Dealing with DDoS attacks on a website your local 1337 #4X0r here to advise the nets on some tactics for DDoS protection without paying for and getting your website's services shadowbanned by cloudflare or google. [cloudflare does not let browsers it doesn't like past bot checks, so it becomes a wall against old browsers with flashplayer and even palemoon sometimes] with that out of the way, say some indian guy at Microcock technical support decides to use his callcenter's server to ddos attack your site because people on your site posted wrongthink and the communists and socialists don't like it, and google and cloudflare jump on board to pay the call center to DDoS you so they can potentially gain another customer to fund the spyware horde "payz us teh protectionz moniez naoz plz, or else! youse sees?" style. in this case you'll have a whole call center running a program which opens your site 1000 times a second in browser tabs. and they may do it in multi hour increments during peak operation times of the day. what do you do? capitulate and buy into the ddos protection racquet? No, simle, you have your server detect the number of users, and when it reaches close to your Max Possible Users (Error 503), you have it suddenly append a bitcoin miner to every page, and include a button to turn it off but only after answering some random multiple choice trivia or passing a simple captcha (the one on this site is fine). A real user will be able to submit a correct response, (this can be stored in a coookie and checked for on the next page load so the bitcoin miner wont run), but bots will be stuck being mined to death. then the indian guy at microcock technical support is shitting bricks because all his monitors just blackscreened because the graphics cards are ded. the end result is the indian guy at microcock technical support starts refusing DDoS jobs. and people stop paying for DDoS protection services. then the spyware vendors lose a huge chunk of thier bottom line suddenly. you may even kill a few of thier Spyware Ais in the process by burning them out. then the internet will be a safer place with more free speech. the whole point is to make the site reactive to abuse, and abbrasive to bots and Ai. there are other methods as well, but the bitcoin method means you actually gain money from the DDoS attacks. that will stop DDoS attackers in thier tracks. |