Update Regarding DDoS Attack on Steemit.com

in #steemit7 years ago (edited)

Steemit.com has been subjected to a sustained DDoS attack, that brought down the website for several hours last night and into this morning. The Steemit team has been working tirelessly through the night to address the attack and bring services back online.

The outage was unrelated to any recent changes that were applied to Steemit.com. The site has been getting requests on the order of a hundred thousand per second from someone using a botnet spanning throughout dozens of countries.

The DDoS attack only affected the Steemit.com website. The blockchain was unaffected, and other websites that interact with the blockchain remained operational during the attack.

Several changes have been made to mitigate the attack in the short term, and we are working on several improvements that will make the website more robust to these types of attacks in the future.

Steem On.

Team Steemit

Sort:  
There are 2 pages
Pages

attacks are good I guess.. bring it ON..

If we handle it, no pain then no gain. Agreed. Bring them on.

Probly zuckerburg

I [ @openparadigm ]have been saying the same thing, time to go spam Facebook with steemit propaganda!

Haha, yeah, they should be fearing Steemit by now, so it makes a lot of sense ;)

I was think this too :) I see... I am not the only one who think this :)

Zuckerface McTshirt

Tell Mark to Zuck it.

The Steemit Dev team vs botnet army...
a50e5c1c4046969c5cbc2b9c7ea8fb7b8cf35c57742f14d6b3256eda7936f3fb.gif
Maximum effort guys! Kick Sum Ass.

lol. Remarkably close to what was actually going on behind the scenes!

Community Liaison, Steemit

Really appreciate all you do, guys. Top effort today. Have a beer :)

We appreciate that, thanks!

Community Liaison, Steemit

One thing is for sure Steemit is getting noticed and with that comes the idiots who want to cause trouble or worse.

I think its safe to say it won't be the last time someone attempts it, but one thing is for sure they won't break the community spirit that exists here on Steemit and I sure there are many tech specialists on here willing to jump in and help.

On that note, well done to Steemit Team

Yes some competitor or haters.
WE ARE STILL HERE.

It is now down again... ok... I am giving up today.

How'd you comment this then??

I don't like the UI of busy.org maybe I am just used to steemit.com LOL

Have you tried the Esteem app?

Yes, don't like it... and someone told me that esteem will have a portion of your payout if you publish the post using it.

Oh yikes. Thanks for the heads up, now I'm glad I didn't use it! I'm all for sharing, but 50% seems steep.

Well if this would have had much "sentimental" influence, causing sell-off of Steem, I'd be interested in seeing who was loading up this weekend. (Perhaps "SteemPower" helped in this regard). It is said that an arsonist can usually be found among the crowd of onlookers as firefighters labor to minimize destruction. ( tonight I'll dream- Loud beating on my door. Opening to be confronted by Ned and two FBI agents, warrant in hand, lol ) No, seriously I had nothing to do with it.

Or the arsonist is the firefighter :)

Now I'm intrigued!

I used to read true crime and often the perp is an insider.

Bravo! The steemit team are doing a great job. I noticed the difficulty in login, but they really worked hard to resolve it fast.

DdoS is a proof that steemit is getting importance of group of people. Good thing is that steem blockchain is safe and there are alternatives in busy.org, chain.bb and esteem.

If they fight STEEMit, it means they fear it ;-)

Thank you for the report, and yes blockchain is amazing as BeScouted a photography platform on steem blockchain that we connected a few days ago was operating as usual and users were getting their rewards:)

Well, that's something new I didn't know about it, thanks for the info. I will check out, looks interesting.

Its a good thing that we go back online. Steemit team kick some ass of DDoS attackers. Everybody were now having much trust on steemit. They are still standing inspite of the attacks on several fronts.

Kudos @steemitblog for this very informative article. It somehow clear the clouds and all of us were now online and happy.



so what would happen if they decide to do something like ddos witness nodes?

The witnesses are responsible for the stability of their nodes.

There is a limit to what they can do

I agree with you, @timcliff. It was the very first time I witnessed this kind of challenge in steemit. To tell you the truth, the members of my whatsapp group were freaking out. However, some managed to post using busy.org . Personally, I didn't really put up any post, because steemit.com was down. I only used busy.org to respond to comments on my previous blog posts.

and they would have to hit all of them at the same time...
thats the advantage of a decentralised system is it not?

busy.org works... so it's something. but their editor is... meh

The editor is a little strange, isn't it. I actually like the interface for reading and commenting but I couldn't get my post to look quite the way I wanted.

indeed!

Steemit announces SMT's and then a DDoS attack happens... Hmmm.. Coincidence fo sho.

yeah, but why ddos during off peak hours? seems like an amateur move... if I want to disturb someone, I do it during the busiest time of the day... not during the off hours just in time for site to come back up for peak.

Off-peak is someone else's top-peak.

I´m agree with you @Inquiringtimes possible theory

Maybe it was Julian Assange , testing if Steemit is good and secure enough for him :P i saw his post was from 6 Octobre so.

LOL, that would actually be good news :-D

What's the benefit for whoever is doing this? I don't get it.

82785_subitem_full.gif

Thanks for letting us know!
I was worried yesterday - thought it's only me.

muy bien amigos, son un excelente equipo y espero que cada vez sean mas fuertes para que no les vuelvan a atacar la plataforma, porque creo que todos quedamos infartados al ver que estaba caída la plataforma =)

Attacker couldn't afford to DDOS the blockchain - which will only happen very quickly btw since consumption will be too big and the speed it so fast!

What a robust blockchain right there! :D With busy.org and other Steem block explorers standing up during the attack, it only proves how Steem blockchain is not feasible for attacks with its transparency, speed, and rate-limiting. Kudos to steemit team and graphene!

It is satisfactory to know always it brings over of the coomendable work that does the equipment of Steemit, and that united to it ... there is the fact of defending his work neatly and dedication.
In this post there is reflected the permanency and the belonging of a responsible and functional equipment, which has as basic politics to express the mysticism of work, which summarizes the love and the respect that this equipment of Steemit guards him to his labors of office.
Thank you for his responsibility with us the users!
This way we interact insurances in this social network. Henry Calu


Traducción al español:
Es satisfactorio conocer siempre acerca del trabajo loable que hace el equipo de Steemit, y que aunado a eso... está el hecho de defender su trabajo con esmero y dedicación. En este post se refleja la permanencia y la pertenencia de un equipo responsable y funcional, que tiene como política básica de expresar la mística de trabajo, lo cual resume el amor y el respeto que este equipo de Steemit le guarda a sus labores de oficina.
Gracias por su responsabilidad con nosotros los usuarios!
Así interactuamos seguros en esta red social. Henry Calu

Hope those upvote/comment loading times get fixed soon as well. Took me almost 5 minutes just now trying to comment on someone's post, lol...

Yes, I can't transfer as well. Some maintenance is going around I guess.

Thanks for the update

What motive would they have to take Steemit offline?

Could it be someone that is trying to bring the price of STEEM down?

Yes, umm it's called the "war on cash..." and crypto (the people's weaponised money) is our most advanced instrument of freedom humanity has ever seen.

Money has been used as a form of control- explicitly since Nixon.

free flow of capital hurts freedom.

We, the government, can force you to be free.

what is this even supposed to mean

It's good that you won. And you can not do so during the attacks for users somewhere there was an announcement about what exactly was happening? I was very worried because I did not understand what had happened.

Fortunately they didn't attacked busy.org @steemitblog. Thanks for the info!

Can some guys with good research skills try to find out who was behind this?

To Steemit better enhance the capabilities, very soon these numbers will be considered 'normal daily traffic'.

Honourable mentions to @steemit twitter account, who did her absolute best in a challenging day!

Appreciate your hard work!

Makes sense. I thought it might have been my connection last night.

Shared for others!

folks if steemit.com is DDOS use busy.org or esteem

i'm writing this from busy.org - awesome UX/UI

What is busy.org?

Thats what am using right now... you can try it at busy.org and then fix in you posting key or password. Its helpful at this point in time.

another interface using steem blockchain try go there

Well, I'm sure it will produce something positive as a consequence, increasing the endurance of steemit against other attackers...
Thanks for the information, in the meantime seems that busy.org still works without problem...
Steem on

How about a fail mascot? Or at least something other than a 5XX default browser error page? Why not put up a static page on a CDN explaining things and change the DNS to point to that?

I like that idea. Then after it is fixed or while it is being fixed, a promoted page explaining what happened, and when full recovery is expected. I know your all busy, but I think lukes idea is good.

This allows that CDN to replace that page if they are malicious with a login form and steal keys. Do you wish to take that risk?

Also, we use HSTS and they would have to have some valid TLS keys, as well, which would let them MITM traffic even when we aren’t down.

There is a lot of cost/benefit to these sorts of things. We’re just going to focus on not going down in the future.

This allows that CDN to replace that page if they are malicious with a login form and steal keys.

That's a bit paranoid, IMO. You're using Amazon Web Services already, right? Do you trust them? CDN and DNS providers do introduce risk, sure, but that's part of being a professional company on the Internet. If you can't trust your service providers, you have the wrong service providers.

I'm somewhat familiar with the risks. Running FoxyCart for the last 10 years, we've processed over a billion dollars in credit card transactions. There will always be risks when dealing with TLS, you have to trust the service providers you use and be quick to change things if needed. Again, this is part of how the Internet works today. I'm not telling you anything new. You have to trust someone.

If the alternative is your business being offline for 10+ hours... well, just don't miss the forest for the trees.

"Not going down in the future" is quite a tough task. Good luck. I really hope you succeed in that, but given the current structure of the Internet, I find that difficult to do without global redundancy through a major CDN provider.

That which doesn't kill us only makes us stronger!

Oops, sorry guys, had an endless for loop in my bot. I is not the goodest with the codings.

jkjk :)

Did anyone know who is responsible to the attack?

I was noticing the downtime today and was checking github for any issues. I hope we managed to stop the DDoS. Is there a way I can help ? (Technically ?)

Also just wondering whether Cloudflare can help.

You would think to prepare for the worst before it happens, not after. #Logic

So that's what it was... i thought they were making system updates to Steemit.

I must honestly say that does not worry me.

Those type of attack never leave any real damage, and even if they can make a little traffic problem for the server, it never last for long. :)

Thanks for the update. Am just glad... yay... we are back in business.

We're going mainstream now boys!

I had wondered what was going on this morning. Thanks for the update.

There are 2 pages
Pages