Analysis of a HTTP-based DDoS.

-7,000 different attacking IP addresses.

-20,000+ requests per second.


· · Web · 1 · 2 · 4


Similar to what hit us a few years back. Very simple, very hard to mediate except by blackholing participants, almost all of which were cloud services rented with stolen credit cards. $40 a day apparently.

@amerika do you still have the logs by chance? Would love to see if the attacking IPs are the same if you don't mind sharing.

@dcid @amerika

Sounds like the server was protected. I assume you have some insight into the logs?

Curious if you've noticed an increase in general scans, number of log entries, since the Russia invasion of Ukraine? I didn't do any analysis but just doing maintenances regularly the spam level seemed to increase significantly for us.

@Chrisk @amerika It grew quite a bit when Mastodon became "popular" because of the Twitter acquisition.

We had a few weeks of a lot of traffic & spam accounts, but seems better now.


No, sadly. It was clear that these were temporary sites, either cloud storage or unsecured home machines.

Sign in to participate in the conversation

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the team.