# DDoS Protection for the future



## 2ndVenus (Mar 4, 2011)

Some level of protection is needed, else this is going to happen infinitely, as DDoS attacks are so simple to perform. Does anyone have method ideas?

I can think of only a few (which probably arent any good) so here's a coupla suggestions.

*Download Number limit*
Limit of 3 downloads per IP/Mac Address to stop the possibility of thousands of connection attempts from the same network. In other words if a user tries to load more than 3 pages at the same time, they would be delayed heavily until previous data has completed downloading. If 3 images are being dowloaded, they must wait until theyre finished loading before the next 3 load.

*Automatic Temporary IP/Mac address banning* upon the attempt to access over X pages, per 1 to 10 seconds.


----------



## Volkodav (Mar 4, 2011)

I'm someone who middle-clicks links when someone comments on my art [middle click opens link in a new tab] and this would be a PITA.


----------



## LizardKing (Mar 4, 2011)

If someone like Mastercard can get DDoS'd, what makes you think FA can do any better? We have neither the equipment nor the funding.

Actually maybe the equipment if there was someone with the correct expertise there to manage this stuff 24/7 and seriously look into it full time (which there isn't). I don't know how effective it can be.


----------



## 2ndVenus (Mar 4, 2011)

Clayton said:


> I'm someone who middle-clicks links when someone comments on my art [middle click opens link in a new tab] and this would be a PITA.


 
Yeah i do the same, but i can put up with a small wait if its a good protection method for FA. Downloading 100 flash movies at the same time though i dont believe is very wise of FA to allow, its a connection crippler.


DDoS Deflate is a script that can help stop small DDoS attacks. As for the more large scale ones, i have no experience there.


----------



## Volkodav (Mar 4, 2011)

2ndVenus said:


> Yeah i do the same, but i can put up with a small wait if its a good protection method for FA. Downloading 100 flash movies at the same time though i dont believe is very wise of FA to allow, its a connection crippler.


 
Also, people fuck FA over by using refreshing sites.


----------



## Smelge (Mar 4, 2011)

If you wanted to do that, you could just implement a Captcha if you want to download something.


----------



## LizardKing (Mar 4, 2011)

FYI, I recall someone saying they were targeting the router, not the site. Implementing download limits and such wont help in any way.

Edit:


			
				#furaffinity said:
			
		

> [15:46] <Lockdown> They are specificaly ddosing our router


----------



## Smelge (Mar 4, 2011)

LizardKing said:


> FYI, I recall someone saying they were targeting the router, not the site. Implementing download limits and such wont help in any way.


 
But adding captchas to download links would annoy people, which makes it a win/win situation in my books.


----------



## LizardKing (Mar 4, 2011)

Smelge said:


> But adding captchas to download links would annoy people, which makes it a win/win situation in my books.


 
It would certainly make people a bit more choosy. Adding a CAPTCHA to +fav would be even more funny.


----------



## dinosaurdammit (Mar 4, 2011)

LizardKing said:


> It would certainly make people a bit more choosy. Adding a CAPTCHA to +fav would be even more funny.


 
Putting in more obstacles to prevent furries from getting their pornz quickly? ARE YOU MAD! :V


----------



## Smelge (Mar 4, 2011)

LizardKing said:


> It would certainly make people a bit more choosy. Adding a CAPTCHA to +fav would be even more funny.


 Nah. It would just stop people bothering. Putting it on downloads means if someone wants it, they have to jump through a hoop to get it.


----------



## starfox246 (Mar 4, 2011)

man i hate these DdoS attacks i hope 2 see them fixed soon


----------



## LizardKing (Mar 4, 2011)

Oh. It's you.


----------



## Aden (Mar 4, 2011)

starfox246 said:


> man i hate these DdoS attacks i hope 2 see them fixed soon


 
Thank you for your contribution.


----------



## Ben (Mar 4, 2011)

Aden said:


> Thank you for your contribution.


 
Aden, will you fix my terrorist attacks? I think a few screws came loose on the bottom.


----------



## Arshes Nei (Mar 4, 2011)

I know it's off topic and might come off as an insult but I honestly thought that the avatar was a face, and not a belly x.x;;;


----------



## LizardKing (Mar 4, 2011)

Arshes Nei said:


> I know it's off topic and might come off as an insult but I honestly thought that the avatar was a face, and not a belly x.x;;;


 
You are not alone :c


----------



## ravewulf (Mar 4, 2011)

Smelge said:


> If you wanted to do that, you could just implement a Captcha if you want to download something.


 
Using the download link is no different than loading images in fullview. I would suggest that using Captcha to access every single page is a very bad idea.

Additionally, downloads are not the problem with ddos attacks, the number of connections (in general, not specifically accessing any data) is the problem.

http://www.cert.org/homeusers/ddos.html


----------



## Ozriel (Mar 4, 2011)

There are a few sites other than FA being DDoSed at this moment, and one of them is an anime site.


----------



## CR-V (Mar 4, 2011)

E621 was down until recently as well. Could be that /b/ got /b/ored so they started yet another shitty "Operation Fursecution"?


----------



## CannonFodder (Mar 4, 2011)

CR-V said:


> E621 was down until recently as well. Could be that /b/ got /b/ored so they started yet another shitty "Operation Fursecution"?


 There is no such thing as fursecution.
Also ever hear of a thing called "furry friday"?


----------



## Eevee (Mar 4, 2011)

2ndVenus said:


> *Download Number limit*
> Limit of 3 downloads per IP/Mac Address





2ndVenus said:


> *Automatic Temporary IP/Mac address banning*


The first *D* in *D*DoS is for "distributed", i.e., _many_ many machines hammering you at once.  If it were as simple as blocking a handful of IPs, a sysadmin could do it manually during an attack.

Even if you could block every possible attacker, if the attack is strong enough, your equipment could get overloaded just from looking at all the packets and deciding to ignore them.


----------



## Kobalt_Silverstar (Mar 4, 2011)

The only "probable" way the admin can cease a DDoS attack directly is to start blacklisting the attacking computers. Then, you can't just simply start denying connections or else you run into major usage issues and deny a lot of valid clients, defeating the purpose of even hosting the site to begin with. Added to that, the blacklisting and scanning process requires significant processing power, rendering the previous actions null-and-void. Problem is, there are so many potential legitimate users of the site who might have the malware that causes the attack installed on their computer without knowing it. The REAL solution would be if everyone scanned their computers for malware and viruses regularly, and switched off their connections when not in use. Until then there are limited choices to preventing this because of the simple fact that the distribution of a DDoS attack is so widespread and typically spoofs the IP addresses.

TLDR: The only way to prevent DDoS attacks is to administer a solution client-side.


----------



## LawrenceXVIII (Mar 4, 2011)

Damn DDos :/


----------



## Kardas (Mar 4, 2011)

So does anyone here know how to launch a DDoS attack?  Why not hit 4chan, lulz, and something awful?


----------



## LizardKing (Mar 4, 2011)

Kardas said:


> So does anyone here know how to launch a DDoS attack?  Why not hit 4chan, lulz, and something awful?


 
Get out.


----------



## CR-V (Mar 4, 2011)

Kardas said:


> So does anyone here know how to launch a DDoS attack?  Why not hit 4chan, lulz, and something awful?



Got two answers for you:
1. Retaliation won't solve shit. Get out.
2. It's unlikely lulz is behind this. They're wondering about the issue as well, aside from few retards who encourage the DDoS attack that's going on.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Kardas said:


> So does anyone here know how to launch a DDoS attack?  Why not hit 4chan, lulz, and something awful?


 
The last thing the internet needs is more no-life hackers taking up bandwidth with their petty games.


----------



## Kardas (Mar 4, 2011)

A retaliation attack won't stop what's happening to FA, but it'll keep them from bragging about it.


----------



## LizardKing (Mar 4, 2011)

Kardas said:


> A retaliation attack won't stop what's happening to FA, but it'll keep them from bragging about it.


 
Yeah and what happens when they take down FAF too? What's to say it's even them doing this? Do you _want_ to give them even more reasons to break stuff?

What, exactly, would be the fucking _point?_ Some petty revenge against 'furry haters'? Grow up.


----------



## Kayla-La (Mar 4, 2011)

Kardas said:


> A retaliation attack won't stop what's happening to FA, but it'll keep them from bragging about it.


 
No. Not even a little.


----------



## coyoteOdin (Mar 4, 2011)

2ndVenus said:


> *Download Number limit*
> Limit of 3 downloads per IP/Mac Address to stop the possibility of thousands of connection attempts from the same network. In other words if a user tries to load more than 3 pages at the same time, they would be delayed heavily until previous data has completed downloading. If 3 images are being dowloaded, they must wait until theyre finished loading before the next 3 load.
> .


I think it's a good idea! It is true I think - may be better to set a maximum limit of 4 pages (not 3)?

 In any case, doing something right. Protection against DDoS attacks is absolutely necessary! Is vital! And then the third day I can not enter the website, all the time, wrote "the connection was reset" :-(

PS Sorry for possible typos in my post. I just do not know very well English.


----------



## Kardas (Mar 4, 2011)

LizardKing said:


> What, exactly, would be the fucking _point?_ Some petty revenge against 'furry haters'?


 
It'll prevent trolls from thriving in their natural habitat, at least for a short while, and that's a good thing regardless of justification.



LizardKing said:


> Grow up.



At least I'm thinking outside the box instead of just playing victim.


----------



## LizardKing (Mar 4, 2011)

Kardas said:


> It'll prevent trolls from thriving in their natural habitat, at least for a short while, and that's a good thing regardless of justification.



No, what you're suggesting is kicking a nest of bees because one of them stung you. It's stupid and pointless and will only hurt you further.



Kardas said:


> At least I'm thinking outside the box instead of just playing victim.



Yeah you show those bees who's boss. I'm sure that'll work.


----------



## CR-V (Mar 4, 2011)

Kardas said:


> It'll prevent trolls from thriving in their natural habitat, at least for a short while, and that's a good thing regardless of justification.
> 
> 
> 
> At least I'm thinking outside the box instead of just playing victim.



No. It won't help a single bit, it will only make them keep doing it.


----------



## Kardas (Mar 4, 2011)

LizardKing said:


> No, what you're doing is kicking a nest of bees because one of them stung you. It's stupid and pointless and will only hurt you further.



More like setting the nest of bees on fire after they've already stung you a few times.  Actually, what specifically I'm doing is more like _trying to get someone else_ to set the nest of bees on fire.



LizardKing said:


> Yeah you show those bees who's boss. I'm sure that'll work.


 
Sure, if it works they'll be gone until next summer.



CR-V said:


> No. It won't help a single bit, it will only make them keep doing it.


 
Yeah, it wasn't much of an idea, it's just the first thing to pop into my head while browsing topics related to FA's connection errors.


----------



## Ben (Mar 4, 2011)

Kardas said:


> At least I'm thinking outside the box instead of just playing victim.


 
Unless you're literally outside, enjoying what the world has to offer, then I'm afraid that just isn't the case. Why would you even consider attacking Something Awful? They don't organize raids or attacks, unless you consider changing Austin's Waste Department to be called "The Fred Durst Society of the Humanities and Arts" an attack.


----------



## Gizgiz (Mar 4, 2011)

About the download limits, seems like there already is something like that in place. Quickly opening a bunch of tabs usually results in a few 503 error pages. Not specificly download limits but some request/second limit... i think o.o


----------



## Ozriel (Mar 4, 2011)

Kardas said:


> It'll prevent trolls from thriving in their natural habitat, at least for a short while, and that's a good thing regardless of justification.
> 
> 
> 
> At least I'm thinking outside the box instead of just playing victim.


 
You are swimming in a river of Jellyfish. The more you try to do something about the infestation, the more you will get stung.

No matter, it does not solve a thing at this point and the only thing we can do is let the admins do their job.


----------



## LizardKing (Mar 4, 2011)

Kardas said:


> [stuff]



Why do you try and argue your point and then admit to a second person that it wasn't much of an idea? You can't have it both ways (although you _are_ a fox).


----------



## Armaetus (Mar 4, 2011)

@Venus: I don't think the first option is gonna help very much at all, and remember it's not always "trolls" doing damage, could just be random mix of hackers and other people choosing targets at random. I'm sure some non-furry sites are being affected by the DDoS as well.


----------



## Kardas (Mar 4, 2011)

Ben said:


> Why would you even consider attacking Something Awful? They don't organize raids or attacks.


 
Because it's a second home for the swarm.


----------



## Ben (Mar 4, 2011)

Kardas said:


> Because it's a second home for the swarm.


 
What on earth are you even talking about. They rarely ever even discuss furries on there. What is going on, I don't.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Kardas said:


> Blah, blah, blah



Server's back up, you may now return to your normally scheduled fapping program.


----------



## Kardas (Mar 4, 2011)

LizardKing said:


> Why do you try and argue your point and then admit to a second person that it wasn't much of an idea? You can't have it both ways



Because CR-V pointed out what's wrong with the idea without outright mocking it.  If someone points out that an idea of mine is stupid, I can accept it.  If someone _tells_ me the idea is stupid, my first impulse is to defend it.  I'm wrong in the head.



LizardKing said:


> (although you _are_ a fox).


 
Indeed.


----------



## LizardKing (Mar 4, 2011)

Kardas said:


> Because it's a second home for the swarm.


 
Your ideas are terrible beyond all comprehension.

I give up.


----------



## Ozriel (Mar 4, 2011)

Ben said:


> What on earth are you even talking about. They rarely ever even discuss furries on there. What is going on, I don't.


 
Two words: Blue balls.



Kardas said:


> Because CR-V pointed out what's wrong with the idea without outright mocking it.  If someone points out that an idea of mine is stupid, I can accept it.  If someone _tells_ me the idea is stupid, my first impulse is to defend it.  I'm wrong in the head.


 
Then you should know than an "Attack" like that would provoke them to more attacks like this and make it even worse.
Like I had stated earlier, there are a few non-furry sites under attack from a DDoS, so we aren't special.


----------



## Kardas (Mar 4, 2011)

Ben said:


> What on earth are you even talking about. They rarely ever even discuss furries on there. What is going on, I don't.


 
Those 4channers are going to go somewhere, and they're more likely to take over an existing (if more benign) trollhouse than to build a new site from scratch.



Kobalt_Silverstar said:


> Server's back up, you may now return to your normally scheduled fapping program.


 
Actually I was just going to check my messages, and it would appear that I don't have any.  Other furries seem to be taking it a lot harder than I have been, and seeing the suggestion of download limits (which would be even less effective than reactionary DDoS attacks; I.E. they wouldn't stop or prevent DDoSs against FA and wouldn't even piss off the right people) prompted me to voice my own useless ideas.

But thank you for showing such concern for my sexual well-being.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Kardas said:


> thank you for showing such concern for my sexual well-being.


 
Not a problem, I'm glad to see that others know just how much I care. :3


----------



## Kardas (Mar 4, 2011)

LizardKing said:


> Your ideas are terrible beyond all comprehension.
> 
> I give up.


 
Yes, they are!  I deal with insects using either swords or fire depending on which is more feasible given the situation, my idea of dieting and exercise it literal starvation and over-exertion, and I respond to seeing glitter on my skin by scraping it off with a knife.  None of those things are smart or even safe, but those are all ideas that I used to stand up for.  Mock something I do and I'll stick by it, I don't know why I do it.  I actually thought of retaliation as a valid solution until I read CR-V's comment.

Let me reiterate: I'm wrong in the head.  I can't see how ridiculous my ideas are until someone is polite about it.



Zeke Shadowfyre said:


> Then you should know than an "Attack" like that would provoke them to more attacks like this and make it even worse.
> Like I had stated earlier, there are a few non-furry sites under attack from a DDoS, so we aren't special.


 
I didn't say furries were the only ones being attacked, what I said was that someone should indiscriminately attack known troll hangouts.


----------



## Aden (Mar 4, 2011)

*Kardas*: Going to have to ask you to desist your conspiring to raid another website. We do not allow that here. If you keep going I'm going to have to take action.

:U


----------



## Kardas (Mar 4, 2011)

Aden said:


> *Kardas*: Going to have to ask you to desist your conspiring to raid another website. We do not allow that here. If you keep going I'm going to have to take action.
> 
> :U


 
Alright, I'm done.


----------



## Bobskunk (Mar 4, 2011)

Kardas you're making assertions about how things are and how things will be but they're based on little more than what you think should be the case.  "Clearly, LULZ AND 4CHAN AND SOMETHING AWFUL DOT COM are behind this!"  "Clearly, DDOSING THESE SITES BACK is a good idea!"  "No, this isn't like sticking my penis in a hornet's nest, this is like COATING IT IN GASOLINE WHICH WILL EQUAL A LOT OF DEAD TROLLS AND HORNETS"

everything you're saying is categorically false and it's scarily like the wet dream of revenge of some nerd who's been pushed around.  They are unworkable, because they are your coping mechanism.  Whoever is doing it is not doing it under the banner of any of those sites, DDOSing those sites will make matters worse for everyone, and..  God, that last one.  So goddamn dumb.

Your name seems familiar.  Aren't you some kind of objectivist?


----------



## Kardas (Mar 4, 2011)

Bobskunk said:


> Kardas you're making assertions about how things are and how things will be but they're based on little more than what you think should be the case.  "Clearly, LULZ AND 4CHAN AND SOMETHING AWFUL DOT COM are behind this!"  "Clearly, DDOSING THESE SITES BACK is a good idea!"
> 
> Hey, I never said lulz, 4chan, and something awful were behind it.  I just don't like trolls.
> 
> ...


----------



## Xenke (Mar 4, 2011)

I'm pretty sure it's already been said, but really I think more pressing matters need to be attended to before we even consider DDoS protection.



Kardas said:


> Hey, I never said lulz, 4chan, and something awful were behind it.  I just don't like trolls.
> 
> Nah, burning a hornet's nest won't kill them directly.  It just renders them homeless; they either join another nest, violently take over another nest, build a new nest somewhere else, or fly around aimlessly until dying.  Either way it'll fuck with them and likely make them someone else's problem.
> 
> ...


 
Oh shut up already.


----------



## Kardas (Mar 4, 2011)

Xenke said:


> Oh shut up already.


 
Bite me.


----------



## Jameless (Mar 4, 2011)

so everyone just went waaaay off topic.... for all we know this could be some person who got banned from FA and is computer savy.... and has a lot of computers... and can fly..... and has donuts. 






... ayep


----------



## Ozriel (Mar 4, 2011)

Jameless said:


> so everyone just went waaaay off topic.... for all we know this could be some person who got banned from FA and is computer savy.... and has a lot of computers... and can fly..... and has donuts.
> 
> 
> 
> ...


 
I was thinking the same thing too.


----------



## Xenke (Mar 4, 2011)

Kardas said:


> Bite me.



I would say I don't bite children, but holy fuck you're apparently 21. Act your fucking age.



Kobalt_Silverstar said:


> [/IMG]


 
Yea, don't do that.



Jameless said:


> so everyone just went waaaay off topic.... for all we know this could be some person who got banned from FA and is computer savy.... and has a lot of computers... and can fly..... and has donuts.
> 
> ... ayep


 
No one who gets banned off FA even cares that much.


----------



## Ozriel (Mar 4, 2011)

Xenke said:


> No one who gets banned off FA even cares that much.


 
I dunno. There are some furs that would like to get back at "Teh ebil Nazi Warlord Dragoneer" out there. :V


----------



## Xenke (Mar 4, 2011)

Zeke Shadowfyre said:


> I dunno. There are some furs that would like to get back at "Teh ebil Nazi Warlord Dragoneer" out there. :V


 
I'm pretty sure they just go to SF or Inkbunny and join the ranks of people who think that FA is made of trolls. :V


----------



## dinosaurdammit (Mar 4, 2011)

Zeke Shadowfyre said:


> I dunno. There are some furs that would like to get back at "Teh ebil Nazi Warlord Dragoneer" out there. :V


 
I can think of three according to ED. All three could die in a fire or be mauled by land dwelling orcas for all I care. I doubt though that is the three I am thinking of because all seem too stupid to function at life much less crash a system.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Xenke said:


> Yea, don't do that.



Haters gonna hate.


----------



## Xenke (Mar 4, 2011)

Kobalt_Silverstar said:


> Haters gonna hate.


 
More of... these forums have rules, follow them.


----------



## Ozriel (Mar 4, 2011)

Kobalt_Silverstar said:


> Haters gonna hate.



Technically it is infractable, but I went easy on you.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Zeke Shadowfyre said:


> Technically it is infractable, but I went easy on you.


 

Yeah, thanks.  I read the rules.


----------



## Jameless (Mar 4, 2011)

Xenke said:


> No one who gets banned off FA even cares that much.


 
Actually I've seen a few poeple who really REALLY cared waaaay too much.

I remember one person got banned about 5 times for creating multiple accounts after being banned the first time and then said something about if they got banned again they'd try to take down the site.

It's doubtful that this particular person was smart enough to do anything but type and click their mouse though.


----------



## Kardas (Mar 4, 2011)

Xenke said:


> I would say I don't bite children, but holy fuck you're apparently 21. Act your fucking age.



I'm 21.  I can drink.  Reassess your comment.

As for who might actually be behind this, I've met numerous self-proclaimed tech-savvy furs who flatout told me that since they think they know more about web design and security than 'neer, they're going to gather some friends and hack the site to perform unwanted nonconsensual upgrades just because they can.  I doubt those threats ever went anywhere, but there are furries crazier than me who claim to be hackers with father-knows-best syndrome.


----------



## Jameless (Mar 4, 2011)

Kardas said:


> As for who might actually be behind this, I've met numerous self-proclaimed tech-savvy furs who flatout told me that since they think they know more about web design and security than 'neer, they're going to gather some friends and hack the site to perform unwanted nonconsensual upgrades just because they can. I doubt those threats ever went anywhere, but there are furries crazier than me who claim to be hackers with father-knows-best syndrome.


 
Yeah I know most of the retaliation is bullshit, but I'm sure one or two people are capable of it in reality.

Those people probably wouldn't be stupid enough to tell everyone about it though.


----------



## Xenke (Mar 4, 2011)

Kardas said:


> I'm 21.  I can drink.  Reassess your comment.


 
Is that supposed to impress me, or convince me that you're mature?


----------



## Gavrill (Mar 4, 2011)

Please don't turn this into a retard fight, Kardas. Just ignore them, dude. Eventually they get bored. They're fishing for reactions (assuming it was SA), and you're giving them EXACTLY what they want. :1

Edit: Wordpress was attacked?

Well Kardas just got booked up to _supertard._


----------



## BRN (Mar 4, 2011)

Kardas is retarded.

This _thread_ is retarded.

You can protect against a DoS attack. But you can't with a DDoS - it's the extra D that makes it so unstoppable.


----------



## Teobryn (Mar 4, 2011)

Hello.

I just wanted to reply about the DDoS problem, and maybe submit some ideas that had already been experienced since I didn't find who run the FA server, or on which Operating System it's running.

I searched the internet about protection against DDoS, and found out that there were different type of DDoS attack, at least two :

- one using XML/DTD, here I'm refering to this page

- another one which seems (as far as I know) to be the one targeting FA
It consists in sending multiple TCP package, half-opening connections and overloading the attacked server. Refering to this page for Unix servers, but in french so i'll try to explain the general idea :

Their first idea is a how to detect these attack : by looking how much SYN request there is, if there's a large amount of SYN request (much more than the usual average number of request of connection to the site) it's probably due to an attack.

Then, Mr Bilbeau suggest some ideas to reduce the effect of these attack.

The first is, by modifying Linux kernel (core), to drop the connection request if the server don't receive the ACK confirmation. (See this page for explanation about how a connection is established between a client and a server)

Then he suggest to set the maximum number of request for a connection without client ACK to 1024 (default for computer with more than 128 Mo RAM) and to look if every package come to the server through the right interface.

BUT
I don't know if it can be of any use if the DDoS targets the router.

I guess it's possible to filter the connection request on a router, but I only did it during practical work (included in my Computer Science training) and it was on a local linux server which we had to configure as a router while other computer were acting like client or server. So I don't know how to do it on a FAI router.


Also, I don't intend to put fuel on the flames but​
About blocking ip from which the request are sent :
- In case of DoS, the obvious choice for the hacker would be to use one, or more, proxy server to launch his attack, making him untraceable
- In case of Distributed DoS, blocking the ip would maybe block FA users infected with the bot used in the attack. And I don't think FA users wants to be ip-banned because they were infected with a DoS bot.

About sending DoS attack to the attacker :
- It won't be a solution since in case of DDoS, the owner of the computer which send the request might not be the one launching the attack, but just a lambda guy who have been infected with a bot.
- If the attacker use DoS attack and use proxy, you would attack the proxy, not the hacker.

Anyway, sorry for the looong reply.
I hope these ideas will help FA admin, and the attack will soon definitely stop.


----------



## Gavrill (Mar 4, 2011)

SIX said:


> it's the extra D that makes it so unstoppable.


Why did I find this hilarious? :1


----------



## Kardas (Mar 4, 2011)

Jameless said:


> Yeah I know most of the retaliation is bullshit, but I'm sure one or two people are capable of it in reality.
> 
> Those people probably wouldn't be stupid enough to tell everyone about it though.



Yeah, discussing your epic plans of revenge with absolute strangers is a compensation for not having enough balls and/or brain power to actually do it (I would know).  As many people have randomly told me their epic plans of code-raping FA though, I have to wonder how many are out there who could/would actually try.



Xenke said:


> Is that supposed to impress me, or convince me that you're mature?


 
Neither, I'm just pointing out that you said "act your age" to somebody whose age allows him to start the day by pouring vodka into a glass of pepsi.



Skift said:


> Please don't turn this into a retard fight, Kardas. Just ignore them, dude. Eventually they get bored. They're fishing for reactions (assuming it was SA), and you're giving them EXACTLY what they want. :1



Actually my entire justification for trying to incite an attack against 4chan, lulz, and SA was "fuck those guys."  If someone believed they were behind DDoSing FA, then some furries could feel better about it, and it'd be a two birds with one stone situation.



Skift said:


> Edit: Wordpress was attacked?
> 
> Well Kardas just got booked up to _supertard._


 
Wait, what does Wordpress have to do with how retarded I am?


----------



## Gavrill (Mar 4, 2011)

Kardas said:


> Actually my entire justification for trying to incite an attack against 4chan, lulz, and SA was "fuck those guys."  If someone believed they were behind DDoSing FA, then some furries could feel better about it, and it'd be a two birds with one stone situation.


"I shall show you my staggering indifference."


> Wait, what does Wordpress have to do with how retarded I am?


 Because Wordpress has nothing to do with furries. So why would people attack that _and_ FA?


----------



## Xenke (Mar 4, 2011)

Kardas said:


> Neither, I'm just pointing out that you said "act your age" to somebody whose age allows him to start the day by pouring vodka into a glass of pepsi.


 
Oh, I see. You're just pointing out something I already knew.

Well then, my point still stands: act your fucking age.


----------



## Arshes Nei (Mar 4, 2011)

Ok let's lay some things down here.

If you don't know what DDoS is please refrain from commenting on solutions.

Please stop with the conspiracy theory and "whodunnits" those continuing the bickering can be banned, not just by me but the moderators of this forum.


----------



## 2ndVenus (Mar 4, 2011)

Yes i would appreciate if the last 4 pages weren't you guys arguing which can be done through IM, and was being helpful and constructive to the topic. We're looking for solutions, take it outside.

On topic, You could slow these guys down and prevent most of their antics by MAC address banning any address trying to connect to FA X many times per so many seconds.
it would be a pain in the arse for them to keep switching MAC addresses via router or whatever, slowing them down to a chore-some boredom.


----------



## Aden (Mar 4, 2011)

2ndVenus said:


> On topic, You could slow these guys down and prevent most of their antics by MAC address banning any address trying to connect to FA X many times per so many seconds.
> it would be a pain in the arse for them to keep switching MAC addresses via router or whatever, slowing them down to a chore-some boredom.


 
I regularly open all my messages/submissions in background tabs - that's like 30 to 60 new tabs in 20 seconds.
:T


----------



## Kobalt_Silverstar (Mar 4, 2011)

2ndVenus said:


> You could slow these guys down and prevent most of their antics by MAC address banning any address trying to connect to FA X many times per so many seconds.
> it would be a pain in the arse for them to keep switching MAC addresses via router or whatever, slowing them down to a chore-some boredom.


 

The server still has to check the incoming connection requests. This alone is still enough to wreck the bandwidth and server capacity. Also, what if you as a client had the DDoS malware installed on your computer and you didn't even know it?


----------



## 2ndVenus (Mar 4, 2011)

*Kardas, take it elsewhere, nobody else cares*



Aden said:


> I regularly open all my messages/submissions in background tabs - that's like 30 to 60 new tabs in 20 seconds.
> :T


 
A lot of us do that, but thats not *anywhere near* the scale of a DDoS attack. Could be over 100,000 connection requests per second, depends on the servers ability to handle so many requests.


----------



## LizardKing (Mar 4, 2011)

2ndVenus said:


> On topic, You could slow these guys down and prevent most of their antics by MAC address banning any address trying to connect to FA X many times per so many seconds.
> it would be a pain in the arse for them to keep switching MAC addresses via router or whatever, slowing them down to a chore-some boredom.


 
1) The MAC address is not used at all (excluding IPv6, which is unlikely to be an issue at present)
2) Depending on the scale of the attack and how many separate originating machines there are, it may be similar in frequency to a standard user
3) It adds extra workload on the router
4) That information can be forged
5) If there's enough data coming through, it doesn't matter how much filtering you do anyway

Something like that.


----------



## 2ndVenus (Mar 4, 2011)

Mhmm, as i say im not really experienced on it, just throwing out ideas. 
You would think by now some programmer would have made an anti-ddos program for the banks (after their attack) and cashed in on it big time.


----------



## LizardKing (Mar 4, 2011)

2ndVenus said:


> Mhmm, as i say im not really experienced on it, just throwing out ideas.
> You would think by now some programmer would have made an anti-ddos program for the banks (after their attack) and cashed in on it big time.


 
Were it as easy as that, I've no doubt it would've been invented and implemented years ago.

Even if you had some magical router that knew exactly what packets to ignore and what were genuine, there'd still be bandwidth issues to deal with.


----------



## Kobalt_Silverstar (Mar 4, 2011)

I think this whole thread was pretty much worthless from the get-go. The only way to stop DDoS attacks server-side is to out-class the attacker's army of computers with increased server capacity and bandwidth. The community which supports the website isn't willing to contribute that much. Insufficient funds means you have to strip the bells and whistles.


----------



## LizardKing (Mar 4, 2011)

Kobalt_Silverstar said:


> I think this whole thread was pretty much worthless from the get-go. The only way to stop DDoS attacks server-side is to out-class the attacker's army of computers with increased server capacity and bandwidth. The community which supports the website isn't willing to contribute that much. Insufficient funds means you have to strip the bells and whistles.



This. 

The best DDoS protection is to not give them a reason to do it :V


----------



## Xenke (Mar 4, 2011)

LizardKing said:


> This.
> 
> The best DDoS protection is to not give them a reason to do it :V


 
But all we're doing is having furpr0n. :C

Also, I don't think there is anything on the internet that doesn't warrant a DDoS from some group of people. :V


----------



## 2ndVenus (Mar 4, 2011)

Purchasing $1000's worth of server and equipment shouldnt have to be a result of this. With them having messed with the banks in the past i smell a large lawsuit inbound. There's got to be a stopping force to this eventually, and right now theyre pissing off the biggest of the biggest.

Symbolically, dont tip over rhino's  tip over cows.


----------



## coyoteOdin (Mar 4, 2011)

I believe that at least some protection is needed ...

 Again the site is unavailable :-(

 504 Gateway Time-out :-(

 've also finally come to an end this nightmare? :-(


----------



## Xenke (Mar 4, 2011)

2ndVenus said:


> Purchasing $1000's worth of server and equipment


 
We already have a ton of that laying around here. :/


----------



## Kobalt_Silverstar (Mar 4, 2011)

Really I think what would be a great solution is if they added a client-side HTTP fix that adds a cooldown timer to requests. There's no reason why a computer should have the ability to send out several requests per second anyway. They should tone it down to like 500ms per request, per application or something.


----------



## 2ndVenus (Mar 4, 2011)

LizardKing said:


> This.
> 
> The best DDoS protection is to not give them a reason to do it :V


 
Unfortunately were in the biggest Fur website in the world, and there are always going to be extremists against the whole furry subject.
We just need to find a way to turn the Servers into Fortresses.


----------



## Xenke (Mar 4, 2011)

2ndVenus said:


> Unfortunately were in the biggest Fur website in the world, and there are always going to be extremists against the whole furry subject.
> We just need to find a way to turn the Servers into Fortresses.


 
Really, we need to invest time and money into fixing the site's code before we focus on keeping it up.


----------



## Wolf-Bone (Mar 4, 2011)

2ndVenus said:


> Unfortunately were in the biggest Fur website in the world, and there are always going to be extremists against the whole furry subject.
> We just need to find a way to turn the Servers into Fortresses.


 
You know, I'm have a really, really bad fucking day, and you're just begging me to take it out on you right now with that bullshit. Assuming it's because of some "extremists" against furries specifically just because this is a furry site would be like me saying it's happened minutes after I've posted art twice in a row because someone's out to get me personally. They do it BECAUSE THEY CAN, not because furries are the most hated subculture in the world and because I'm the most hated person in that subculture.


----------



## Bobskunk (Mar 4, 2011)

2ndVenus said:


> Unfortunately were in the biggest Fur website in the world, and there are always going to be extremists against the whole furry subject.
> We just need to find a way to turn the Servers into Fortresses.


 
stop fucking up
start fixing holes
problem solved

edit: it's not because furaffinity is furry (that's a bonus but not the reason) or because it's popular, it's because it's easy and because of prevailing attitudes on the part of staff

people have stopped giving a shit about furry since like 2008.  back then, sure, "any furry" could be a target.  now to suffer some sort of wrath from random people on the internet, you pretty much have to do something really stupid or else nobody will care.  just like anyone else on the internet.



Kobalt_Silverstar said:


> Still though, it would be better to have a slightly broken site with a lower percentage downtime than a really nice site which has higher downtime rates. More downtime leads to a lot of potential profit loss, and also results in a lot more client loss than the earlier scenario. Even then it's still the choice between attack or attack since lacking code leads to more vulnerability to hacking. It really depends how the staff wants to cut their losses I guess. In the end, like I said before, the only way to fix the problem is to improve financial income and also improve staffing.


 
quality vs. resilience/uptime are not mutually exclusive, and in fact a poorly coded site will incur more security problems and maintenance than a well coded site.  put in terms of yet another car analogy: a 1988 Hyundai Accent will spend more time in the shop than a 2000 Honda Civic because one is simply better constructed than the other.  And that's assuming that both cars are being taken care of, _ceteris paribus_.  If the Hyundai is only taken to the mechanic when the engine catches on fire, the gulf between the two vehicles is even greater.


----------



## Kobalt_Silverstar (Mar 4, 2011)

Xenke said:


> Really, we need to invest time and money into fixing the site's code before we focus on keeping it up.



Still though, it would be better to have a slightly broken site with a lower percentage downtime than a really nice site which has higher downtime rates. More downtime leads to a lot of potential profit loss, and also results in a lot more client loss than the earlier scenario. Even then it's still the choice between attack or attack since lacking code leads to more vulnerability to hacking. It really depends how the staff wants to cut their losses I guess. In the end, like I said before, the only way to fix the problem is to improve financial income and also improve staffing.


----------



## 2ndVenus (Mar 4, 2011)

Wolf-Bone said:


> You know, I'm have a really, really bad fucking day, and you're just begging me to take it out on you right now with that bullshit. Assuming it's because of some "extremists" against furries specifically just because this is a furry site would be like me saying it's happened minutes after I've posted art twice in a row because someone's out to get me personally. They do it BECAUSE THEY CAN, not because furries are the most hated subculture in the world and because I'm the most hated person in that subculture.


 
I'm not saying this DDoS attack from extremists, but thats a possibility. I'v no idea why you should feel hated, but there's extremism to just about anything, to think otherwise is dellusional.
I'v been unfortunate to deal with a few myself.

Yes others do it because they can. So what is this anger you supposedly want to put on me for?


----------



## Xenke (Mar 4, 2011)

Kobalt_Silverstar said:


> Still though, it would be better to have a slightly broken site with a lower percentage downtime than a really nice site which has higher downtime rates. More downtime leads to a lot of potential profit loss, and also results in a lot more client loss than the earlier scenario. Even then it's still the choice between attack or attack since lacking code leads to more vulnerability to hacking. It really depends how the staff wants to cut their losses I guess. In the end, like I said before, the only way to fix the problem is to improve financial income and also improve staffing.


 
The thing is, holes in the code are constant (without fixing), while the DDoS attacks are not. Further more, exploits in site code can be far more devastation than downtime.


----------



## KerotheFox (Mar 4, 2011)

Teobryn said:


> Hello.
> 
> I just wanted to reply about the DDoS problem, and maybe submit some ideas that had already been experienced since I didn't find who run the FA server, or on which Operating System it's running.
> 
> ...


 
This is a very good point and well researched :3


----------



## Wolf-Bone (Mar 4, 2011)

2ndVenus said:


> I'm not saying this DDoS attack from extremists, but thats a possibility. I'v no idea why you should feel hated, but there's extremism to just about anything, to think otherwise is dellusional.
> I'v been unfortunate to deal with a few myself.
> 
> Yes others do it because they can. So what is this anger you supposedly want to put on me for?


 
I'm *not*, that's the fucking *point*. If I thought that, it'd be about as dumb as what you think. Even considering the possibility is stupid because it's pretty fucking irrelevant don't you think?


----------



## Kobalt_Silverstar (Mar 4, 2011)

Xenke said:


> The thing is, holes in the code are constant (without fixing), while the DDoS attacks are not. Further more, exploits in site code can be far more devastation than downtime.


 
So in short, FurAffinity desperately needs to expand their business venture in order to accommodate the increase in "interest" of the site.


----------



## 2ndVenus (Mar 4, 2011)

Wolf-Bone i just dont make any sense out of what youre trying to say.

Well iv brought up the topic and had my say and thats all i wanted to do, like always to the drama i dont know what most of you are even talking about, and my short visit to the forums is complete. L8r!


----------



## Kobalt_Silverstar (Mar 4, 2011)

Also, I hope that all of this malicious activity is being filed with the proper authorities. The best thing that can be done to help prevent the DDoS is to pursue the attacker and try to find them. If we had a really good white-hatter they could probably track down one of the remote DDoS clients and trace it back to the issuer of the attacks.


----------



## Wolf-Bone (Mar 4, 2011)

2ndVenus said:


> Wolf-Bone i just dont make any sense out of what youre trying to say.
> 
> Well iv brought up the topic and had my say and thats all i wanted to do, like always to the drama i dont know what most of you are even talking about, and my short visit to the forums is complete. L8r!


 
Funny how a lot of people conveniently never understand what you're talking about when you're talking about the same thing they were talking about, just saying it was stupid.


----------



## Bobskunk (Mar 4, 2011)

Kobalt_Silverstar said:


> Also, I hope that all of this malicious activity is being filed with the proper authorities. The best thing that can be done to help prevent the DDoS is to pursue the attacker and try to find them. If we had a really good white-hatter they could probably track down one of the remote DDoS clients and trace it back to the issuer of the attacks.


 
hey, they had plenty of good white-hatters to choose from practically begging to help
all of them were turned away except for a 13 year old kid from the dominican republic, lol


----------



## Pikitsune (Mar 4, 2011)

Talking about DDoS.
Somehow get on the subject of bees for a page.

Stay classy FAF, as little as I post here, I love what I find every single time I come to lurk.


----------



## VoidBat (Mar 4, 2011)

DDoS attacks can change pattern and strategy several times, so as many other users have said, there is no such thing as a "simple fix". 
In these cases it's all about waiting for the attacking part to get so bold that it makes a mistake/gets careless. With courage comes vanity.


----------



## Firehazard (Mar 4, 2011)

Kobalt_Silverstar said:


> Also, I hope that all of this malicious activity is being filed with the proper authorities. The best thing that can be done to help prevent the DDoS is to pursue the attacker and try to find them. If we had a really good white-hatter they could probably track down one of the remote DDoS clients and trace it back to the issuer of the attacks.


 
I'm not sure DDoS attacks are even traceable. If they were, armies of wannabe hackers wouldn't be so eager to do it. As it is, I've lost track of all the sites that have been the victims of multi-day-long attacks. Between that and the kinds of high-powered groups that have fallen victim to them, my guess is that they're just straight-up unpreventable and untraceable, and the only thing anyone can ever do about them is hope the perpetrators get bored of it quickly.


----------



## Volkodav (Mar 4, 2011)

Kardas said:


> So does anyone here know how to launch a DDoS attack?  Why not hit 4chan, lulz, and something awful?


 
An eye for an eye makes the whole world blind and gets FA hacked


----------



## wollypegger (Mar 5, 2011)

The only way to defeat the attackers is to use their tactics against them. But not with attacking them, but by providing a backbone for webservers in which you get access to the website via a local gateway 'close' to where you are at. If there's 250 ways to get to the website, that's 250 access points which have to be attacked to get to the website.


----------



## Ozriel (Mar 5, 2011)

wollypegger said:


> The only way to defeat the attackers is to use their tactics against them. But not with attacking them, but by providing a backbone for webservers in which you get access to the website via a local gateway 'close' to where you are at. If there's 250 ways to get to the website, that's 250 access points which have to be attacked to get to the website.


 
Reminder, this is not an /i/ board/forum. 
Anyone continues to suggest DDoSing other sites will have their accounts "taken care of".


----------



## Bambi (Mar 5, 2011)

Glaice said:


> @Venus: I don't think the first option is gonna help very much at all, and remember it's not always "trolls" doing damage, could just be random mix of hackers and other people choosing targets at random. I'm sure some non-furry sites are being affected by the DDoS as well.


You know, I've been hearing from a lot of other people that there's more than FA that's being affected. It's almost like several websites as a whole. 

@Thread: So, they're DDoSing the router; but why exactly that? And how do we know that this isn't some fallout from another attack elsewhere, and not something that's been specifically directed?


----------



## HatchlingByHeart (Mar 5, 2011)

No amount of DDoS protection will help if the attacker is able to gain control of more and more botnets, it's simply a case of who has more bandwidth.

Edit: and WTF Bambi, your signature link that says "Relevant: Shit Posting" is link to one of my submissions.
Gee... everyone is sooooo nice here. -_-


----------



## Bambi (Mar 5, 2011)

HatchlingByHeart said:


> No amount of DDoS protection will help if the attacker is able to gain control of more and more botnets, it's simply a case of who has more bandwidth.


And whose more vulnerable.



HatchlingByHeart said:


> Edit: and WTF Bambi, your signature link that says "Relevant: Shit Posting" is link to one of my submissions.
> Gee... everyone is sooooo nice here. -_-


I realize that having the intelligence of a teenager isn't very becoming of me.

 So, don't worry about your concern, because I addressed it in good heart.


----------



## HatchlingByHeart (Mar 5, 2011)

Bambi said:


> I realize that having the intelligence of a teenager isn't very becoming of me.
> 
> So, don't worry about your concern, because I addressed it in good heart.


 
Thanks. ^^


----------



## Accountability (Mar 6, 2011)

Kobalt_Silverstar said:


> More downtime leads to a lot of potential profit loss


 This entire site leads to potential profit loss. Ads are a flat fee of $20/month. Advertisers are practically stealing from Dragoneer as it is.

Why does anyone care where the DDoS is/was coming from? If it was coming from 4chan, do you really think pointing your finger at them and saying "STOP IT!!!!" would stop anything? No, it would not.

You know what the best way for an end-user to respond to a DDoS attack is? Doing nothing. The site will come back eventually. Stop worrying about who's responsible and go about your life.

Also, again, the government's not going to care. The "authorities" have a lot better things to worry about than some porn site going offline for a few hours.


----------



## HatchlingByHeart (Mar 19, 2011)

Accountability said:


> Also, again, the government's not going to care. The "authorities" have a lot better things to worry about than some porn site going offline for a few hours.


 
Amen to that. Because of the distributed nature of a DDoS attack, they have a harder time finding out who's behind a DDoS then they do finding out who's behind a murder case that happened 20 years ago.


----------



## Deo (Mar 19, 2011)

HatchlingByHeart said:


> Edit: and WTF Bambi, your signature link that says "Relevant: Shit Posting" is link to one of my submissions.
> Gee... everyone is sooooo nice here. -_-


 Whining will only encourage us.


----------

