Update Regarding DDoS Attack on Steemit.com

in steemit •  7 months ago

Steemit.com has been subjected to a sustained DDoS attack, that brought down the website for several hours last night and into this morning. The Steemit team has been working tirelessly through the night to address the attack and bring services back online.

The outage was unrelated to any recent changes that were applied to Steemit.com. The site has been getting requests on the order of a hundred thousand per second from someone using a botnet spanning throughout dozens of countries.

The DDoS attack only affected the Steemit.com website. The blockchain was unaffected, and other websites that interact with the blockchain remained operational during the attack.

Several changes have been made to mitigate the attack in the short term, and we are working on several improvements that will make the website more robust to these types of attacks in the future.

Steem On.

Team Steemit

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  Trending
·

what kind of minnow is this?

·
·

Haha, good one!

·
·

Poor servers :(

·
·

hahahahahahahaha :D

·
·
·

is it flying ? xd

·

I think that's not a bird but a yellow butterfly 😂... I'm a genius

·

Hehehe lmao 😂😂

attacks are good I guess.. bring it ON..

·

If we handle it, no pain then no gain. Agreed. Bring them on.

·

I [ @openparadigm ]have been saying the same thing, time to go spam Facebook with steemit propaganda!

·

Haha, yeah, they should be fearing Steemit by now, so it makes a lot of sense ;)

·

I was think this too :) I see... I am not the only one who think this :)

·

Zuckerface McTshirt

·

Tell Mark to Zuck it.

The Steemit Dev team vs botnet army...
a50e5c1c4046969c5cbc2b9c7ea8fb7b8cf35c57742f14d6b3256eda7936f3fb.gif
Maximum effort guys! Kick Sum Ass.

·

lol. Remarkably close to what was actually going on behind the scenes!

Community Liaison, Steemit

Really appreciate all you do, guys. Top effort today. Have a beer :)

·

We appreciate that, thanks!

Community Liaison, Steemit

One thing is for sure Steemit is getting noticed and with that comes the idiots who want to cause trouble or worse.

I think its safe to say it won't be the last time someone attempts it, but one thing is for sure they won't break the community spirit that exists here on Steemit and I sure there are many tech specialists on here willing to jump in and help.

On that note, well done to Steemit Team

·

Yes some competitor or haters.
WE ARE STILL HERE.

It is now down again... ok... I am giving up today.

·

How'd you comment this then??

·
·

I don't like the UI of busy.org maybe I am just used to steemit.com LOL

·
·
·

Have you tried the Esteem app?

·
·
·
·

Yes, don't like it... and someone told me that esteem will have a portion of your payout if you publish the post using it.

·
·
·
·
·

Oh yikes. Thanks for the heads up, now I'm glad I didn't use it! I'm all for sharing, but 50% seems steep.

Well if this would have had much "sentimental" influence, causing sell-off of Steem, I'd be interested in seeing who was loading up this weekend. (Perhaps "SteemPower" helped in this regard). It is said that an arsonist can usually be found among the crowd of onlookers as firefighters labor to minimize destruction. ( tonight I'll dream- Loud beating on my door. Opening to be confronted by Ned and two FBI agents, warrant in hand, lol ) No, seriously I had nothing to do with it.

·

Or the arsonist is the firefighter :)

·
·

Now I'm intrigued!

·
·
·

I used to read true crime and often the perp is an insider.

Bravo! The steemit team are doing a great job. I noticed the difficulty in login, but they really worked hard to resolve it fast.

DdoS is a proof that steemit is getting importance of group of people. Good thing is that steem blockchain is safe and there are alternatives in busy.org, chain.bb and esteem.

If they fight STEEMit, it means they fear it ;-)

Thank you for the report, and yes blockchain is amazing as BeScouted a photography platform on steem blockchain that we connected a few days ago was operating as usual and users were getting their rewards:)

Well, that's something new I didn't know about it, thanks for the info. I will check out, looks interesting.

Its a good thing that we go back online. Steemit team kick some ass of DDoS attackers. Everybody were now having much trust on steemit. They are still standing inspite of the attacks on several fronts.

Kudos @steemitblog for this very informative article. It somehow clear the clouds and all of us were now online and happy.



so what would happen if they decide to do something like ddos witness nodes?

·

The witnesses are responsible for the stability of their nodes.

·
·

There is a limit to what they can do

·
·

I agree with you, @timcliff. It was the very first time I witnessed this kind of challenge in steemit. To tell you the truth, the members of my whatsapp group were freaking out. However, some managed to post using busy.org . Personally, I didn't really put up any post, because steemit.com was down. I only used busy.org to respond to comments on my previous blog posts.

·

and they would have to hit all of them at the same time...
thats the advantage of a decentralised system is it not?

busy.org works... so it's something. but their editor is... meh

·

The editor is a little strange, isn't it. I actually like the interface for reading and commenting but I couldn't get my post to look quite the way I wanted.

·
·

indeed!

Steemit announces SMT's and then a DDoS attack happens... Hmmm.. Coincidence fo sho.

·

yeah, but why ddos during off peak hours? seems like an amateur move... if I want to disturb someone, I do it during the busiest time of the day... not during the off hours just in time for site to come back up for peak.

·
·

Off-peak is someone else's top-peak.

·
·

I´m agree with you @Inquiringtimes possible theory

I hope for the best and it was scary. Hope there are enough white hats helping with Steemit in general.

Thanks for the update

well done guys keep moving .....

What motive would they have to take Steemit offline?

Could it be someone that is trying to bring the price of STEEM down?

·

Yes, umm it's called the "war on cash..." and crypto (the people's weaponised money) is our most advanced instrument of freedom humanity has ever seen.

Money has been used as a form of control- explicitly since Nixon.

·
·

free flow of capital hurts freedom.

·
·
·

We, the government, can force you to be free.

·
·
·
·

what is this even supposed to mean

folks if steemit.com is DDOS use busy.org or esteem

i'm writing this from busy.org - awesome UX/UI

·

What is busy.org?

·
·

Thats what am using right now... you can try it at busy.org and then fix in you posting key or password. Its helpful at this point in time.

·
·

another interface using steem blockchain try go there

Attacker couldn't afford to DDOS the blockchain - which will only happen very quickly btw since consumption will be too big and the speed it so fast!

What a robust blockchain right there! :D With busy.org and other Steem block explorers standing up during the attack, it only proves how Steem blockchain is not feasible for attacks with its transparency, speed, and rate-limiting. Kudos to steemit team and graphene!

Well, I'm sure it will produce something positive as a consequence, increasing the endurance of steemit against other attackers...
Thanks for the information, in the meantime seems that busy.org still works without problem...
Steem on

It's good that you won. And you can not do so during the attacks for users somewhere there was an announcement about what exactly was happening? I was very worried because I did not understand what had happened.

What's the benefit for whoever is doing this? I don't get it.

82785_subitem_full.gif

Fortunately they didn't attacked busy.org @steemitblog. Thanks for the info!

Can some guys with good research skills try to find out who was behind this?

To Steemit better enhance the capabilities, very soon these numbers will be considered 'normal daily traffic'.

Honourable mentions to @steemit twitter account, who did her absolute best in a challenging day!

How about a fail mascot? Or at least something other than a 5XX default browser error page? Why not put up a static page on a CDN explaining things and change the DNS to point to that?

·

I like that idea. Then after it is fixed or while it is being fixed, a promoted page explaining what happened, and when full recovery is expected. I know your all busy, but I think lukes idea is good.

·

This allows that CDN to replace that page if they are malicious with a login form and steal keys. Do you wish to take that risk?

Also, we use HSTS and they would have to have some valid TLS keys, as well, which would let them MITM traffic even when we aren’t down.

There is a lot of cost/benefit to these sorts of things. We’re just going to focus on not going down in the future.

·
·

This allows that CDN to replace that page if they are malicious with a login form and steal keys.

That's a bit paranoid, IMO. You're using Amazon Web Services already, right? Do you trust them? CDN and DNS providers do introduce risk, sure, but that's part of being a professional company on the Internet. If you can't trust your service providers, you have the wrong service providers.

I'm somewhat familiar with the risks. Running FoxyCart for the last 10 years, we've processed over a billion dollars in credit card transactions. There will always be risks when dealing with TLS, you have to trust the service providers you use and be quick to change things if needed. Again, this is part of how the Internet works today. I'm not telling you anything new. You have to trust someone.

If the alternative is your business being offline for 10+ hours... well, just don't miss the forest for the trees.

"Not going down in the future" is quite a tough task. Good luck. I really hope you succeed in that, but given the current structure of the Internet, I find that difficult to do without global redundancy through a major CDN provider.

That which doesn't kill us only makes us stronger!

Oops, sorry guys, had an endless for loop in my bot. I is not the goodest with the codings.

jkjk :)

Did anyone know who is responsible to the attack?

I was noticing the downtime today and was checking github for any issues. I hope we managed to stop the DDoS. Is there a way I can help ? (Technically ?)

Also just wondering whether Cloudflare can help.

You would think to prepare for the worst before it happens, not after. #Logic

So? Any news about the terrible performance of the last 17 days of steemit? Posting, voting commenting, everything goes currently not so smooth

I must honestly say that does not worry me.

Those type of attack never leave any real damage, and even if they can make a little traffic problem for the server, it never last for long. :)

Thanks for the update. Am just glad... yay... we are back in business.

We're going mainstream now boys!

I had wondered what was going on this morning. Thanks for the update.

Brother, I voted for you and me

It is satisfactory to know always it brings over of the coomendable work that does the equipment of Steemit, and that united to it ... there is the fact of defending his work neatly and dedication.
In this post there is reflected the permanency and the belonging of a responsible and functional equipment, which has as basic politics to express the mysticism of work, which summarizes the love and the respect that this equipment of Steemit guards him to his labors of office.
Thank you for his responsibility with us the users!
This way we interact insurances in this social network. Henry Calu


Traducción al español:
Es satisfactorio conocer siempre acerca del trabajo loable que hace el equipo de Steemit, y que aunado a eso... está el hecho de defender su trabajo con esmero y dedicación. En este post se refleja la permanencia y la pertenencia de un equipo responsable y funcional, que tiene como política básica de expresar la mística de trabajo, lo cual resume el amor y el respeto que este equipo de Steemit le guarda a sus labores de oficina.
Gracias por su responsabilidad con nosotros los usuarios!
Así interactuamos seguros en esta red social. Henry Calu

Hmmm... I was wondering why I couldn't access the site the other day! Jeepers!

facebook keep off...steemit is taking over the universe

muy bien amigos, son un excelente equipo y espero que cada vez sean mas fuertes para que no les vuelvan a atacar la plataforma, porque creo que todos quedamos infartados al ver que estaba caída la plataforma =)

Are we safe now? Also what if this was just a trailer of the attacker and he might have more deadly moves! Are we ready for the worst?😈

Sort of good happened :D Interaction with the world is also a good thing to do :D

President Trump is outraged at Mark Zuckerberg's DDoS attack.

Thanks for letting us know!
I was worried yesterday - thought it's only me.

understood

I wonder if it's someone who got banned that caused the DDOS attack.

Well, okay. Haters gonna hate, players gonna play, play on steemit, play on

I don't fully understand. How the blockchain wasn't affected if the blockchain was barely useable and nothing could connect to it? I understand the blockchain survived without data loss, error or being hacked. To say unaffected is a slightly dismissing the serious nature of the attach no? In any case, great work in keeping steemit running and hoping for a stronger than ever recovery..

Glad we're back!!

I'm new to Steemit and did not know exactly what was going on. Glad to hear this was the result of an external factor and not the site itself.

How to stop ddos
Step 1:Don't get ddosed
You're welcome

Congratulations @steemitblog!
Your post was mentioned in the hit parade in the following category:

  • Comments - Ranked 6 with 95 comments

Hope those upvote/comment loading times get fixed soon as well. Took me almost 5 minutes just now trying to comment on someone's post, lol...

·

Yes, I can't transfer as well. Some maintenance is going around I guess.

Appreciate your hard work!

You might want to consider cloudflare. A lot of big sites use them for ddos protection. Pricing seems competitive.

Awkward timing for this & the sign up delay since @steemit 's Twitter account was tweeting Julian Assange about Steemit.

Not sure if the attack is related to trying to woo his attention, but the timing makes it not seem like a completely improbable leap.

Thanks for keeping us in the loop. Much love to those that put their money where their mouth is to keep everything up & running. 😘

We need to build a DDOS resistant website so steemit can have a near 100% uptime

Maybe it was Julian Assange , testing if Steemit is good and secure enough for him :P i saw his post was from 6 Octobre so.

·

LOL, that would actually be good news :-D

Makes sense. I thought it might have been my connection last night.

Shared for others!

Maybe poor servers, I say good servants for all the work in the background to mitigate the attack , as I suspected the blockchain has been Invincible to attack, no information lost or altered ...
Neighbors PowerUp Steamers you're doing a great job thank you
, thanks againn
I would like to read more about the interesting attack, but I find myself lost for days just reading content on here , with Fascination I admire the trending topics that gather so many steam, I especially like the replies and all the amazing points of view that are coming from the collective. The idea that with time and effort a person may eventually withdraw tangible assets from a Blog...
I almost admire the white paper like a Prelude to a new constitution..
Wild Liberty can never be contained ,you have in the first block and chain included the concept of Liberty ,once again I salute you ...
Vigilance is a virtue that I often admire but seldom have the chance to identify, the the vigilants of the cause of steemit r not hidden from my green laser eyes...
Adrift in the too toxic sea of humanity, on the root raft named healing , decades upon Decades of torturously ecstatic trials , often looking into heaven and making this declaration, thank you for the Eternal vigilance protection and direction , I have a vision, and I have begun to open the world to that Vision here , from the scrap yard past experiences I have begun to craft a new vessel " The Mourning After" , a steem punk expanding vessel of Deliverance,
As the prayer says Deliver Us from Evil, and direct us a way from temptation..

Imagine the root raft of healing washing to the shore of transitions, there is a small chain exposed barely visible in the Sands of Futures Past, soul man anchors root to chain exciting servers globally, instantly antiviral healing algorithms are....
Continued
Thanks for reading sharing and caring Steam on

Que bueno que se haya levantado el sitio gracias por informar

So that's what it was... i thought they were making system updates to Steemit.