ddos

Getting a new IP address via DHCP from Spectrum Internet

Recently this website's been the target of malicious DDoS attacks.

But after accidentally leaking my home IP address in some network benchmarking clips in a recent YouTube video, the same attacker (I assume) decided to point the DDoS cannon at my home IP.

I have things relatively locked down here—more on homelab security coming soon!—but a DDoS isn't something most residential ISPs take too kindly. So it was time for me to recycle my home IP. Lucky for me, I don't pay for a static IP address. That makes home hosting more annoying sometimes, since I have to deal with tunnels and dynamic DNS, but it also means I can hop to a new IP address if one is under attack.

Getting a new IP address

At least with the DOCSIS 3.1 modem I'm using, the overall process is as follows:

Three DDoS attacks on my personal website

Update: After posting the video yesterday, the site was hit by more low-complexity DDoS attacks, mostly just spamming one URL at a time. After I cleaned those up, the attacker finally switched to a more intelligent offense, posting actual comments to the site overnight. This morning I noticed that, and the fact the attacker found I left my edit domain un-proxied, so I switched to a different IP on DigitalOcean and shored up the Cloudflare configuration a bit more.

It was a good thing I did that, because about the same time, I got an email from DigitalOcean support saying they had to blackhole the other IP for getting 2,279,743 packets/sec of inbound traffic. Sheesh.

After cleaning up a few bits of fallout, the site should be running a bit better at this point, DDoS or no.

Rate limiting requests per IP address in Nginx

Just wanted to post this here, since I've had to do this from time to time, and always had to read through the docs and try to build my own little example of it...

If you're trying to protect an Nginx server from a ton of traffic (especially from a limited number of IP addresses hitting it with possibly DoS or DDoS-type traffic), and don't have any other protection layer in front, you can use limit_req to rate limit requests at whatever rate you choose (over a given time period) for any location on the server.

# Add this to your virtual host config file.
limit_req_zone $binary_remote_addr zone=mylimit:10m rate=10r/s;

# Later, in a `server` block:
server {
    location ~ \.php$ {
        limit_req zone=mylimit;
        ...
    } 
    ...
}

I have had to do this sometimes when I noticed a few bad IPs attacking my servers. You can adjust the rate and zone settings to your liking (the above settings limit requests to any PHP script to 10 per second over a 10 minute period).

I almost got banned from Hacker News

Hacker News frontpage - logged in as geerlingguy

I started submitting my blog posts to Hacker News around 2016, but only ones I thought relevant to the HN community.

Until 2020, I would do this about once a week, and most submissions would fall off /newest within an hour, never to be seen again. But a problem arose (well, 'problem' depends on your perspective 😉): over time, more of my posts started hitting HN's front page.

HN is an interesting community—unlike Reddit, on which most material considered 'self-promotion' is verboten (because so much is spammy resumé-boosting or corporate material), HN encourages genuine self-promotion (at least judging by what hits the front page).