Create accountLogin

Recent searches

No recent searches

Search options

Not available on lingo.lol.
lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Administered by:

Server stats:

64
active users

lingo.lol: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.9

#DDoS

1 post1 participant0 posts today
Public
ltning

Yay! Or maybe AIEEE! Seems like I'm giving a talk at #EuroBSDCon again this year!

Anyone who has been following me here for a while will know I'm a hopeless #retrocomputing nerd, and I will make no attempt at hiding it during my talk:

Dirty Tricks: Using nginx and Lua to thwart bots and skript kiddies

I'll (try to) show how you can protect your #BBS from drive-by portscans and your production systems from #DDoS attacks using all the wrong tools.

Dietary warning: may contain traces of floppies.

https://events.eurobsdcon.org/2025/talk/review/RHDFBQWZEVC833T3WDLDEXYFQVRWJKMN #FreeBSD #BSD #Unix #DOS #RunBSD

pleroma.anduin.netAnduin.net
Public
dercraig

🚀 My new #DDoS book "DDoS: Understanding Real-Life Attacks and Mitigation Strategies" is now also available as an eBook! 🎉

Check it out here: ddos-book.com/

I’ve packed in everything I’ve learned from defending major German government sites against groups like Anonymous, Killnet, and NoName057(16).

It covers mitigations against #AI #crawlers and many other defenses for all network layers.

If you find it useful, I’d love it if you could boost and share to help more people defend themselves. ❤️

Thank you! 🙏

#DDoSProtection#NetworkSecurity#RealWorldDefense
Public
Gytis Repečka

Attention server admins! Yesterday I've read a post by @simon_brooke how nasty AI scraper bots are attacking his self-hosted @forgejo instance. Soon after I'm seeing unusual, periodic traffic spikes on mine and again - dominated by OpenAI, but some other freeloaders too:

20.171.207.41   GPTBot/1.2
85.208.96.211   SemrushBot/7~bl
54.36.148.64    AhrefsBot/7.0
114.119.139.53  PetalBot

With GPTBot and SemrushBot attacking hardest :blobcatscared:

They've been hammering my little server periodically today as well, slowing down my instance dramatically as if I was experiencing malicious DDoS attack :blobcatfearful: Well, in a sense it is one :blobcatnotlikethis:

Watch out - it seems corporate AI techbros learned to scrape :forgejo: content and starts doing it on a massive scale :blobcatoutage: Remember when @Codeberg was (and repeatedly is) hit?

For now blocked IP ranges and User-Agent combinations, not sure for how long that will be enough :blobcatumm:

Please boost for visibility and be prepared!

Dramatic spikes in network traffic observed on my self-hosted Forgejo instance, caused by corporate AI bot scraping
#forgejo#developerlife#coding
Public
jbz

🪆 DDoS incident disrupts internet for thousands in Moscow

「 The attack, first detected on Tuesday, continued into Friday, disrupting ASVT’s mobile app, website and customer accounts. The provider serves mainly large residential complexes, where residents reported being unable to work remotely, pay at local shops using card terminals, or access their buildings due to disabled internet-based intercom systems 」

therecord.media/moscow-interne

therecord.mediaDDoS incident disrupts internet for thousands in MoscowRussian internet service provider ASVT blamed widespread outages on a DDoS incident and attributed it to a pro-Ukraine collective.
#ddos#russia#cybersecurity
Public
Neil Craig

Pretty much the only regions on the planet from which we *don't* see regular volumetric DDOS against www.bbc.co.uk & www.bbc.com is central Africa & the poles.

This is map shows the number of time each country was a DDOS traffic source in the last 30 days (larger circles == more DDOS attacks).

The botnets are really well globally distributed these days (and we typically see thousands or tens of thousands of source IPs per attack - mostly compromised servers).

World map with a red dot of varying sizes on virtually every country. Countries without a red dot are more or less only the central African countries from Senegal/Mauritania on the West coast to Eritrea on the East coast.
#DDOS#InfoSec#BotNet
Replied in thread
Public
Kevin Karhan :verified:

@Npars01 and even then to me this looks more like a "bad" #PR stunt to me.

It's the digital equivalent of kids shooting paintballs at a parked cop car in a monsoon rain and that got only noticed retroactively...

  • I just think it's wasteful to #DDoS @briankrebs 's website because it's only a #blog, he doesn't pay any #ransom, is extremely well protected and outage of it doesn't generate the same public or financial pressure compared to businesses and governmental institutions.

Like even if they had succeeded, what would've been the outcome? Maybe line that reads: "Congrats Kiddo, you just wasted thousands if not millions of dollars worth in Monero just to create an outage of a tiny blog. Go give yourself a star in your exercise book!"

  • Someone just had more money than sense I guess...
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@briankrebs@infosec.exchange TBH, I think #DDoS'ing *your blog* is kinda wasteful beyond *"#BraggingRights"* because it's not only *well protected* but the amount of damage / revenue by #blackmailing they could expect is just zero. - I mean, it shure is a way to get *your attention* but that doesn't mean any #BlackHat should *ask for that*! But there are thousands if not millions of weaker targets they could've attacked. - Seems like the [muggers from Crocodile Dundee](https://www.youtube.com/watch?v=qi0G0b1dNzE) *but dumber* cuz they try to puncture your tires but you're sitting in a tracked tank. Pretty shure had #Google not told you or anyone else you would not have even noticed it.
Replied in thread
Public
Kevin Karhan :verified:

@briankrebs TBH, I think #DDoS'ing your blog is kinda wasteful beyond "#BraggingRights" because it's not only well protected but the amount of damage / revenue by #blackmailing they could expect is just zero.

  • I mean, it shure is a way to get your attention but that doesn't mean any #BlackHat should ask for that!

But there are thousands if not millions of weaker targets they could've attacked.

Pretty shure had #Google not told you or anyone else you would not have even noticed it.

YouTubeThat’s not a knife…THAT’S A KNIFE.” 😅 Crocodile Dun #movies #shortsBy universe of clips
Continued thread
Public
🆘Bill Cole 🇺🇦

Meanwhile at $DAYJOB we have routers being pounded into catatonia by VPN credstuffers on $US-HOSTER and $EU-HOSTER who seem to not have noticed that we want an all-important 2nd factor. (yeah, can't name them. they are who you'd expect)

#InfoSec#DDoS
Public *
AI6YR Ben

Add this to the list of ADDITIONAL REASONS I hate AI.

They're absolutely slamming websites on the Internet so they can suck the contents into their great big training databases.

mastodon.social/@tdp_org/11450

MastodonNeil Craig (@tdp_org@mastodon.social)Attached: 1 image As part of a time-limited trial, yesterday we removed the www.bbc.co.uk & www.bbc.com robots.txt "block" on *one* GenAI crawler. Here's a graph of total daily requests from that 1 GenAI crawler by content-type. You'll note, they've retrieved ~460k web pages in ~16 hours, so a mean of ~28,750 web pages per hour. They'll likely pull ~690k pages today, ~32GB egress. Whilst this is a drop in the ocean versus our other traffic, I can easily see how this could sink a smaller website. #GenAI #WebDev
#AI#LLMs#DDoS
Public *
Andrey DarkCat09

Сервер ддосят с подсетей 47.79.aa.bb и 47.82.cc.dd, они использовали мой инстанс LiteXiv для скрейпинга Pixiv без задержки между запросами и заполнили все доступные порты.

Подсети заблокировал на уровне фаерволла. LiteXiv запустил.

#dc09ru#bots#networking
Public
Epiphyt

After I published a recent article where I showed how to mitigate an accidental DDoS after enabling ActivityPub for WordPress with the Surge plugin, I found an optimization for improved cache handling. Out of the box, there’s a problem with the default configuration since Surge ignores the Accept header.

[…]

epiph.yt/en/blog/2025/optimize

Epiphyt · Surge-Konfiguration für ActivityPub optimieren | EpiphytDas Plugin Surge ignoriert den für ActivityPub wichtigen Accept-Header. Durch eine clevere Lösung kannst du dafür eine eigene Cache-Version bereitstellen.
#ActivityPub#Cache#DDoS
ExploreLive feeds
About