• zoe
      link
      fedilink
      arrow-up
      1
      ·
      10 months ago

      i have a question in mind: are ddos attacks really cheap ? i mean attacking lemmy.world only is kinda pointless, rest of instances need to be attacked too if they want lemmy down, but i am no expert on this subject, so just asking :/

      • folekaule@kbin.social
        link
        fedilink
        arrow-up
        4
        ·
        10 months ago

        We can’t know for sure without knowing the details, but it’s not that expensive according to securelist.com:

        A DDoS attack lasting 10,800 seconds will cost the client $60, or approximately $20 per hour

        • zoe
          link
          fedilink
          arrow-up
          1
          ·
          10 months ago

          best bang for the buck: for the damage it causes, its basically free

      • kool_newt
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        10 months ago

        They are probably quite expensive, I doubt I could afford one. We’re talking about what amounts to (semi-)organized criminal enterprises offering black hat computer services. I’d be shocked if a real large-scale DDOS can be purchased for less than $10k/day. But I have no data.

        • zoe
          link
          fedilink
          arrow-up
          2
          ·
          10 months ago

          according to ur knowledgeable answer, apparently only entities with deep pockets could afford this sort of behaviour, it doesn’t leave much guessing about whichever has this kind of money and has interest in Lemmy being down. also this breaks the myth that users from defederated instances would pursue such attacks (presumably out of spite): they would simply be too poor for this sort of stuff and would be indebted in no time

          • kool_newt
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            10 months ago

            Right, who would have the motive and resources to pay for sustained DDOS attacks against Lemmy servers? Unless the botnet owners themselves have some beef against lemmy.world or something.

            In my first post I said “I have no data”, which is true, but I am a software and systems engineer and do have a bit of knowledge about how these botnets are formed. Somebody has to write successful malware, figure out and execute on a successful and low-risk distrubution method, somebody has to write control software to control the infected computers. Somebody has to run the computers all the bots are calling into, and this computer is at some risk of being identified, unless further efforts to hide are taken. This isn’t something one angry person does on a whim. It is likely lots of work from several people, and because of that, it becomes a service that can be offered to others for a price. And I don’t imagine criminals being low-price leaders.

            • zoe
              link
              fedilink
              arrow-up
              2
              ·
              edit-2
              10 months ago

              criminals being low-price leaders.

              they certainly aren’t.

              also we only count 400k in Lemmy as a whole: which is 0.1% that of the R site user count, and we already getting problems. facking hell