T35054 /disc/ Dealing with DDoS attacks on a website

Thread 35054

Age: 23.55d Health: 100% Posters: 3 Posts: 4 Replies: 3 Files: 0

Joshex 29sep2025(mo)20:58 No.105471 OP P1

Dealing with DDoS attacks on a website

your local 1337 #4X0r here to advise the nets on some tactics for DDoS protection without paying for and getting your website's services shadowbanned by cloudflare or google.

[cloudflare does not let browsers it doesn't like past bot checks, so it becomes a wall against old browsers with flashplayer and even palemoon sometimes]

with that out of the way, say some indian guy at Microcock technical support decides to use his callcenter's server to ddos attack your site because people on your site posted wrongthink and the communists and socialists don't like it, and google and cloudflare jump on board to pay the call center to DDoS you so they can potentially gain another customer to fund the spyware horde "payz us teh protectionz moniez naoz plz, or else! youse sees?" style.

in this case you'll have a whole call center running a program which opens your site 1000 times a second in browser tabs. and they may do it in multi hour increments during peak operation times of the day. what do you do?

capitulate and buy into the ddos protection racquet?

No, simle, you have your server detect the number of users, and when it reaches close to your Max Possible Users (Error 503), you have it suddenly append a bitcoin miner to every page, and include a button to turn it off but only after answering some random multiple choice trivia or passing a simple captcha (the one on this site is fine).

A real user will be able to submit a correct response, (this can be stored in a coookie and checked for on the next page load so the bitcoin miner wont run), but bots will be stuck being mined to death.

then the indian guy at microcock technical support is shitting bricks because all his monitors just blackscreened because the graphics cards are ded.

the end result is the indian guy at microcock technical support starts refusing DDoS jobs. and people stop paying for DDoS protection services. then the spyware vendors lose a huge chunk of thier bottom line suddenly. you may even kill a few of thier Spyware Ais in the process by burning them out.

then the internet will be a safer place with more free speech.

the whole point is to make the site reactive to abuse, and abbrasive to bots and Ai. there are other methods as well, but the bitcoin method means you actually gain money from the DDoS attacks. that will stop DDoS attackers in thier tracks.

Anonymous 1oct2025(we)19:36 No.105553 A ~~P2R1~~

At first I thought this was just another schizo spam post.
But it's a rather underrated advice. Thumbs up OP!

TurCrayPig 3oct2025(fr)07:28 No.105566 B ~~P3R2~~

Splendid idea, Joshex. I wish I had time to start and host my own imageboard or something to try your advice, except for mining moneros instead of bitcoins (because moneros can be mined on CPUs as well, thus causing even more damage to DDoSers' machinery, I think)

bumping it

Joshex 14oct2025(tu)23:28 No.105662 OP ~~P4R3~~

Theres also what I call the Sauron technique. but that requires a secondary dedicated machine and a simple program which is always running on it. that secondary machine also needs to have a non-dynamic IP, or have a system where the website can find it's IP (it could be a user that's always online).

essentially, the sauron technique is a reverse ddos, it detects the IP addresses of the attackers who have more than X active connections and sends a websocket message to your Sauron machine, which then sends a billion useless pings and DGRAM messages to the attacker's IP address, thus DDoSing them and freeing up your site to normal traffic. "I see you, now F- Off!" style.

this method is more complicated but has the benefit in that it can target bots that have no script parsing (so they evade a bitcoin miner method)