Email or username:

Password:

Forgot your password?
Eugen Rochko

mastodon.social, mastodon.online and joinmastodon.org were hit by a DDoS yesterday, thankfully joinmastodon.org was already behind Fastly so it didn't have any impact on it. We've now moved mastodon.online behind Fastly and will do the same with mastodon.social soon.

78 comments
David Pollak

@Gargron thank you for all you’re doing 🙏🏽

Trolli Schmittlauch 🦥

@Gargron Re-centralisation ;)

Okay, half of the Mastodon instances are running at Hetzner, we're already at clustered infrastructure anyways.

฿@🅂εD͓̽:parrot:

@Gargron Make sure you prevent spoofing…

Drop any incoming Fastly-Client-IP stuff coming in to fastly from external as per this page: developer.fastly.com/reference

Drop any incoming X-Forwarded-For stuff coming in to fastly from external as per this page: developer.fastly.com/reference

Mr. Funk E. Dude

@Gargron is there an expected downtime when switching to Fastly??

Malintent

@Gargron Thank you for your continued hard work!!

Nordicwolf

@Gargron it was only a matter of time or? Assume the worst, and proactively prepare ahead...

Larry Smith

@Gargron
Attacking open source is definitely attacking a moving target.

Marcus

@Gargron Were there any demands made? Any logical reason for it? Or just a bunch of script kiddies screwing around for the heck of it? Did Elon discover LOIC/HOIC? 😛

Karl-Heinz Zimmer

@Gargron
Thank you so much for the good work, Eugen. 👍

Wenyan

@Gargron Are there some forces want mastodon to be silent?

Yahia Lababidi

@Gargron Thanks, for update. Is Mindly safe(r), now ?

kkeller

@Gargron are you allowed to discuss the nature of the attack (e.g., the client IPs, whether a person or group is suspected, other possibly relevant info)?

zaitcev

@Gargron I'm extremely happy that an alternative to the monopoly of Cloudflare was found and I hope very much that it works for you.

luckysitsinback

@Gargron

love you smarties.
smart for us who ain't.

星辰宇宙中的sine(备考中的限定仙女)

@Gargron 我说我怎么昨天上午什么东西发不出来,还以为周柏豪定律呢,结果我这个站点被DOS攻击了。

Jacob Russell

@Gargron May I ask what Fastly offers over Cloudflare? Curious what the benefit is over the big player.

Scott Ellison II

@Gargron Let me know if you have any issues or want help with that migration.

Leon Cowle

@Gargron @stroughtonsmith As the Fastly SME at my company, I’m excited to see how Fastly is partnering with Mastodon! (More than just what’s mentioned below).

Albrecht

@Gargron Please fix IPv6 connectivity. 😢

Karen E. Lund 💙💛

@Gargron I had a little trouble earlier, so I guess this explains it. The price of success for Mastodon, I suppose.

Thanks for taking steps to prevent future attacks.

RealSolo

@Gargron I see those Musk fanboys are at it again.

Yeri

@Gargron any specific reason you picked fastly over cloudflare ?

basisbit 🦈🇪🇺🇺🇦

@Gargron How do you cover the increase in costs caused by this? Any plans to on-demand deliver static files (media) from a cheap server acting as reverse-proxy, and only switch to pulling that content through expensive fastly during time of overload?
I do something similar for a big image hosting website and it saves them a lot of money at acceptable tradeoff.

Might be worth it to extend the resilience of Mastodon endpoints for the whole community and establish best practices.. 🥺

@Gargron How do you cover the increase in costs caused by this? Any plans to on-demand deliver static files (media) from a cheap server acting as reverse-proxy, and only switch to pulling that content through expensive fastly during time of overload?
I do something similar for a big image hosting website and it saves them a lot of money at acceptable tradeoff.

cookednick

@Gargron Why are multiple instances being run by the same org? Isn't this supposed to be decentralized? Seems precarious.

Benjamin Young Savage (ᐱᓐᒋᐱᓐ)

@Gargron thank you!

I have a mastodon.social support question, where is the best way to send that?

Rafael Pérez :verify:

@Gargron Who would DDOS something like a Mastodon instance? Idiots.

Nemo_bis 🌈

@Gargron Remember to update the #privacy policy to tell #MastodonSocial users about the transfer of personal data towards the USA, as per #GDPR and #SchremsII.
gdprhub.eu/Article_44_GDPR

Michael Vilain

@Gargron I'd be really interested in the technical discussion of this outage. If you blog about the postmortem on it, please post a link.

Lisa

@Gargron It appears it may have happened Wed late eve-Thurs early morn as well.

🌻🐇vista🕊️

@Gargron going to buy Fastly stock to backup Mastodon 😁

MusicTraveler

@Gargron 🤷🏻‍♀️ The “good” news of this attack is that it shows that Mastodon seems already important enough to spend time and energy for attacking it.

Soon Twitter will be forgotten and people start to realize that Mastodon 🥰 will be a much better and relaxed alternative
#GoMastodon #SupportMastodon #MastodonTheBetterAlternative #MastodonIsEasyToUse #BoycottTwitter #BoycottTesla #InsaneMusk #DictatorMusk #RussiaLoverElonMusk #TwitterIsDestroyingOurDemocracy

Abandoned America

@Gargron looks like two nights in a row. I'm sorry it is happening but I'm not going anywhere. They can slow the system down but they can't win back the people they lost

Neil A. Evans

@Gargron weird how these DDoS attacks are suddenly happening, makes you wonder just how scared the traditional socials that rely on stealing your data really are.

Neil Craig

@Gargron Not sure if you get any support from Fastly and/or are already aware of it but they offer support for OSS communities via fastly.com/fast-forward which may be worth a look if you've not already.

Christian "Schepp" Schaefer

@Gargron hey Eugen, hättest Du Lust, Mal bei uns im workingdraft.de/ Podcast über Mastodon zu erzählen? Wir sind ein Web Entwickler Podcast mit Schwerpunkt Frontend, reden aber sehr gerne auch über artverwandte Themen.

Jojanneke van den Bosch

@Gargron Thanks for taking care of this. Very much appreciated.

Rafał Wyrzykowski :polarbear:

@Gargron Why can't I see all interactions under toots? When I open toot in a non-logged in browser I see more boosts added to favorites and comments.

Warcabbit/Firestone

@Gargron
It appears not to have been a DDOS as much as someone using DO to set up some badly configured instances. Reported it to them and it should have gone away sometime after 9 am yesterday.
Hope that helped!

Eugen Rochko

@WarcabbitFS Can you provide more details on that? I’m not sure it was that.

Warcabbit/Firestone

@Gargron Honesly, not really, just reported it to someone I know at DO, they went over and told infosec, and Infosec said that's what they found.

7%

@Gargron 长毛象CEO说最近平台受到攻击,请问,您觉得最有动机去攻击长毛象的,是——

EJ Schenck

@Gargron just saying… our firm has been working with @cloudflare for quite some time and they’re absolutely amazing.

Go Up