Amen On Thu, Jun 25, 2026, 20:35 Bill Cole <[email protected]> wrote:
> With help from the fine folks at ASF Infra, I've managed to get back into > our DDoS'd machine which handles all of the Rule QA operations. I've added > a rather gross but effective stanza to the main script for the ruleqa > website which assures that no volume of hits on the webserver can so > overload the machine that it cannot do it's most important work: ingesting > and analyzing masscheck results and rescoring the ruleset. If you hit it > when it is being hit too hard by the thousands of IPs used in the attack, > you will get a page saying that it is offline. This is suboptimal. We live > in a broken world. > > At this moment, after ~2 hours with that in place, the site is > persistently accessible and the load is low. It looks like the segment of > the mob which was doing the heaviest hitting has taken a break for now. > This sort of break had not occurred for over 2 weeks until now. > > Please be aware that while this same sort of attack is hitting a lot of > sites, it is not universal and it is not untargeted. I get a sense that it > is also not unmonitored as a DDoS, as it does seem that when I've found a > useful tactic and worked it for a while (e.g. whack-a-mole blocking) > eventually the new hits just stop coming. As if they've stopped to revise > their tactics. That sort of lull is present now, after about an hour of > heavy pounding after I deployed the current defense. > > > -- > Bill Cole > [email protected] or [email protected] > (AKA @[email protected] and many *@billmail.scconsult.com addresses) > Please keep discussion mailing list replies *on-list* > Not Currently Available For Hire >
