/tech/ - Technology

Buffer overflow

Posting mode: Reply

Check to confirm you're not a robot
Drawing x size canvas

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom

Expand All Images

(11.34 KB 233x217 thinking-computer.jpeg)
Imageboard protection Anonymous 07/16/2020 (Thu) 09:13:43 [Preview] No. 14263
When creating an imageboard site, how do you:
1. Protect it against severe Layer 7 DDoS attacks (which are far more complicated to fight than the normal Layer 4 attacks because VPS providers only protect against the latter) without relying on Cloudflare shit
2. Protect it against spammers who use a script utilizing a paid captcha solving service, rendering (built-in) captcha protections useless
I've thought about this a long time myself and even asked imageboard software devs themselves but nobody knows an effective solution. I guess Layer 7/application layer DDoS attacks (which use the URL, not the IP) could be prevented by going .onion-only (which means it'll never become a busy site) but that still leaves the spamming problem.

Anonymous 07/16/2020 (Thu) 10:12:59 [Preview] No.14264 del
>but that still leaves the spamming problem
Set TPH limit, captcha per post, wordfilters.
Captcha at meguca is unsolvable by bots and you need to click anime characters.
Don't have /b/, /v/ or /pol/ and also don't have custom board creation.

Anonymous 07/16/2020 (Thu) 16:35:03 [Preview] No.14265 del
>Set TPH limit
You can spam random existing threads.
>captcha per post
See OP.
Random strings can be spammed.

Anonymous 07/19/2020 (Sun) 16:01:57 [Preview] No.14267 del
Websites are the mistake.

Anonymous 07/22/2020 (Wed) 05:56:30 [Preview] No.14273 del
What solution do you propose?

Anonymous 07/24/2020 (Fri) 07:53:32 [Preview] No.14277 del
Older and simpler protocols that don't have the overhead of http, and that are much easier to write clients & servers for, and where those clients & servers can run comfortably on archaic/weak hardware that isn't full botnet garbage with bloated modern cuck OS on top of it.
And something that doesn't fail when connections timeout and host isn't reachable. NNTP is a good example here. You can make batch transfers instead of needing an active connection to a server, and the whole thing is a store & forward network, so even if some servers get DoS'd, the system is still running. The cunts would have to DoS the entire network that's distributed accross many countries and backbones, so they will just waste their time if they try. And there's also the option of doing out-of-band batch transfers (not on the regular network) to mitigate DoS at any particular node. Since the medium is text and it doesn't use much diskspace or bandwidth, you have a lot of options for viable alternative OOB solutions. That way you can keep nodes up-to-date even while they're being DoS'd, and when the cunts switch to DoS'ing a different server, the one they just left can come back online fully ready.

Top | Return | Catalog | Post a reply