Today, like the past few days, we have had some downtime. Apparently some script kids are enjoying themselves by targeting our server (and others). Sorry for the inconvenience.

Most of these ‘attacks’ are targeted at the database, but some are more ddos-like and can be mitigated by using a CDN. Some other Lemmy servers are using Cloudflare, so we know that works. Therefore we have chosen Cloudflare as CDN / DDOS protection platform for now. We will look into other options, but we needed something to be implemented asap.

For the other attacks, we are using them to investigate and implement measures like rate limiting etc.

    • @[email protected]
      link
      fedilink
      English
      881 year ago

      Nothing. DDoS mitigation is inherently an ISP or someone like cloudflare. You will not have success against anybody who knows what they are doing without their help.

      • PropaGandalf
        link
        fedilink
        English
        -291 year ago

        This is bullshit. Just take this as an example. I found it with one quick search and there are plenty more. Perhaps we should broaden our horizons a little rather than entrusting everything to some corpos.

        • @[email protected]
          link
          fedilink
          English
          661 year ago

          My dude, I think you’re not super familiar with these technologies.

          The most basic form of a content delivery network is a set of globally distributed servers that replicate content from a source of truth and a network to direct traffic to the closest server with a valid replica. So the cost here is servers.

          With Lemmy, this problem is solved by eliminating the need for individuals to own many servers and a lack of need for trust between servers. The effort and cost is distributed among individual humans, making it manageable.

          Now, if you’re familiar with blockchain, you probably perked up when you heard “lack of need for trust.” That’s what the blockchain was built for! Perfect fit, right? Ehh, not so much.

          There’s two problems: acting as a proxy for content requires trust, and some single service needs to direct clients to the right local server. If I can arbitrarily join some network of serving content, I can always tell other servers in the network that I’m serving what they ask… and then serve ads. There’s no (reasonable and fast) way for the network to verify that I’m serving the correct content to every client. There’s no way to avoid the need for trust. Additionally, DNS, which directs you from mysite.com to 120.1.2.1, isn’t intelligent. It can’t direct clients to a geographically (or route-efficient, fucking ISPs) local IP. The best it can do is pick a random one from the pool. So when you go to lemmy.world, DNS can’t pick the correct server for you. So some set of servers needs to do the logic to select which local server to actually get content from. Those servers need to be central for the whole content delivery network.

          This company you linked is just another company using “blockchain” to get investment money. If you read through their page to get a cursory understanding of how things work, an easy question comes up: what is the purpose of media tokens? Sure, maybe you can buy CDN time with it, but when you pay that token to someone providing compute… what do they do with that token? It’s worthless, just like crypto currency. Fucking scams. All that said, blockchain is a super, super interesting technology. There’s just very, very few suitable applications of it.

          I’ve worked in IT for about 12 years now. Everything from infrastructure monitoring to data analysis to data engineering to DevOps to backend engineering to product management. I’ve worked with systems serving tens of users and tens of millions of users. Happy to answer any questions. I love this shit.

          If someone could figure out a trustless, decentralized way to implement a CDN, I’d eat that up in a second, but with my current understanding of the internet and available technologies, I don’t see a way it can work. At least, not with making every web page take >3s to load, which would absolutely kill websites.

          • @[email protected]
            link
            fedilink
            11 year ago

            Two things:

            Isn’t there always trust issues though? Also, could SSL passthrough help in that?

            Instead of CDN for protection, couldn’t a local WAF help solve this too?

          • PropaGandalf
            link
            fedilink
            English
            -41 year ago

            I could a agree with the first part and it does not contradict with the idea of a distributed network for content saving. Think about it this way. Instead of one big local server farm you have multiple small local servers which together form a global network. Now we come to the blockchain. As you pointed out you get these tokens for the CDN time the storage or more generally the server operation costs. Of course the blockchain these tokens are hosted on (Solana) do have to be trustworthy (which in this case they may not be. I don’t like solana that much either). But does that mean that this could not be achieved? It seems logical to me that with a distributed storage and computing network something like this could be achieved very efficiently and cheaply. Heck I’m using a decentralized VPN right now that works with the same principles I mentioned. Or take the Helium network for example? Don’t you see the potential there? Like with all technology these things have to mature but with my understanding they are pretty much doable.

            • Maiznieks
              link
              fedilink
              English
              71 year ago

              Sure, its doable, but if we return to OP issue, is it available and usable now? If there’s a service provider I’d trust to do this, it’s CF, they have a good, solid product and they have not given a reason to doubt their business ethics yet.

              • PropaGandalf
                link
                fedilink
                English
                -141 year ago

                Did I ever say something else? People act as if i had condemned anyone or forced them to choose an alternative. No, for now cloudflare is a solid option but I think that we should consider more open alternatives.

            • @[email protected]
              link
              fedilink
              31 year ago

              They exist sure, but as others have said, there’s still a lot of links in the chain to smooth out. And for a mission critical application like this you’ll always want to chose the most stable offering.

              • PropaGandalf
                link
                fedilink
                -51 year ago

                That’s the first reasonable argument. That’s also why I said that we should stick with cloudflare for now but I’d love to see something more decentralized and open in the future.

    • PropaGandalf
      link
      fedilink
      English
      -611 year ago

      Well for now we’ll have to stick around with cloudflare. I’d just would like to see something managed by a decentralized network. I don’t know if it exists, it’s more of a sentiment or a general idea.

      • @Tibert
        link
        fedilink
        English
        91
        edit-2
        1 year ago

        If you don’t know what a content delivery network is, here : https://www.cloudflare.com/learning/cdn/what-is-a-cdn/

        A CND is very costly to run in an effective way. And because it is an intermediary server between the user and content server, the market is already pretty full. So competing with the CDN giants is practically impossible in a decentralised manner.

        Because of what a CDN does (cache website elements closer to the user, protect the website against ddos…), it cannot be a cheap weak server, or it’s the one which will get overwhelmed by the ddos, or even the users.

        Another limiting factor is that in decentralisation, that means different companies, and so many separate plans to pay, which is just impossible for a company.

        If it was decentralized, a company would have to go and pay 100 different companies (which is more expensive, du to the server costs and each companies having their own staff to may (even if it’s just 1 person per company)) just to offer a quick access to the users around the world, which is just impossible.

        • Muddybulldog
          link
          fedilink
          English
          23
          edit-2
          1 year ago

          A CDN isn’t a great comparison to DDOS mitigations. CDN spreads the load amongst multiple locations that are distinct entities. Any one can be down and the rest functions fine. They generally exist on separate domains and are not inherently codependent.

          DDOS requires an inline solution. A layer acting as a man in the middle to deflect or absorb the traffic destined to Lemmy.world, for example. That’s not something that can be readily be decentralized while there’s only one ingress to Lemmy.world.

        • PropaGandalf
          link
          fedilink
          English
          -41 year ago

          I know well what a CDN is and that’s why I don’t understand why you build a DISTRIBUTED content delivery network on a single corporation. I mean, the whole architecture is based on decentralised servers that precache the content and share the service load. Why not create an independent network that provides this bandwidth and where each node is rewarded according to its contribution? I know blockchain is a term that pisses a lot of people off, but it’s basically the best way to incorporate trust and monetisation into a decentralised system.

      • @[email protected]
        link
        fedilink
        English
        191 year ago

        I think the biggest problem with such services is that they require lots of money to run which means that any well-meaning effort will eventually end up becoming a commercial service.

        • PropaGandalf
          link
          fedilink
          English
          -111 year ago

          …and that’s where the blockchain comes in. This means that the individual contributions of the node operators can be directly recorded and compensated adequately.

            • PropaGandalf
              link
              fedilink
              English
              -61 year ago

              Tell me a good argument why not? How would you reward those people that contribute to said netowork?

              • @[email protected]
                link
                fedilink
                English
                51 year ago

                Tell me a good argument why not?

                The downsides of blockchain / cryptocurrency are well documented at this point.

                • PropaGandalf
                  link
                  fedilink
                  English
                  -5
                  edit-2
                  1 year ago

                  Yeah sure like with centralized solutions and big corpos too. What kind of argument is that?

                  • @[email protected]
                    link
                    fedilink
                    English
                    31 year ago

                    Yeah sure like with centralized solutions and big corpos too.

                    The alternative to big corporations is not blockchain.

                    What kind of argument is that?

                    A better than “…and that’s where the blockchain comes in.”

                    I’m not discussing with a crypto bro about the already well documented downsides. Use a web search engine of your choice to look them up yourself.

      • @[email protected]
        link
        fedilink
        161 year ago

        It’s an interesting question but the knee jerk reaction towards decentralization isn’t always a silver bullet. Bitcoin always screamed that concept while ignoring the role of clearinghouses. Decentralization can actually compound the issue. Not to dispel the solution but good to keep these things in mind.

        • PropaGandalf
          link
          fedilink
          01 year ago

          It isn’t a silver bullet but in this case it is particularly suitable. I mean, the architecture of CDN is decentralised, but all these servers are controlled by ONE company. So why not leave the whole task to an independent network?

      • @[email protected]
        link
        fedilink
        English
        111 year ago

        You’re being down voted, but a p2p cdn is something that sort of already exists. IPFS is probably the most mature. As far as I know, it’d only work for static content though. It’s also an entirely different protocol so you’d have to use some sort of local gateway or plugin to make use of it.

        I have several vms and dedicated servers that I sort of use as a DIY cdn. No where near as spread out or capable as something like cloudflare, but its also not incredibly expensive to do on a small low performance scale. DDOS mitigation is another story though, generally that is best handled by large networks that can soak up the throughput.

        • PropaGandalf
          link
          fedilink
          English
          11 year ago

          Yeah it’s also more of a potential that I wanted to point out. Over the years that I have been involved with blockchain projects, I have developed a feeling for where blockchains and decentralised networks are suitable and where they are not. In this case, however, it seems very feasible to me. In the end, CDNs are nothing more than a server network that caches the data locally and distributes the bandwidth. This is exactly what an independent network could do with the advantage of the blockchain to remunerate the contributions of the individual node operators. But I see that the notion of blockchain triggers a great aversion in most people.

          • @[email protected]
            link
            fedilink
            English
            21 year ago

            I don’t have half the knowledge in IT you have, but i totally agree we should find a solution to seperate from mastadons who owns the whole network.

            It’s very similar to how we shouldn’t give big corpos like GAFAM willingly our data/privacy or our foodchain shouldn’t be controled by a few corpos who serve poison… (the list goes on).

            Most people just don’t care, they have nothing to hide or they won’t die if they eat one cheesburger from McDonald’s a week…

            But in the case of lemmy I think (personal opinion) It’s because it’s easier, simpler, faster to setup right now. I’m sure if they had a better solution to not depend on cloudflare they would chose the other solution.

            I mean your idea seems great, but how long would it take to put it inplace? How many highly qulified people are needed to make it work? How much will it cost…

            I hope that in the long run, lemmy instances are going to find a better solution 😀

            • PropaGandalf
              link
              fedilink
              English
              -11 year ago

              I’m only talking about the long run. For now cloudflare is a solid service. I’d love to see some experental approaches tho maybe from other smaller instances.

      • @[email protected]
        link
        fedilink
        English
        41 year ago

        Wanna know the beauty of Lemmy? If you don’t like how instances are ran you can create your own🙂