RE: Steemit: DDoS Attacks - Take it as a compliment
Hello there!
Well this is a meaty reply to get stuck into - had to get a coffee ready first!
There is no way that the current frequency of website (Steemit) inaccessibility, extreme slow down, posts being lost or failing to get accepted unless there are re-submissions, will fail to hurt the branding of Steemit.
I agree, even though we have other UI's pointing at the Steem blockchain, Steemit is the flagship app and is currently synonymous with Steem.
It may not fail to hurt the arrival of new accounts due to our current uniqueness; but let us pray that serious rivals arrive slowly rather than quickly!
Yep! The 1.5 year head-start will count for less with the flagship site on the blink!
Here’s one place to start. I have not experienced any DDos attack effects at various financial institutions, or at various media outlets whose competitors would love to take them down. Beyond my particular experience, I rarely read of these organizations having Ddos attacks that create impacts on their clients’ usage of their websites. So, what are they are doing that Ned is not doing?
I think, but cannot say for sure, is that the issue is with some of our users accounts being hacked and taken over. In some financial institutions and other businesses, there is no account that can access the network, without being on the network.
The issue is the account looks good (its registered, got the right keys, etc) and so it's allowed on - Then you can use this account to flood the network/servers with traffic - until it's finally disabled. Then they need to look for another account, and so it goes on.
This is just my take based on some experience in the past.
Here is another topic. A couple of the other commentators here have mentioned the names of other sites to which one can go when there is trouble at Steemit. So, I am asking whether it is feasible and reasonably affordable to have multiple Steemit ‘nodes’, forcing the DDos attackers to take them all on at the same time
I suspect that this is what is being worked on. So if one environment is being hit, they can switch, leaving the troublesome account on the 'old' env. to be located and disabled.
Again, I'm no expert but this sounds feasible.
As far as i can see, things look better today (fingers crossed) so I really hope we are at the end of this. It's interesting how the alts suddenly sprang up overnight, interesting, or should I say suspicious :)
Thanks for the comments!
Asher
I totally forgot a key point that you made Asher. On a plane trip I met a guy who described himself as a “reformed hacker”, so I asked him to explain to me how is it that hackers are getting into places like the “impregnable Department of X in Great Country Y”.
He carefully explained to me that the hackers have indeed studied the defences of the department and rarely attacked them directly. Instead, they go after the laptops etc. of employees and others who have legal routes into the department’s network, and by one means or another they try to take over these external computers and use them to attack the department.
And you are certainly right that in the case of the banks of which I deal, as soon as you try to login they send personal information back to your screen that both allows you to tell immediately whether or not you have landed in a bad place and raises some new barrier that you have to jump over before you can get into their system. This leads me to wonder whether two factor login (2FA) might be a way to go with Steemit.
I remember seeing a comment here somewhere that 2FA and Blockchain isn't possible. (Yet?) Hence the importance of not using your Owner key.
Cheers for the comments re: the mind of a Hacker.
Asher
Hello Asher!
Go here https://steemit.com/steemit/@ifartrainbows/steemit-com-error-s-reloads-and-more-errors to sense how the bad-branding train could get rolling for Steemit. Let us pray that Ned is anxious to deploy resources to rein in this tiger before it becomes a serious threat to the successful take-off of the SMT project.
In his shoes, i would not hesitate to start selling advert's to get revenue for these fixes. At a minimum, advert. revenue could allow him to service a good-sized bank loan needed to buy high-powered developers or new hardware.
Indeed. Well things have been better the past day or so, let's hope this episode is forgotten soon.