Amen

On Thu, Jun 25, 2026, 20:35 Bill Cole <[email protected]> wrote:

> With help from the fine folks at ASF Infra, I've managed to get back into
> our DDoS'd machine which handles all of the Rule QA operations. I've added
> a rather gross but effective stanza to the main script for the ruleqa
> website which assures that no volume of hits on the webserver can so
> overload the machine that it cannot do it's most important work: ingesting
> and analyzing masscheck results and rescoring the ruleset. If you hit it
> when it is being hit too hard by the thousands of IPs used in the attack,
> you will get a page saying that it is offline. This is suboptimal. We live
> in a broken world.
>
> At this moment, after ~2 hours with that in place, the site is
> persistently accessible and the load is low. It looks like the segment of
> the mob which was doing the heaviest hitting has taken a break for now.
> This sort of break had not occurred for over 2 weeks until now.
>
> Please be aware that while this same sort of attack is hitting a lot of
> sites, it is not universal and it is not untargeted. I get a sense that it
> is also not unmonitored as a DDoS, as it does seem that when I've found a
> useful tactic and worked it for a while (e.g. whack-a-mole blocking)
> eventually the new hits just stop coming. As if they've stopped to revise
> their tactics. That sort of lull is present now, after about an hour of
> heavy pounding after I deployed the current defense.
>
>
> --
>  Bill Cole
>  [email protected] or [email protected]
>  (AKA @[email protected] and many *@billmail.scconsult.com addresses)
>  Please keep discussion mailing list replies *on-list*
>  Not Currently Available For Hire
>

Reply via email to