RE: Update Regarding DDoS Attack on Steemit.com by lukestokes

View this thread on: hive.blog | peakd.com | ecency.com

Viewing a response to: @steemitblog/update-regarding-ddos-attack-on-steemit-com

steemit · @lukestokes · Oct 6 '17

How about a <a href="https://busy.org/steemit/@lukestokes/steemit-needs-its-own-mascot-of-failure">fail mascot</a>? Or at least something other than a 5XX default browser error page? Why not put up a static page on a CDN explaining things and change the DNS to point to that?

👍 playfulfoodie

`author`	lukestokes
`permlink`	re-steemitblog-update-regarding-ddos-attack-on-steemit-com-20171006t202124676z
`category`	steemit
`json_metadata`	{"tags":["steemit"],"app":"busy/1.0.0"}
`created`	2017-10-06 20:21:24
`last_update`	2017-10-06 20:21:24
`depth`	1
`children`	3
`last_payout`	2017-10-13 20:21:24
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	275
`author_reputation`	554,601,966,217,919
`root_title`	"Update Regarding DDoS Attack on Steemit.com"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	16,945,286
`net_rshares`	0
`author_curate_reward`	""

properties (23)vote details (1)

voter	weight	wgt%	rshares	pct	time
playfulfoodie	0 B		0	1%

@bashadow · Oct 6 '17

I like that idea. Then after it is fixed or while it is being fixed, a promoted page explaining what happened, and when full recovery is expected. I know your all busy, but I think lukes idea is good.

properties (22)

`author`	bashadow
`permlink`	re-lukestokes-re-steemitblog-update-regarding-ddos-attack-on-steemit-com-20171006t204944081z
`category`	steemit
`json_metadata`	{"tags":["steemit"],"app":"steemit/0.1"}
`created`	2017-10-06 20:49:36
`last_update`	2017-10-06 20:49:36
`depth`	2
`children`	0
`last_payout`	2017-10-13 20:49:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	200
`author_reputation`	100,388,692,638,882
`root_title`	"Update Regarding DDoS Attack on Steemit.com"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	16,946,420
`net_rshares`	0

@sneak · Oct 6 '17

This allows that CDN to replace that page if they are malicious with a login form and steal keys. Do you wish to take that risk?

Also, we use HSTS and they would have to have some valid TLS keys, as well, which would let them MITM traffic even when we aren’t down. 

There is a lot of cost/benefit to these sorts of things. We’re just going to focus on not going down in the future.

properties (22)

`author`	sneak
`permlink`	re-lukestokes-re-steemitblog-update-regarding-ddos-attack-on-steemit-com-20171006t211138622z
`category`	steemit
`json_metadata`	{"tags":["steemit"],"app":"steemit/0.1"}
`created`	2017-10-06 21:11:39
`last_update`	2017-10-06 21:11:39
`depth`	2
`children`	1
`last_payout`	2017-10-13 21:11:39
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.000 HBD
`curator_payout_value`	0.000 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	383
`author_reputation`	28,694,344,106,492
`root_title`	"Update Regarding DDoS Attack on Steemit.com"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	16,947,429
`net_rshares`	0

@lukestokes · Oct 9 '17 (edited)

$0.29

> This allows that CDN to replace that page if they are malicious with a login form and steal keys.

That's a bit paranoid, IMO. You're using Amazon Web Services already, right? Do you trust them? CDN and DNS providers do introduce risk, sure, but that's part of being a professional company on the Internet. If you can't trust your service providers, you have the wrong service providers.

I'm somewhat familiar with the risks. Running FoxyCart for the last 10 years, we've processed over a billion dollars in credit card transactions. There will always be risks when dealing with TLS, you have to trust the service providers you use and be quick to change things if needed. Again, this is part of how the Internet works today. I'm not telling you anything new. You have to trust someone.

If the alternative is your business being offline for 10+ hours... well, just don't miss the forest for the trees.

"Not going down in the future" is quite a tough task. Good luck. I really hope you succeed in that, but given the current structure of the Internet, I find that difficult to do without global redundancy through a major CDN provider.

👍 hilarski, jedau, henrycalu, jessicadunbar

`author`	lukestokes
`permlink`	re-sneak-re-lukestokes-re-steemitblog-update-regarding-ddos-attack-on-steemit-com-20171006t215938224z
`category`	steemit
`json_metadata`	{"tags":["steemit"],"app":"busy/1.0.0"}
`created`	2017-10-06 21:59:36
`last_update`	2017-10-09 15:59:21
`depth`	3
`children`	0
`last_payout`	2017-10-13 21:59:36
`cashout_time`	1969-12-31 23:59:59
`total_payout_value`	0.262 HBD
`curator_payout_value`	0.032 HBD
`pending_payout_value`	0.000 HBD
`promoted`	0.000 HBD
`body_length`	1,139
`author_reputation`	554,601,966,217,919
`root_title`	"Update Regarding DDoS Attack on Steemit.com"
`beneficiaries`	`[]`
`max_accepted_payout`	1,000,000.000 HBD
`percent_hbd`	10,000
`post_id`	16,950,283
`net_rshares`	119,308,639,060
`author_curate_reward`	""

properties (23)vote details (4)

voter	rshares	pct
jedau	39,414,322,186	100%
hilarski	78,265,089,924	17%
jessicadunbar	619,520,000	100%
henrycalu	1,009,706,950	100%