Hide] (152KB, 650x360)
>>3999 (OP) 
Checkem

I'll be setting up a proper monitoring setup for this kind of thing in the future, images should stop getting eaten and I'll get a proper alarm next time.
just like block their IPs lol
Replies: >>4002
21942079c78a5630f8d246aeb7c5f734b29914f84e6c11bd5478d5c6cf6daa3a.jpg
[Hide] (80.8KB, 1024x1017)
>>3999 (OP) 
lel
How did that make images but not thumbs 404?
>>4001
>onion
>IP
lel
Replies: >>4003 >>4005
>>4002
it was maxing out the appservers cpu which was fucking with redlock.js lol. I'm working on tightening it up but i don't think that endpoint should be trying to do anything with an empty post request to begin with. Guy isn't even trying to crack passwords it's just straight app-level ddos.
1650424264719.jpg
[Hide] (806.6KB, 1000x1000)
Hey jannies can you make an announcement?  After today's events there is a high probability of catbox.moe being shut down or going offline (just like what happened with mixtape.moe) because of the glownigger false flag. Can you put something at the top that tells people to back up or re-upload everything they have on catbox to a new file host?
Replies: >>4029
>>3999 (OP) 
>>4002
>onion
>IP
>lel
You should do some more reading about Tor. It is possible to discriminate users by circuit identifier, like an "IP". Requires a webserver supporting the PROXY protocol to export circuit identifiers from connections.

Webring and all onion sites need to innovate and protect themselves because cloudflare can't save you in these parts. Here's a demo of what I've been working on (i shared pictures of an earlier version in another therad). Should help with script kiddies.
Replies: >>4006 >>4007
recording.mp4
[Hide] (18.8MB, 1212x1310, 04:52)
>>4005
forgot
Replies: >>4007 >>4013 >>4017
>>4005
>>4006
Cool
Simply banning one would still be pretty pointless as it takes about 2 seconds to get a new circuit.
Replies: >>4008 >>4009 >>4029
>>4007
Takes about 2 seconds to have to solve another proof of work*
That's exactly the point.
Replies: >>4009 >>4012 >>4016
>>4008
>>4007
So you can generate another "circuit" but you will see "Checking your browser for robots" again?
t. retard that needs spoonfeeding
Replies: >>4010
>>4009
Yes.
And because you can discriminate between circuits, you can effectively put strict ratelimits on how often each circuit can do certain things without affecting all Tor users. Each time a spammer wants to do /login which is CPU expensive to the server, they have to solve a CPU expensive proof-of-work themselves, creating a balance. All dos/ddos is about making an imbalance in favour of the attacker, and this turns the tables. CPU is the most expensive resource in ddos, especially since volumetric attacks don't really happen over Tor. So making new circuits does not help attackers. Also, the script can communicate with the tor daemon control port to send commands and tear down offending circuits, forcing attackers to make new ones.

Real users circuit will not change frequently, so they will usually only solve it once, and it doesn't disturb them for the rest of their browsing session.

I think its a pretty good method. Some DNM's on tor and Dread have even implemented this same thing in nginx (not sure how they do it in nginx). I use haproxy instead because tor natively supports exporting circuit identifiers through haproxy protocol.
Replies: >>4016 >>4029
>>4008
That wasn't my point at all. Just banning circuits before having any of this PoW Brute Force/DoS protection would be pointless as they would immediately continue being disruptive from another circuit.
It's not really comparable to banning IP's which are limited in availability. Maybe back in the day but as far as I know skids don't sit on huge public proxy lists anymore.
Replies: >>4014
da4ae595d231cc1f662152142680d187e0681db938321ee9cdce9d41fc1c33fe.jpg
[Hide] (45.7KB, 700x411)
>>4006
>KIKEflare.com
>its a real website
It's true, Australians are all shitposters.
Replies: >>4015
>>4012
Yeah banning circuits without implementing something like this has limited usefulness. But we are in THE FUTURE now, where its possible to implement such a thing.
SPIN.gif
[Hide] (10.5KB, 128x118)
>>4013
>>4008
>>4010

the temporary solution I've implemented is a separate .onion for moderators, who are the only people who would ever need to login in the first place. 
dos skids want the site unavailable. if they can't have that, wasting *human* time engineering overblown solutions and/or chasing circuits is a good alternative. 

since I've gotten involved, I'm also reviewing jschan's code to see if basic form validation can happen/is happening *before* expensive operations are incurred. 

the attack stopped roughly three hours after I shut his ass up.
ClipboardImage.png
[Hide] (312.8KB, 480x451)
>>4006
>open source bot protection
>Your search for "open source bot protection" returned 0 results

how about some sauce?
Replies: >>4019
>>4017
https://gitgud.io/fatchan/haproxy-protection/
https://gitgud.io/fatchan/haproxy-panel-next/
did you think it was fake or something?
>>4004
>false flag
QRD on what happened? i was gone a few days ago fugg the snootgame aint gonna archive itself

>>4007
why no add a captcha on the login like other sites do

>>4010
what about bunkerized NGINX? i saw some obscure hack forum had this setup instead of buttflare
Replies: >>4035
>>4029
What do you mean by bunkerized nginx? It sounds like adding a bunch of limits and restrictions which is generally the fastest way to unintentionally dos yourself.
[New Reply]
20 replies | 8 files | 10 UIDs
Connecting...
Show Post Actions

Actions:

Captcha:

Select the solid/filled icons
- news - rules - faq -
jschan 1.4.1