# 2021 DDoS Issue



## Null (Jun 30, 2021)

Yes hello we're being ddosed and it sucks because I can keep the forum up but not the sister services unless I figure out what to do about this homosexuality. This post will be technical (to the best of my ability, I am a retard) so if you don't care you don't have to read this (but it's going to be expensive so pls gib crypto).




The attack looks like this. When this is happening, the switch/router (CCR1016-12G) CPUs slam to 100%. Routing stops and management becomes hard to deal with. I'm trying to look into a way to deal with this but I'm having difficulties. I believe it's a TCP/SYN flood that works not through bandwidth saturation but by trolling the device.

We need to upgrade our line to a 10Gbps anyways. I'm putting in an order for a second 1Gbps line but that's not what I want long term. The CCR1016 does not have 10Gbps ports.

So I'm looking for is a 10Gbps solution. I am told that at 10Gbps I will need a switch and a router. Suggest idiot-proof hardware.
I'm also looking for advice on how to shape traffic so that I can always access the router. 

A 10Gbps line is pretty fucking expensive ($750/mo god damn). I'm willing to splash out of the silver fund if it's going to work long term but this is the last thing I can really afford before there's problems.

The upside is, once we have 10Gbps and the new device (FINALLY coming in this week) we can set up a PeerTube instance and do video hosting. Exciting times.


----------



## Ultima Ratio Regum (Jun 30, 2021)

10-4. Shekels are on the way and should be arriving shortly.


----------



## TheBest (Jun 30, 2021)

God bless the Kiwifarms, if there is a sale I might pitch in.


----------



## Jones McCann (Jun 30, 2021)

Transexuality and it's consequences have been a disaster for the internet race.


----------



## Joe Swanson (Jun 30, 2021)

I'll give you all my shitcoins from brave later jersh, it's not like I was using them for anything else


----------



## Moral Decay (Jun 30, 2021)

I only have a like 20 cents in BAT, but I'll thrown 'em your way. Thanks for dealing with this shit, Josh

e: lol i'm too poor. I'll contribute Soon I'm retarded, take my 15 cents


----------



## Resident Evil (Jun 30, 2021)

The DDoSers are ugly, fat, and I personally would not have intercourse with them.


----------



## Hackallier (Jun 30, 2021)

Keep up the fight. The possible PeerTube instance would be lit.


----------



## Pope Negro Joe the XIIIth (Jun 30, 2021)

You'd think that these DDOS morons would figure out that every time they do this we get better stuff and more abilities to have fun that they'll be mad about.


----------



## DogZero (Jun 30, 2021)

I guess it was pretty stupid of me to try to make an account on the kiwi fediverse right when this was going on. Still waiting for my email. No worries, I know this whole shitshow is effecting everything.
Video hosting sounds like it could be really cool. I wonder if you would have any interest in taking up the mantle of liveleak, or maybe that would be too controversial.


----------



## Lawrence of Algeria (Jun 30, 2021)

They must be spending all their HRT money on the DDOS. And then they'll beg for donations as usual (and get doxxed because they give their PayPal link with full name)


----------



## TheBest (Jun 30, 2021)

Pope Negro Joe the XIIIth said:


> You'd think that these DDOS morons would figure out that every time they do this we get better stuff and more abilities to have fun that they'll be mad about.


We are very adaptable to autism


----------



## Smug Cat (Jun 30, 2021)

What's your budget for networking equipment?


----------



## Celebrate Nite (Jun 30, 2021)

Lawrence of Algeria said:


> And then they'll beg for donations as usual


Ironic since GDQ starts on 4th of July.  I can totally see them using this event as an excuse for pity bucks.


----------



## Hitman One (Jun 30, 2021)

Imagine being so seething about a bunch of autistic retards on the Internet a laughing at you that you, unironically, spend hundreds (thousands?) of dollars and commit multiple crimes hiring some subhuman Russian, Chinese or North Korean script kiddie to DDOS an innocent collective of ground-nesting bird and hairy fruit enthusiasts. 

Daily reminder that no matter how much money you send to Vlad, Kim or Xi, *YOU WILL NEVER, EVER, EVER BE A WOMAN.*


----------



## HackerX (Jun 30, 2021)

Your shit is obviously different from a normal environment, but who is upstream of your router?  Is there a firewall or provider before the router that is able to drop packets so the hit isn't affecting the router's resources?


----------



## Gone Ham (Jun 30, 2021)

Wack the servers with a hammer. It’ll work. Trust me.


----------



## Null (Jun 30, 2021)

Smug Cat said:


> What's your budget for networking equipment?


Give me some options. I am willing to spend piggybank money.


----------



## Czechem Republic (Jun 30, 2021)

What are the chances those that paid for the botnet ever get a knock on the door?


----------



## Coelacanth (Jun 30, 2021)

Lol wasn't using my BAT tokens anyway and this place is cool so take my virtual shekels.


----------



## BradCarter (Jun 30, 2021)

Can I send you an itunes gift card? It's what all my IT specialists accept as payment to get rid of hackers


----------



## Buff Wellington (Jun 30, 2021)

DogZero said:


> Null said:
> 
> 
> > Give me some options. I am willing to spend piggybank money.
> ...


----------



## MarvinTheParanoidAndroid (Jun 30, 2021)

I don't know what a PeerTube is but it sounds dandy.


----------



## Takodachi (Jun 30, 2021)

Thanks for your tireless work, dear _feeder_ leader


----------



## The Beer Padawan (Jun 30, 2021)

potentially stupid comment but apparently the CCR1016-12G has ddos mitigation on it via the OS firewall; could be worth a shot?

this is me just googling Mikrotik really isn't my Forte


----------



## Samir (Jun 30, 2021)

Have you guys tried turning the server off and back on again?


----------



## Celestine (Jun 30, 2021)

I did it, I saved the kiwi farms!

Thanks for everything you do, Jorsh.


----------



## BATMAN (Jun 30, 2021)

At my old job we used a mix of Dell and Cisco networking solutions. I believe specifically they used the Catalyst switch but it may be a bit dated. 

In terms of setting it up with no prior experience i would say cisco is the easiest to work with. Mikrotik and all the other providers it may be harder to find resources online.


----------



## ERROR_ENTRY (Jun 30, 2021)

Some chump posted this on twitter:


			https://twitter.com/DownFarms/status/1410351212155834371
		



(Looks fake to me, but what do I know)


----------



## Null (Jun 30, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:


It's really funny and I'm not going to say why.


----------



## Meiwaku (Jun 30, 2021)

Is there going to be any effort to locate the troon(s) behind the attacks? Or are you more focused on just upping your game?


----------



## Hate (Jun 30, 2021)

If only trannys invested this much effort into being normal human beings


----------



## CreamyHerman’s (Jun 30, 2021)

Is there any sort of hardware solutions to this DDoS? I would assume mitigating or re-distributing the attack via creating false proxies could work as well? Forgive me if I sound retarded but I deal with telephone numbers in networking and re-routing is something we do sometimes


----------



## spinal gas chamber (Jun 30, 2021)

Null said:


> It's really funny and I'm not going to say why.


You said why in the OP, plus the he/she said why in his own screenshot


----------



## BeanRespecter (Jun 30, 2021)

im sorry trannies are attacking your website Null. I am also sorry I am a retard who can only contribute by watching other retards online and know very little about web infrastructure.


----------



## HackerX (Jun 30, 2021)

CreamyHerman’s said:


> Is there any sort of hardware solutions to this DDoS? I would assume mitigating or re-distributing the attack via creating false proxies could work as well? Forgive me if I sound retarded but I deal with telephone numbers in networking and re-routing is something we do sometimes


Eh, you're sort of on the right path but it's kind of different.  Issue is, he needs a device that filters it before it hits the router, but won't ALSO die.   Usually, for businesses, your ISP might be able to mitigate it on their end, since they have the infrastructure to handle the fuckton of SYN packets in the first place.  Not sure if that's an option here because, well, KF being KF.

Only things I could think of is either get a router with a better CPU or get a FW or some kind of filter and place it between server and Internet/ISP/whatever.  Issue is, the same issue. CPU in that might just die too.


----------



## Zirnwyb (Jul 1, 2021)

If only trannies put this much effort into attempting to pass.
Daily reminder to the trannies reading this that you'll never be a woman. If you're an FTM that's reading this, you'll never be a man.


----------



## HTTP Error 404 (Jul 1, 2021)

I know this is probably shit you've already seen, but this forum thread which just happens to be for the same router manufacturer suggests a few filters, but that it's just a thing that this router is vulnerable to.






						TCP SYN Flood attack causing high cpu - MikroTik
					






					forum.mikrotik.com
				




Edit:  With some other suggestions linked from that thread:






						[feature request] Blocking a special kind of DDoS - MikroTik
					






					forum.mikrotik.com
				








						DDoS story, or WARNING: use 'conection-limit' with caution! - MikroTik
					






					forum.mikrotik.com


----------



## Takodachi (Jul 1, 2021)

fucking nigger trannies, I just want to talk about speds and cantonese moving pictures in peace.


----------



## contradiction of terns (Jul 1, 2021)

I sent you $25.83 in BAT via the Brave Browser tipping service, so hopefully that actually works.

Do I get to be a True & Honest Kiwi when the site stops pooping itself?

You are a real hero and you don't deserve this, Jersh. If I had more I'd give it, but that was all the BAT I've earned since I joined Kiwi Farms and read your post about how to support the forums and started making Brave ad money.


----------



## WeWuzFinns (Jul 1, 2021)

how about you just neuter the ddog?


----------



## HOMO FOR LIFE (Jul 1, 2021)

I hope these degenerates know that we thrive on adversity and not be dissuaded by it.


----------



## Kreitani (Jul 1, 2021)

*Remain calm. 
The Null endures. 
The Kiwi Farms shall endure. 
There is much to be done.*


----------



## SuperConglomerateWhale (Jul 1, 2021)

The constant DoS attacks is interrupting my chance to finally see Chantal’s Gunt pussy


----------



## The Big Bad D (Jul 1, 2021)

An x86_64 machine with one of those gay router operating systems could be a decent bet


----------



## Lemmingwise (Jul 1, 2021)

Jones McCann said:


> Transexuality and it's consequences have been a disaster for the internet race.


Blame brazil.




Also no tricks or knowledge to help against ddos. My go to solution is to go to the source if problems but that's hard when dealing with anonymous online stuff.


----------



## StuffedBallot (Jul 1, 2021)

Null said:


> Give me some


In the 10GBps space, the best cost/performance ratio (Aside from used hardware that is.) I've found is Mikrotik -- something along the lines of https://mikrotik.com/product/crs326_24s_2q_rm if you're rolling fiber, or https://mikrotik.com/product/crs312_4c_8xg_rm if you need 10Gbps rj45. Configuration isn't that far off of Cisco, and budget minded IT dudes tend to swear by them. I dunno how much hardware you have but most of your options here are going to be <1k us shekels. 
I personally run some shit through some of their lower-port-count-lower-end 10Gbps switches and can say that they're pretty much problem-free, and while their support isn't Cisco-tier, they are good for people that aren't afraid of rolling their own config for some autistic shit.


----------



## I'm Not Racist Anymore (Jul 1, 2021)

Hey Josh, I guess if I had to ask a question I'd have to ask how streaming under you would differ from how Nick Fuentes is handling streaming.

Sorry if this question is a bit clunky. I am super mega depressed and I don't pay attention to most things anymore. I've just heard rumblings that Nick Fuentes has a streaming service of some kind, and it's apparently very awful.


----------



## JoshPlz (Jul 1, 2021)

Emergency shekels sent.


----------



## Blasterman (Jul 1, 2021)

Why not just turn KF off for a couple weeks. They'll eventually get bored.


----------



## lllllllllllll (Jul 1, 2021)

Czechem Republic said:


> What are the chances those that paid for the botnet ever get a knock on the door?


Nobody is going to give random troons access to a botnet for a few bucks since they could fuck it up badly (or they could be feds etc etc). They're just sending coins to some rando telling him to attack KF (in case they're even using a botnet which it doesn't seem like). Either way getting into trouble is very unlikely unless you're a high-class target since boomers can't into computers.

I might be dumb but don't you basically only need to allow packets from Cloudflare (and maybe yourself, ntp server and a few other exceptions) into the server and shouldn't that make the scrubbing/ddos-filtering layer or whatever much easier to deal with?


----------



## No. 7 cat (Jul 1, 2021)

The DDoSer gimps will be knocked back and we can have the best of IP2 streaming from Kiwifarms. I'll see what I can sent.


----------



## mil (Jul 1, 2021)

In my mind are just three low-cost things, because I'm very much a noob too:
- Syn cookies might help? probably already tried that?
- Can the router be made more dumb, to not overload on stateful filtering? Offloading CPU hungry work to the server.
- If a DoS over Tor is more difficult to pull of (is it?), maybe it's viable to go Tor only, temporarily? Might not help if the attacker already knows the target network (ip address space / asn).


----------



## Site of Origin (Jul 1, 2021)

There are providers out there that provide a way for you to "route" onto their service during. DDOS attack, they scrub the traffic before it hits you. IIRC you said you had you own BGP ASN, correct? Its a simple GRE tunnel setup with Akamai. Works for bandwidth attacks, syn flooding, etc. You'd be dealing with networking guys, they don't really care whats behind the ASN.


----------



## FiestaMexicana (Jul 1, 2021)

DDoSForHire.net | DDoS for hire websites | top booter / top stresser list
					

DDoSForHire.net | DDoS for hire websites & Top booter, Top Stresser, find your way!




					ddosforhire.net
				



List of public stressers, They usually blacklist websites and IP-addresses if you ask them to,


Null said:


> It's really funny and I'm not going to say why.


----------



## Null (Jul 1, 2021)

I have a rule that's doing a good job of stopping the attack on the router. I'm using the uptime to review some shit while I can.


----------



## Dyn (Jul 1, 2021)

Null said:


> I'm also looking for advice


You should become a beautiful and stunning transwoman so they're not allowed to harass you anymore. We do a lot for you by reading your forum for free so I don't think it's too much for us to ask that you take one for the team and cut your dick off to keep our free entertainment forum online.


----------



## Synthwave Obsessed (Jul 1, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:
> 
> 
> https://twitter.com/DownFarms/status/1410351212155834371
> ...


I wonder if encouraging a felony is against Twitter's TOS?


----------



## Dyn (Jul 1, 2021)

Deathclaw Tiddehs said:


> I wonder if encouraging a felony is against Twitter's TOS?


He had his wallet posted to collect gibs for it, so the post itself is a felony.


----------



## Merried Senior Comic (Jul 1, 2021)

All of this over an obscure thread with less than 20 pages made over three years ago...


----------



## TheShedCollector (Jul 1, 2021)

Czechem Republic said:


> What are the chances those that paid for the botnet ever get a knock on the door?


Roughly the same chances of getting a blowjob from a nun.


----------



## Nickolas Gurr (Jul 1, 2021)

Bugl said:


> Why not just turn KF off for a couple weeks. They'll eventually get bored.


This would mean accepting defeat.


----------



## HTTP Error 404 (Jul 1, 2021)

Deathclaw Tiddehs said:


> I wonder if encouraging a felony is against Twitter's TOS?


Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.


----------



## Synthwave Obsessed (Jul 1, 2021)

HTTP Error 404 said:


> Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.


Brb mutilating myself


----------



## I (Don't) Have A Gun (Jul 1, 2021)

Sadly I'm a software guy not a hardware guy...
But hey if KF need some crowdfunding I'm sure I finally get on this crypto-thing the kids are going on about and buy Null a coffee or something.


----------



## Thumb Butler (Jul 1, 2021)

Dyn said:


> You should become a beautiful and stunning transwoman so they're not allowed to harass you anymore. We do a lot for you by reading your forum for free so I don't think it's too much for us to ask that you take one for the team and cut your dick off to keep our free entertainment forum online.


This is the only option, You would be untouchable and transwomen are the only valid kind of people.


----------



## Gutts (Jul 1, 2021)

i can give you csgo skins


----------



## Nickolas Gurr (Jul 1, 2021)

I honestly cannot understand how can someone actually spend time and money on DDoSing Kiwifarms. What would it achieve? Do they think that the website would just die after a few days of DDoS? Kiwifarms in it's current iteration is 8 years old, it have seen worse shit than that.


----------



## Viam (Jul 1, 2021)

Eh, if you remain as level-headed as you have been thus far and don't give mainstream Twitter audiences any genuine reason to hate you on top of the lies and exxagerations they're going off of at the moment, they're bound to lose interest eventually and stop paying for the DoS. 

tbh, I'd be shocked if this were still going on in three day's time; God knows that Internet addicts are all ADD-ridden freaks that'll struggle to maintain interest in anything without a constant stream of news and drama to keep them from falling asleep.


----------



## Neurotypical Mantis (Jul 1, 2021)

HTTP Error 404 said:


> Nothing is against the Twitter TOS if you're a lefty, tranny, or nigger.


wrong, if you're not a lefty people are immediately allowed to call you slurs no matter how much of a specialboy minority you are


----------



## Blackstar (Jul 1, 2021)

I'm doing my part.


----------



## semiurgent (Jul 1, 2021)

I haven't gotten on the Brave train, but I'm in on Eth and cardano, would be more than happy to send a decent bit of each if Nool a wallet set up.


----------



## Techpriest (Jul 1, 2021)

Null said:


> Give me some options. I am willing to spend piggybank money.


Juniper makes pretty solid switches and routers. I’d also look into maybe getting something to create a DMZ that you can flip on during an attack to automatically block and filter out certain addresses.


----------



## In Memoriam (Jul 1, 2021)

semiurgent said:


> I haven't gotten on the Brave train, but I'm in on Eth and cardano, would be more than happy to send a decent bit of each if Nool a wallet set up.


Look at the bottom of this page for wallet info fren


----------



## Site of Origin (Jul 1, 2021)

Are you going copper or fiber for 10Gb? Fiberstore.com makes cheap knock off SFPs compatible with all major vendors and they work well. They also make their own switches, can't vouch for them.

If you got a beefy enough L3 switch, you could have it handle routing for you as well. Could save you a bit on cost. Just don't expect to take the entire BGP table into memory.

You could also ebay shop for cheap cisco ASR routers.


----------



## Precursor James (Jul 1, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:
> https://twitter.com/DownFarms/status/1410351212155834371













						Ez Clap Farms (@Ezclapfarms) | Twitter
					

The latest Tweets from Ez Clap Farms (@Ezclapfarms). Litecoin: LST4bf1qmCLcXJbs3tYzcAcFFj5s1dpdzt Monero: 468gFZ5VVyBQq1wMRpXMwnY1HB7JC82CnXAShefiXpY9UW65EvGAxyML5qazkiL1XPX3ktsTu3v5NPoT8GygBPe73EjHAnK




					web.archive.org


----------



## Null (Jul 1, 2021)

Site of Origin said:


> copper or fiber


What's the difference? I'd have to ask upstream.


----------



## Zyklon Ben's Poison Pen (Jul 1, 2021)

So not knowing too much about this device it looks like a software router (probably what RouterOS is) ie: runs all packet processing in software on CPU's which does make it vulnerable to SYN floods because a SYN packet forces the Firewall/Router to setup a new session in memory to track it states. Looks quite Linuxy so its probably running IPTables.

What you want is a hardware router like some Cisco models (yeh I know (((Cisco)))) which uses dedicated silicon to handle packet processing and dedicated x86 CPU to run its Linux based overseer IOS.

What you can do then is use some sort of firewall behind the hardware router to try and track dead SYN packets and use BGP to have the hardware router route them to NULL and even use BGP to your upstream to have them routed to null. I was using the iptables_xt_recent module to do this but it was a little trigger happy.


----------



## Right Wing Boomer Squads (Jul 1, 2021)

Site of Origin said:


> There are providers out there that provide a way for you to "route" onto their service during. DDOS attack, they scrub the traffic before it hits you. IIRC you said you had you own BGP ASN, correct? Its a simple GRE tunnel setup with Akamai. Works for bandwidth attacks, syn flooding, etc. You'd be dealing with networking guys, they don't really care whats behind the ASN.


DoS protection is normally a per-month cost from the ISP, and it isn’t cheap in my experience. All they do is just identify the prefix that is performing the DoS attack and then blackhole traffic from that prefix; meaning the customer never sees the traffic on their link. Josh basically wants to accomplish the same thing with a device of his own, which is difficult because even if the traffic is dropped by the device, the traffic is still using bandwidth on the link. This is the main reason why people pay their carrier to do it for them.

from what I understand about Josh’s setup, he doesn’t have his own ASN or /24, but he is being leased a prefix by an ISP - meaning he is most likely peering BGP to an ISP on a private ASN (64000-65000ish)
This would mean he’s not advertising directly into the global routing table, and probably isn’t receiving the global routing table, just a default route. 
This is important as receiving the full table takes up a lot of resources (mostly RAM but also CPU on path calculations), so if it is just a default route, he can get away with slower hardware. 

I’m going to jump in here with an other brand option to add to the pile: get a Fortigate 500E. 
-40Gbps routing throughput
-2 SFP+ ports and about 8 SFP ports 
-Nice web UI which is easy to configure
-configurable DoS protection
They cost about 5-7k AUD (phone posting right now, convert it yourself), and you can buy the hardware without and of the subscription crap (the DoS stuff isn’t subscription based, comes with hardware)
Underlying hardware is x86 with 16GB memory so they will handle the global routing table (should you desire it) easily.



The Big Bad D said:


> An x86_64 machine with one of those gay router operating systems could be a decent bet


If you don’t mind a bit of a learning curve, this is where it’s at. Slightly radical option, I know, but this is unironically the cheapest option.

Netflix use FreeBSD and BIRD for a lot of their CDN. I also know that many of the state internet exchanges in AUS uses BIRD as well.

if you don’t want to use BSD, BIRD does run on Linux too. Another option, one gaining a lot of popularity, is FRR (a fork of Quagga). Big learning curve, but might save a lot of money if you can build a router out of spare parts.


----------



## Site of Origin (Jul 1, 2021)

It just depends on what hardware you are working with, fiber in general is more flexible (swap out SFPs to shoot longer distances) but you might not need that.


----------



## JoshPlz (Jul 1, 2021)

StuffedBallot said:


> In the 10GBps space, the best cost/performance ratio (Aside from used hardware that is.) I've found is Mikrotik -- something along the lines of https://mikrotik.com/product/crs326_24s_2q_rm if you're rolling fiber, or https://mikrotik.com/product/crs312_4c_8xg_rm if you need 10Gbps rj45. Configuration isn't that far off of Cisco, and budget minded IT dudes tend to swear by them. I dunno how much hardware you have but most of your options here are going to be <1k us shekels.
> I personally run some shit through some of their lower-port-count-lower-end 10Gbps switches and can say that they're pretty much problem-free, and while their support isn't Cisco-tier, they are good for people that aren't afraid of rolling their own config for some autistic shit.


While having 10Gbps ports, it looks like both of those models would be a lot weaker in terms of CPU and RAM. 

This is Null's current router: https://mikrotik.com/product/CCR1016-12G
It has a 12-Core CPU with 1.2Ghz each and 2GB RAM. So the new one would have to be similar or better than that.


----------



## Right Wing Boomer Squads (Jul 1, 2021)

Null said:


> What's the difference? I'd have to ask upstream.


What does your ISP hand off your connection on at the moment? Either way, going for a device with SFP (1Gb) or SFP+ (10Gb) is better if possible - you can just buy RJ-45 SFPs if you need to go run copper out of your SFP ports. Fibrestore sell 10G-copper SFPs as well


----------



## StuffedBallot (Jul 1, 2021)

JoshPlz said:


> While having 10Gbps ports, it looks like both of those models would be a lot weaker in terms of CPU and RAM.
> 
> This is Null's current router: https://mikrotik.com/product/CCR1016-12G
> It has a 12-Core CPU with 1.2Ghz each and 2GB RAM. So the new one would have to be similar or better than that.


Yep, but we're looking for a switch & router. Which to me means that in addition to the _switch_ I linked before, Null would probably want to upgrade to something like https://mikrotik.com/product/CCR1036-8G-2SplusEM for the router, since you get the 36 cores @ 1.2ghz, and SFP+ connectivity to the SFP+ switch.



Null said:


> What's the difference? I'd have to ask upstream.


I personally find that 10gb  fiber is generally cheaper, especially for short runs than 10gb ethernet. Price of copper be dumb these days.


Edit: The fortinet advice given earlier in the thread is also super solid. Rolling your own router seems like a great techie idea, but Null did ask for idiot-proof solutions.


----------



## Ralph Barnhardt (Jul 1, 2021)

Pope Negro Joe the XIIIth said:


> You'd think that these DDOS morons would figure out that every time they do this we get better stuff and more abilities to have fun that they'll be mad about.


You think guys who cut their own dick off to magically become a woman are great at planning?


----------



## The Big Bad D (Jul 1, 2021)

StuffedBallot said:


> Yep, but we're looking for a switch & router. Which to me means that in addition to the _switch_ I linked before, Null would probably want to upgrade to something like https://mikrotik.com/product/CCR1036-8G-2SplusEM for the router, since you get the 36 cores @ 1.2ghz, and SFP+ connectivity to the SFP+ switch.
> 
> 
> I personally find that 10gb  fiber is generally cheaper, especially for short runs than 10gb ethernet. Price of copper be dumb these days.


These obscure TILE architecture CPUs are fucking garbage, modern linux kernels don't even support them anymore


----------



## Suiglide (Jul 1, 2021)

I find it funny how everything Twitter faggots claim Kiwi Farms does is done tenfold by them.

Twitter as a whole is 4chan and the weaponized autism of /b/ except for the fact that all the anonymous users are mentally ill children and adults actively trying to get one with the numerous journos there.


----------



## JoshPlz (Jul 1, 2021)

Precursor James said:


> View attachment 2307788
> View attachment 2307789


Is that troon speaking the truth? Looks like the newest RouterOS release and Firmware would be 6.48.3 and 3.41


StuffedBallot said:


> Yep, but we're looking for a switch & router. Which to me means that in addition to the _switch_ I linked before, Null would probably want to upgrade to something like https://mikrotik.com/product/CCR1036-8G-2SplusEM for the router, since you get the 36 cores @ 1.2ghz, and SFP+ connectivity to the SFP+ switch.


Oh, alright. I didn't see that those were just switches, fren.


----------



## StuffedBallot (Jul 1, 2021)

The Big Bad D said:


> These obscure TILE architecture CPUs are fucking garbage, modern linux kernels don't even support them anymore


Modern linux kernels are also developed by a herd of retarded commies, so not sure that's a measure of anything. 

You are right, that it's probably not beefy enough, but for DDOS protection I would possibly not try to do that in the router & look at some sort of appliance sitting in front of it, but I've been out of that game for ten years, so no fucking clue what to recommend.


----------



## Scented Candle (Jul 1, 2021)

Have you considered buying a Corero or Fortinet router? They aren't cheap but they also are a permanent solution to this kind of attack.


----------



## Secret Asshole (Jul 1, 2021)

I can't use my BAT, but these assmad troons just made me donate all of it. Its better than just sitting there.


----------



## Onion Guide (Jul 1, 2021)

Threw assorted shitcoins at you as LTC. Much better off spent holding the line than losing value in my wallets.


----------



## Drachenlord (Jul 1, 2021)

Honestly you should keep the farms up for as cheap as possible just so that they burn through their cash financing those attacks - afaik DDoS services of this scale are expensive as fuck.
Maybe it's not even worth putting too much effort into mitigating the attack as long as your hosting provider doesn't kick you off and the Farms will be back whenever the attackers run out of money. In the end, they'll have spent a fortune and gained nothing at all from this.


----------



## Snusmumriken (Jul 1, 2021)

Drachenlord said:


> Honestly you should keep the farms up for as cheap as possible just so that they burn through their cash financing those attacks - afaik DDoS services of this scale are expensive as fuck.
> Maybe it's not even worth putting too much effort into mitigating the attack as long as your hosting provider doesn't kick you off and the Farms will be back whenever the attackers run out of money. In the end, they'll have spent a fortune and gained nothing at all from this.


Agreed, what is their plan in all this? They can’t sustain the attacks forever and once they cease the farms will be back to normal. Do they think Jersh will just get frustrated and take down the site because they showed him the power of weaponized tranny autism friendship?


----------



## Yamamura Video Rental (Jul 1, 2021)

Alright, I'll kick in my BAT as soon as the next payment rolls in.

Sorry, I'm dumb when it comes to this type of stuff.  But if I'm understanding the situation correctly you're saying there's no way to actually combat the attacks, rather we're upgrading how much load we can take so that it doesn't affect the site?  So if the troons want to DDoS us again it would cost them even more or something?


----------



## HTTP Error 404 (Jul 1, 2021)

Precursor James said:


> View attachment 2307788
> View attachment 2307789
> 
> 
> ...



@Null 
According to the support page, latest update for that router is routeros-tile-6.48.3.npk









						MikroTik
					

MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world.




					mikrotik.com


----------



## Ellesse_warrior (Jul 1, 2021)

Mad at the Internet
					

A weekly presentation covering what it takes to keep a one-man enterprise online when it makes everyone Mad at the Internet.




					madattheinternet.gumroad.com


----------



## Car Won't Crank (Jul 1, 2021)

JoshPlz said:


> Is that troon speaking the truth? Looks like the newest RouterOS release and Firmware would be 6.48.3 and 3.41


It's true. I manage a few Mikrotiks and 6.48.3 is the latest for RouterOS.


----------



## The Big Bad D (Jul 1, 2021)

HTTP Error 404 said:


> @Null
> According to the support page, latest update for that router is routeros-tile-6.48.3.npk
> 
> 
> ...


Mikrotik has multiple branches of RouterOS, see
https://mikrotik.com/download

all of these are up to date


----------



## HTTP Error 404 (Jul 1, 2021)

All you heros doing BAT donations are awesome.  Doing God's work, you are!

As mentioned in the shitshow I want to get Null up to +$1000 USD so he can say not only did we weather this storm, the rainbow haired retards on twitter made it *profitable *to do so.  Hell, lets aim for enough to buy a fancypants router.

With that in mind, I did my part:




Support the forum thread:  https://kiwifarms.net/threads/supporting-the-forum.27022/



Ellesse_warrior said:


> Mad at the Internet
> 
> 
> A weekly presentation covering what it takes to keep a one-man enterprise online when it makes everyone Mad at the Internet.
> ...



This too.


----------



## AngryTreeRat (Jul 1, 2021)

No idea if your ISP will, but assuming you got a static IP when I say this and you aren't using a dynamic DNS service, I know my ISP will, for 10 bucks a pop mind, flip my IP with 20 minutes of processing time for the payment to clear and their tech to smack a button, I've dealt with paid for bot nets a few times since script kiddies get mad when you ban them from Minecraft.

After doing that announce KF is going .onion only for a week, and have the clear net addresses point to a page explaining where to get Tor and how to connect to the .onion until you got a permanent solution in place.

They will find it a bit of a bitch to DDoS a .onion and get bored, and we suffer mild inconvenience at worse.


----------



## Lord Xenu (Jul 1, 2021)

Onion Guide said:


> View attachment 2307836
> Threw assorted shitcoins at you as LTC. Much better off spent holding the line than losing value in my wallets.


What is the easiest way to claim your bitcoin fork coins (e.g. BTG) and convert them to something useful?


----------



## Ted Kaczynski (Jul 1, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:
> 
> 
> https://twitter.com/DownFarms/status/1410351212155834371
> ...


Is that some random freeware """ddos""" site?
All these troons are 12. No doubt.


----------



## rinya (Jul 1, 2021)

Is this thread for networking advice or for flaunting donations?


----------



## Image Reactions (Jul 1, 2021)

Thoughts and prayers


----------



## Scented Candle (Jul 1, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:
> 
> 
> https://twitter.com/DownFarms/status/1410351212155834371
> ...


Is this just the Zoomer web 3.0 version of LOIC?


----------



## Hazel Motes (Jul 1, 2021)




----------



## Escalating Violence (Jul 1, 2021)

There's only one word to describe this whole situation: Gay.


----------



## deso2y (Jul 1, 2021)

Jersh vs the DDilatorbot-2021, place your bets folks


----------



## Gone Ham (Jul 1, 2021)

rinya said:


> Is this thread for networking advice of for flaunting donations?


Yes


----------



## Ducks Sorted in a Row (Jul 1, 2021)

Trannies will literally spend real money on taking down a gossip website for an hour and then turn around and complain about how capitalism is the reason they're broke


----------



## Dysnomia (Jul 1, 2021)

Nickolas Gurr said:


> I honestly cannot understand how can someone actually spend time and money on DDoSing Kiwifarms. What would it achieve? Do they think that the website would just die after a few days of DDoS? Kiwifarms in it's current iteration is 8 years old, it have seen worse shit than that.



Most troons are getting gibs because they are unemployable freaks. They have nothing to do all day but seethe and dilate.


----------



## reptile baht spaniard rid (Jul 1, 2021)

You may want two devices - on dedicated to simply filtering out ddos and the second doing actual routing and fire walling  

you want a 1G burst able to 10g line so you don’t have to pay for the whole 10G when not being ddos’d

An entirely unrelated IPv6 range that’s only know to you can be used as a management interface but lock that shit down like no tomorrow.


----------



## BigTubboWithLittleChina (Jul 1, 2021)

I'm guessing that it's no coincidence that these attacks have started soon after a bunch of faggots started whining that we'd caused Byuu to neck himself. Fuck 'em all.


----------



## Crunchy Oats (Jul 1, 2021)

I'm not sure if this was posted, but I saw this posted on Twitter last night by some tranny who was requesting a personal army. I forgot to archive their post, though.

(I was late and gay)


----------



## Reverend (Jul 1, 2021)

I am also a big fan of Mikrotik RouterOS systems, they are very simple to setup, manage, and apply firewall/access rules to.  I've run multiple ones for SMB's and they are rock solid.

The CRS326-24S+2Q+RM is overkill as he will never get a QSFP+ line run from the Colo to his rack unless it's sub 10M.  The cable cost alone will be fucking insane. A 10gbps native RouterOS built device  CCR1036-8G-2S+ will give Dual 10gbps connetions to the colocation for redundancy, redundant power, and an m.2 slot for a quick network cache.  Downside is only 8 network ports @ 1gpbs.  I'd have to look to see if you can bond multiple lines together via the device.    

I'll assume @Null that your server(s) have 1gb network cards in them? Would you be willing to upgrade them, or can you upgrade them, to  10gbps cards? 

I personally would stay away from Fiber at all costs unless you want to go full on fiber for everything at which there are other models of Routers to recommend.   Fiber is expensive and there is little to gain from using fiber sub 10gbps speed. 

At some point you will reach the tipping point of separating  your Router from your Switch for 2 devices.  In fact that might be a better idea to have TWO routers in a Round Robin mode to alleviate some of the stress on your router.   This will require some networking guru work and some special software but you alleviate the bottleneck and make it difficult (not impossible) to take your network down.

PFSense is a fantastic piece of software and very customizable, buy the hardware which comes with a support contract and you'll get some Sales Engineer support as well to advise you on Best practices:








						Netgate 1541 BASE pfSense+ Security Gateway
					

The Netgate 1541 1U 19" rack mount system is a state of the art Security Gateway appliance with pfSense® Plus software featuring the 8 Core Intel® Xeon® D-1541 processor with AES-NI to support a high level of I/O throughput and optimal performance per watt. This appliance with pfSense Plus...




					shop.netgate.com
				




Whatever you do, at this rate, *DO NOT ROLL YOUR OWN ROUTER SOFTWARE AND INSTALL IT ON A SERVER*! DO NOT! NO NO NO NO NO.  Your life is fucking hell as it is, and to troubleshoot HARDWARE as well as SOFTWARE is a pain in the proverbial dick.  If you want to enjoy your time in Estoniastan spend the money get a refurb ENTERPRISE grade equipment and call it a day.  It's cute for the house but not for high traffic sites like this.  If you like sleep you won't do this. 

P.S.  Don't hate me for tagging you.


----------



## Pope Negro Joe the XIIIth (Jul 1, 2021)

Scented Candle said:


> Is this just the Zoomer web 3.0 version of LOIC?


Fucking lol that's the first thing I thought too.


----------



## Null (Jul 1, 2021)

Reverend said:


> I'll assume @Null that your server(s) have 1gb network cards in them? Would you be willing to upgrade them, or can you upgrade them, to 10gbps cards?


c1:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
c1:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)

I bought a really fancy 10Gbps ethernet card after our mobo's network card blew.


----------



## Reverend (Jul 1, 2021)

reptile baht spaniard rid said:


> You may want two devices - on dedicated to simply filtering out ddos and the second doing actual routing and fire walling
> 
> you want a 1G burst able to 10g line so you don’t have to pay for the whole 10G when not being ddos’d
> 
> An entirely unrelated IPv6 range that’s only know to you can be used as a management interface but lock that shit down like no tomorrow.


The colo will still charge you for the 95th percentile of usage for the month so he might as well pay for the 10gb line and enjoy it all he wants as he is going to start streaming video which sucks up bandwidth like a mother fucker.

Also, making your management interface on the PUBLIC network is fucking insane, as you did say to lock it down, I concur with that assessment. A completely separate network device with a VPN connection on IPV6 which then allows you to tunnel through to your Management Consoles is a good idea.  Purchase that networking service through a completely different company that has 0 to do with the farms for ultimate security through obscurity.   Two-Factor-Authentication for VPN access is even better.


----------



## Neko GF (Jul 1, 2021)

Dysnomia said:


> Most troons are getting gibs because they are unemployable freaks. They have nothing to do all day but seethe and dilate.


They also tend to be financially irresponsible. They're going to regret wasting all of their NEET Bucks to DDOS a gossip forum when the next product to consoom comes out.


----------



## QwahlityKahntent (Jul 1, 2021)

Czechem Republic said:


> What are the chances those that paid for the botnet ever get a knock on the door?


once the feds learn trannies are doing it, they'll drop all charges. 
don't you know it's illegal to prosecute a """"""minority"""""" group for committing crimes?


----------



## Reverend (Jul 1, 2021)

Null said:


> c1:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
> c1:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
> 
> I bought a really fancy 10Gbps ethernet card after our mobo's network card blew.


Nice card. I use them myself for various projects.

That being said we now need to have our Routers/Switches have 10gbps capable internally as well as externally.   

Is 8 ports (internal network) and 2 ports (external/colo) enough networking ports for your server stack or do you need more ports for your servers?


----------



## Onion Guide (Jul 1, 2021)

lemmiwinks said:


> What is the easiest way to claim your bitcoin fork coins (e.g. BTG) and convert them to something useful?


I just sold them all on the biggest exchange in my country, used that credit to buy litecoin, sent it to a wallet, and then sent the LTC to the address at the bottom of the website page.


----------



## Reverend (Jul 1, 2021)

Neko GF said:


> They also tend to be financially irresponsible. They're going to regret wasting all of their NEET Bucks to DDOS a gossip forum when the next product to consoom comes out.


They are all on welfare/social security for their "disorders" so it'll be American's who end up paying for them to buy the next iDevice when it comes out to post their hatred on Twitter.

Also, most of these fuckwits live together in a commune style so they can have all the degenerate chicanery propagate amongst them like the true Troglodytes they are.


----------



## draggs (Jul 1, 2021)

TheBest said:


> We are very adaptable to autism


They merely adopted the autism. We were born in it, molded by it. By the time we were men the autism was merely a piece of a puzzle.


----------



## ❄️❄️❄️ (Jul 1, 2021)

Null said:


> c1:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
> c1:00.1 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
> 
> I bought a really fancy 10Gbps ethernet card after our mobo's network card blew.


Stupid idea time:

If you just need something with capacity to clean up incoming shit, I would put both current and 2nd 1G Colo line into basic L2 switch and then hang multiple routers off the switch, each advertising different IP ranges. Web server can advertise on each IP, and set up round robin DNS between IP ranges. Sounds like you need more routing capacity, and may be easier to acquire a couple of refurb/nearly new 1G routers than a single massive 10G router that can both route 10G and also deal with incoming shit traffic.


----------



## Ahriman (Jul 1, 2021)

Null said:


> The upside is, once we have 10Gbps and the new device (FINALLY coming in this week) we can set up a PeerTube instance and do video hosting. Exciting times.







*I AM GROWING STRONGER*

Thread music


----------



## Blacklight (Jul 1, 2021)

Tactical drop of shit coins on the way.


----------



## Null (Jul 1, 2021)

Reverend said:


> Is 8 ports (internal network) and 2 ports (external/colo) enough networking ports for your server stack or do you need more ports for your servers?


I need at least 3 SFP+ ports. I'm also not going to buy another Mikrotik because I am pissed about this management interface shit.


----------



## Reverend (Jul 1, 2021)

❄️❄️❄️ said:


> Stupid idea time:
> 
> If you just need something with capacity to clean up incoming shit, I would put both current and 2nd 1G Colo line into basic L2 switch and then hang multiple routers off the switch, each advertising different IP ranges. Web server can advertise on each IP, and set up round robin DNS between IP ranges. Sounds like you need more routing capacity, and may be easier to acquire a couple of refurb/nearly new 1G routers than a single massive 10G router that can both route 10G and also deal with incoming shit traffic.


This is the right idea but I feel it's missing something about how the L2 switch connects to the Colo over 10gb as streaming video (which is a requirement of KF4.1 ) is coming. 
You'd have 2 network lines from the Colo with redundancy, these connect to the switch, which then passes the network traffic to the pair of routers to handle distribution/access. 
The goal is to filter as much bullshit from the TroonSquad as possible while passing 'valid' requests to the server(s) behind the Firewalls.


----------



## 953 (Jul 1, 2021)

Booglarping seething trannies after they cope because kek doomer chad Kiwifarm users tell them to cope because their beta DDoS isn't sigma enough so they think about 41%ing because the alphas always win:
(and then 41% neck themselves)


----------



## Scented Candle (Jul 1, 2021)

Odd question but you mentioned that you're moving the servers back to the US, does your colo not offer DoS protection? 
I'm not familiar with how your network is laid out but lot of colos in the US offer integrated DoS deterrence if you use their managed internet services.


----------



## Easy Peasy (Jul 1, 2021)

I dont understand any of this tech shit, but fuck trannies and thanks Jersh and others for fixing everything and defending the free speech farms


----------



## Null (Jul 1, 2021)

Scented Candle said:


> Odd question but you mentioned that you're moving the servers back to the US, does your colo not offer DoS protection?
> I'm not familiar with how your network is laid out but lot of colos in the US offer integrated DoS deterrence if you use their managed internet services.


We never left the US.


----------



## ❄️❄️❄️ (Jul 1, 2021)

Reverend said:


> This is the right idea but I feel it's missing something about how the L2 switch connects to the Colo over 10gb as streaming video (which is a requirement of KF4.1 ) is coming.
> You'd have 2 network lines from the Colo with redundancy, these connect to the switch, which then passes the network traffic to the pair of routers to handle distribution/access.
> The goal is to filter as much bullshit from the TroonSquad as possible while passing 'valid' requests to the server(s) behind the Firewalls.



Yeah - depends on what the Colo connection looks like. 

Also curious what incoming shit traffic is like - if it's not actually valid TCP sessions, you could just get away with a server with a couple of linecards and some IPtables rules. Stick it ahead of the router and let it filter shit, allow router CPU to focus on routing.

Also wondering if Null has done any packet capture on the Colo interface to see what kind of traffic it is?


----------



## Reverend (Jul 1, 2021)

Null said:


> I need at least 3 SFP+ ports. I'm also not going to buy another Mikrotik because I am pissed about this management interface shit.


Eh, it's no Cisco/Sonicwall that's for sure. The management is clunky but it's powerful at the CLI. 
Is that 3SFP+ internally and 2 SFP+External to the Colo? 
I suggest you look at Netgate and PFSense as the management interface is stupid simple and powerful as anything you'd get from a major vendor and not break the bank. Install one of their systems and then later on buy a second for High Availability, Failover, and Round Robin.


----------



## Fate Fan (Jul 1, 2021)

Are you only doing crypto or are you still accepting specific prepaid debit gift cards?


----------



## Goyslop Muncher (Jul 1, 2021)

I don’t understand any of this cyber terrorism speak, but it sounds exciting so I sent some crypto shekels. G-dsneed.


----------



## byuu (Jul 1, 2021)

Dyn said:


> You should become a beautiful and stunning transwoman so they're not allowed to harass you anymore. We do a lot for you by reading your forum for free so I don't think it's too much for us to ask that you take one for the team and cut your dick off to keep our free entertainment forum online.


Just become non-binary.
Same effect without any work.


----------



## Dyn (Jul 1, 2021)

garakfan69 said:


> Just become non-binary.
> Same effect without any work.


He'll be prettier if he cuts his dick off.


----------



## Ahriman (Jul 1, 2021)

garakfan69 said:


> Just become non-binary.
> Same effect without any work.





Spoiler



_Jess_


----------



## Right Wing Boomer Squads (Jul 1, 2021)

Reverend said:


> I am also a big fan of Mikrotik RouterOS systems, they are very simple to setup, manage, and apply firewall/access rules to.  I've run multiple ones for SMB's and they are rock solid.
> 
> The CRS326-24S+2Q+RM is overkill as he will never get a QSFP+ line run from the Colo to his rack unless it's sub 10M.  The cable cost alone will be fucking insane. A 10gbps native RouterOS built device  CCR1036-8G-2S+ will give Dual 10gbps connetions to the colocation for redundancy, redundant power, and an m.2 slot for a quick network cache.  Downside is only 8 network ports @ 1gpbs.  I'd have to look to see if you can bond multiple lines together via the device.
> 
> ...


Load balancing across two routers is a lot harder than most people think it is. Bear in mind that he’s in colo, paying per rack unit, and only has 1 upstream carrier, 1 advertisable /24, and most likely 1 physical uplink 

On the ‘round robin’ front, the biggest problem by far is that you only get 1 uplink from your carrier, even if you’re in a DC and they’ve given you a cross connect to the carrier. You can only plug this into 1 device. Sure, you can put a switch in front of it and plug 2 routers into it, but this doesn’t load balance your traffic across both.

HSRP (Cisco) or VRRP work by floating 1 IP address across multiple devices; there is always a master, and the traffic always goes to the master. All the switch in front will see is a MAC address sitting on one port, and that is where it will forward traffic

if you want to load balance across two routers, you need a switch operating at layer 3, with ECMP set up on the switch pointing to both of the routers. If Josh did this, the switch would have to advertise his prefix to his upstream peer which just means his switch would just end up becoming a router anyway. At this point, just go and buy a router and forget the switch, or buy a mellanox SN2700

Also, I’d like to address the whole ‘everything SFP is expensive’ I’ve seen on here from a few people:








						Cisco SFP-H10GB-CU1M Compatible 10GBASE-CU SFP+ DAC Twinax Cable - FS Australia
					

FS for Cisco compatible SFP-H10GB-CU1M 10G SFP+ to SFP+ direct attach cable operates over passive copper with a maximum reach of 1m, which is a cost-effective solution for high bandwidth and high-speed interconnection.




					www.fs.com
				




My advice: 
Easy mode: buy a thicc ass box in a 1RU form factor with a dedicated NPU/ASIC that can handle DoS protection, firewall, and routing all in 1 box. Cisco, Palo, Juniper or Fortinet all have boxes for this, my personal recommendation is Fortinet (see my post above) just because of personal experience. Not gonna hate on the cheaper vendors like Mikrotik, just haven’t used them that much.

Hard mode: buy a 1RU server with a good cpu and at least 16GB memory, buy some 10GbE SFP+ NICs off ebay (mellanox pls), install RHEL and run FRR.


----------



## byuu (Jul 1, 2021)

Dyn said:


> He'll be prettier if he cuts his dick off.


Josh is already very pretty and valid.


----------



## kaz321123 (Jul 1, 2021)

fpga vs. higan latency.  Those are my thoughts at the moment.  Is there a platform where higan could function with the least overhead? 

- spergy newfag (hi everybudy)


----------



## QwahlityKahntent (Jul 1, 2021)

don't know if this helps or not. asked my IT friend if he had any suggestions and this is what he came back with






						SYN/DoS/DDoS Protection - RouterOS - MikroTik Documentation
					






					help.mikrotik.com


----------



## ❄️❄️❄️ (Jul 1, 2021)

Right Wing Boomer Squads said:


> Load balancing across two routers is a lot harder than most people think it is. Bear in mind that he’s in colo, paying per rack unit, and only has 1 upstream carrier, 1 advertisable /24, and most likely 1 physical uplink
> 
> On the ‘round robin’ front, the biggest problem by far is that you only get 1 uplink from your carrier, even if you’re in a DC and they’ve given you a cross connect to the carrier. You can only plug this into 1 device. Sure, you can put a switch in front of it and plug 2 routers into it, but this doesn’t load balance your traffic across both.
> 
> ...


The suggestion I had was based arround advertising different IPs on each router and doing load balancing via DNS. Seems like the problem Null is facing is just arroud the router shitting itself due to crap traffic, as opposed to requiring 'real' routing capacity as with most enterprise setups.

It's just the volume of shite that's being the problem, if that gets stripped out by a pair of routers, a single high-end router or a 1u pizza box, end result is the same. Going by traffic graphs does not look like link itself is saturated.

I guess that if Null manages to deal with the router shitting itself, they're just going to ramp up on L7 attacks or increase the traffic volume and saturate the interface. Presuming the router attack was easiest and cheapest option (low hanging fruit)


----------



## Null (Jul 1, 2021)

QwahlityKahntent said:


> he


syncookies have been enabled this entire time. when the attack starts, pipe breaks. cant even local connect via com/serial because of 100% cpu usage.


----------



## Scented Candle (Jul 1, 2021)

QwahlityKahntent said:


> View attachment 2308188
> don't know if this helps or not. asked my IT friend if he had any suggestions and this is what he came back with
> 
> 
> ...


This was my biggest concern being data exfiltration, DDoS attacks are usually smokescreens to cover for a more sophisticated attack. Though they've shown that they are pretty much just script kiddying it and just know "haha I push button site go down.

I also second the Fortigate/Corero pitch, we have a lot of high risk DC customers that swear by them, the user interfaces are pretty friendly as well.


----------



## Neo-Liberal Bugman (Jul 1, 2021)

"some friends" (Ladyboy discord associates)

"now its just for the lulz" (satisfying your anger towards those who make fun of and call out your autogynephilia)

YWNBARW


----------



## Null (Jul 1, 2021)

Right Wing Boomer Squads said:


> My advice:
> Easy mode: buy a thicc ass box in a 1RU form factor with a dedicated NPU/ASIC that can handle DoS protection, firewall, and routing all in 1 box. Cisco, Palo, Juniper or Fortinet all have boxes for this, my personal recommendation is Fortinet (see my post above) just because of personal experience. Not gonna hate on the cheaper vendors like Mikrotik, just haven’t used them that much.


Name something specific please


----------



## Right Wing Boomer Squads (Jul 1, 2021)

❄️❄️❄️ said:


> The suggestion I had was based arround advertising different IPs on each router and doing load balancing via DNS. Seems like the problem Null is facing is just arroud the router shitting itself due to crap traffic, as opposed to requiring 'real' routing capacity as with most enterprise setups.
> 
> It's just the volume of shite that's being the problem, if that gets stripped out by a pair of routers, a single high-end router or a 1u pizza box, end result is the same. Going by traffic graphs does not look like link itself is saturated.
> 
> I guess that if Null manages to deal with the router shitting itself, they're just going to ramp up on L7 attacks or increase the traffic volume and saturate the interface. Presuming the router attack was easiest and cheapest option (low hanging fruit)


Yeah, looks like the routers are just struggling to deal with the bad requests. I think a beefier box is the simplest option, if perhaps not the cheapest

DNS load balancing is not a bad idea, but from the looks of it, this guy is targeting the actual IPs; DNS-LB won’t help against these attacks so there probably isn’t much point.


----------



## WinnieTheJew (Jul 1, 2021)

The downtime is acceptable if it leaves a bunch of trannies destitute. Let them waste their tears and money.


----------



## Pope John Paul II (Jul 1, 2021)

Thotalicious Chris said:


> The DDoSers are ugly, fat, and I personally would not have intercourse with them.


Just like most people on this site, most probably


----------



## Null (Jul 1, 2021)

Zeva_Adom said:


> @Null If you still live In Serbia, would you be able to accept cash directly? I could send it to your PO box or something like that. It would be in Euros, but if you need something else I'd try to exchange it.


Check / money order sent to the beal address in the supporting the forum page work.


----------



## ❄️❄️❄️ (Jul 1, 2021)

Right Wing Boomer Squads said:


> Yeah, looks like the routers are just struggling to deal with the bad requests. I think a beefier box is the simplest option, if perhaps not the cheapest
> 
> DNS load balancing is not a bad idea, but from the looks of it, this guy is targeting the actual IPs; DNS-LB won’t help against these attacks so there probably isn’t much point.


DNS LB is only for web traffic - ddos traffic will go to individual IP addr, but they'll need 2x as much of it to bring down two routers. DNS LB should also keep customer traffic flowing even if one of the routers does die. Should also scale nicely - still having issues, add another router.

 Doesn't help when someone just switches to another attack mode tho


----------



## 0x0000C1A (Jul 1, 2021)

Null said:


> management interface shit.


There's the terminal if you don't like winbox or webui.
Literally just ssh into it lmao.

I use the terminal for when I config shit because it can do more than mere buttons on a ui can do.


----------



## Reverend (Jul 1, 2021)

Right Wing Boomer Squads said:


> Load balancing across two routers is a lot harder than most people think it is. Bear in mind that he’s in colo, paying per rack unit, and only has 1 upstream carrier, 1 advertisable /24, and most likely 1 physical uplink
> 
> On the ‘round robin’ front, the biggest problem by far is that you only get 1 uplink from your carrier, even if you’re in a DC and they’ve given you a cross connect to the carrier. You can only plug this into 1 device. Sure, you can put a switch in front of it and plug 2 routers into it, but this doesn’t load balance your traffic across both.
> 
> ...


PFSense does the same thing with High Availability Routing (Virtual IP):





						High Availability | pfSense Documentation
					






					docs.netgate.com
				




I was mistaken that the routers would be unable to Round Robin without something in the middle to handle the traffic.  Too much time in TEH CLOUD.
I have used PFSense to do this and it works well.


----------



## Right Wing Boomer Squads (Jul 1, 2021)

Null said:


> Name something specific please


First choice would be the Fortigate 500E, but you said you need 3 SFP+ ports and the 500E only has 2.
Other highlights on the 500 are in my previous post a couple of pages back
the 200F has 4, but has a smaller routing throughput and a lot less memory (4gb from memory).
Anything above 600 in the Fortinet range is too expensive.

you could also look at the Juniper SRX1500, which has 4 SFP+ ports, but juniper is a very different world config-wise when compared with Cisco…. Takes a while to pick up.



Better question though, why do you need at least 3 SFP+? Why not just slap a cheap 10GbE switch behind the firewall, then go 1 10GbE to the carrier, and 1 10GbE to the switch?

on another note, it might be worth looking at something like this for our-of-band management:





						Console Servers for Out-of-Band Management | Opengear
					

Securely integrate with existing IT and network management systems with the Opengear Serial Console Server. Fully compatible with Cisco® equipment.




					opengear.com


----------



## Null (Jul 1, 2021)

0x0000C1A said:


> There's the terminal if you don't like winbox or webui.
> Literally just ssh into it lmao.
> 
> I use the terminal for when I config shit because it can do more than mere buttons on a ui can do.


Repeating myself for the 1000th time: When the CPUs are all at 100%, I cannot even fucking COM/Serial port into it.


----------



## Margo Martindale (Jul 1, 2021)

So whats a good way to anonymously send crypto if i was an idiot who bought crypto on a certain well known exchange? The fact that a bunch of idiots are paying for this on twitter pisses me off.

As for DDOS protection, i wish i had paid more attention in my networking classes. If i find something ill let ya know


----------



## Null (Jul 1, 2021)

Right Wing Boomer Squads said:


> Better question though, why do you need at least 3 SFP+? Why not just slap a cheap 10GbE switch behind the firewall, then go 1 10GbE to the carrier, and 1 10GbE to the switch?


Can the switch take a 10Gbps uplink and then offer 10Gbps lines to all devices? I'm confused


----------



## Null (Jul 1, 2021)

Margo Martindale said:


> So


ask for a private address.


----------



## 0x0000C1A (Jul 1, 2021)

Reverend said:


> PFSense does the same thing with High Availability Routing:
> 
> 
> 
> ...


PFSense can be a fucking whore to set up, and its not exactly suited to handle any ddos without proper configuration. Also, you'd have to turn an entire server into a router, CCR1016 has 16 cores @ 1.2Ghz, and yet



Null said:


> CPUs are all at 100%


Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.


----------



## Null (Jul 1, 2021)

0x0000C1A said:


> Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.


Well I *CAN'T* attempt to mitigate it properly because if it's not blocking it with overly-strict rules I can't fucking access the router management


----------



## 0x0000C1A (Jul 1, 2021)

Null said:


> I can't fucking access the router management


You won't be able to access it on any other router either way if its kept like this, that's the joke itself. DDOS mitigation is a long process of adjusting limits until it works just right.
"Overly-strict" rules are currently a necessity - one way or the other the forum gets up and down constantly. There's no point in dicking around trying to not disrupt the website for normal users if its already being disrupted by twitter edgelords.


----------



## Reverend (Jul 1, 2021)

0x0000C1A said:


> PFSense can be a fucking whore to set up, and its not exactly suited to handle any ddos without proper configuration. Also, you'd have to turn an entire server into a router, CCR1016 has 16 cores @ 1.2Ghz, and yet
> 
> 
> Yet again, cpu usage is mostly dependant on firewall rules - how properly or improperly they're made. No router/switch/ASA will save you if don't attempt to mitigate it properly.


1. Don't buy a server and turn it into a router. That's fine for playgrounds, not for production.
2. If you don't configure your FW rules no amount of money thrown at hardware will save you.
3. At a certain traffic size you buy either a service or equipment that has support so you can ask questions of People Smarter Than You how to do things. 
4, Asking Autists on the internet is only going to go too far as we all have opinions on things and opinions are like assholes, they all are full of DeathFat burrito shit.

Does your Colo have any network staff on hand that you could either pay to ask questions from or support from at a reasonable if not free rate @Null ?  You don't have to give them the keys to your kingdom but you could ask them if this is something that their company provides.


----------



## ❄️❄️❄️ (Jul 1, 2021)

Null said:


> Can the switch take a 10Gbps uplink and then offer 10Gbps lines to all devices? I'm confused


Yeah - normal approach is Colo Handoff -> Router -> Switch. You only need two SFP+ ports on the router, unless you actually need to route more than just your internet traffic (You can even have a router with a single port, but not want you need - so called "router on a stick" approach with VLANs)

Most of the traffic inside your network should never need to hit the router unless you've got subnets to route between. Sorry if sounding patronising - is difference between Layer 2 switching and Layer 3 routing. As far as I can tell, your only requirement for the router is to route internet traffic, no internal demand.

Edit: Null, can you get a single 10Mb port or something similar for your management plane? I know some Colos offer it as an out of band management option, would only be for remote admin.


----------



## RealtreeByGod (Jul 1, 2021)

Why don't we just take the server and push it somewhere else?


----------



## The Cunting Death (Jul 1, 2021)

At the end of the day, I won't stop bullying these faggots regardless so all they're doing is delaying the inevitable


----------



## praetorianguard (Jul 1, 2021)

buy an IPv6 allocation, most bouncers/booters won't be able to hit IPv6 because their botnets are mostly IPv4. cloudflare can reverse proxy ipv6 web traffic onto the ipv4 net so it works fine for users. The IPv6 space will be fucking gigantic too

you'll need to completely abandon announcing ipv4 routes on your bgp setup or the router will just get overwhelmed. for anything that isn't web traffic + outgoing. you'll need a 6to4 bridge If it needs to hit the internet. you can try and see what hurricaneelectric or another tunneling service offer

You already have a /24 so getting an IPv6 off a RIR shouldn't be that hard


----------



## ❄️❄️❄️ (Jul 1, 2021)

Reverend said:


> . Don't buy a server and turn it into a router. That's fine for playgrounds, not for production


I'd make a specific argument here - Null needs effectively an Anti-DDOS appliance. If the best way to do that is a Linux server, then I'd go for it. Stripping crap traffic (without super expensive routers with dedicated hardware) is going to require CPU grunt over anything. This is also a web forum, not a Fortune 500 enterprise, so I'd be hesitant to reccomend the super expensive shit. Especially if the attackers just change to saturating the interface instead, which no router or firewall is going to fix


----------



## Glowie (Jul 1, 2021)

Question do you have ip ranges that DDoSed the farms? Were they static or did they change location? Blanket blocking traffic from China wouldn't harm anyone for example.


----------



## The Cunting Death (Jul 1, 2021)

Glowie said:


> Question do you have ip ranges that DDoSed the farms? Were they static or did they change location? Blanket blocking traffic from China wouldn't harm anyone for example.


I'd assume they're doing it behind 7 proxies


----------



## Indefinite_Ordered_Sets (Jul 1, 2021)

Regarding that SYN cookies, I'm not an expert, but they required additional CPU power, and considering the CPU being the issue here...
It may be better to use RST cookies instead, but seems RouterOS don't have that option.


----------



## Ch@nnel-Sh!ft (Jul 1, 2021)

If I had shekels to send, I'd send them your way.


----------



## No Face (Jul 1, 2021)

Can you just give priority via a reputation system?


----------



## hyde (Jul 1, 2021)

the best part about the whole attack is that it accomplishes nothing long term. the only thing they accomplished is wasting their time.


----------



## Gone Ham (Jul 1, 2021)

hyde said:


> the best part about the whole attack is that it accomplishes nothing long term. the only thing they accomplished is wasting their time.


They also wasted thousands upon thousands of dollars too lmao


----------



## Jagraveen (Jul 1, 2021)

Gone Ham said:


> They also wasted thousands upon thousands of dollars too lmao


And once again, the bills come in to greet them. And their landlords are wondering why they haven't paid in three days.


----------



## Baloney Face (Jul 1, 2021)

Sister services means what? The .onion thing?


----------



## GENERAL MAO (Jul 1, 2021)

All of this does not add up, none of it makes any sense, is there even a confirmation on this person death is real he was not even harrassed from what I can tell, people who have 120k to give away usually are not depressed, he also had a fascination in emulating and being the best at it meaning he would mostly be locked into coding anyway... something smells wrong about everything about this situation, something is missing here feel like we are being lied to.


----------



## metroid_fetish (Jul 1, 2021)

Just put half of the site on Angelfire and the other half on Geocities.


----------



## World's Smallest Violin (Jul 1, 2021)

Nothing screams suicidal like bribing someone 120k to take down mean words on a gossip site.


----------



## Null (Jul 1, 2021)

Not a lot of good news today but it could be worse. I'm talking to one of the guys whose DDoS'ing us and he's pretty chill. Seems like the people actually doing the attacks aren't doing it because they're pro-tranny or whatever, it's just a game, which bodes well for the longevity of the attacks. I am still going to pursue long-term options for keeping the site alive.

Primarily, as the Kiwi Farms is the target of the attack, I am going to find a way to setup instances of it off the network. If attacking the network doesn't bring down the forum, they'll be less inclined.


----------



## Thornforg (Jul 1, 2021)

Sent ~170 BAT. Hope it helps a tiny bit. Love you Jersh.


----------



## HTTP Error 404 (Jul 1, 2021)

Null said:


> Not a lot of good news today but it could be worse. I'm talking to one of the guys whose DDoS'ing us and he's pretty chill. Seems like the people actually doing the attacks aren't doing it because they're pro-tranny or whatever, it's just a game, which bodes well for the longevity of the attacks. I am still going to pursue long-term options for keeping the site alive.
> 
> Primarily, as the Kiwi Farms is the target of the attack, I am going to find a way to setup instances of it off the network. If attacking the network doesn't bring down the forum, they'll be less inclined.


Second silver coin fundraiser followup with an 8 bit kiwi on the front; "Byuu tested, Near approved" on the back?


----------



## Dick Pooman (Jul 1, 2021)

Can we add a GIF of Ralph and his swinging gut at Digibro's place next time the crash page goes up, Josh?


----------



## Jump (Jul 1, 2021)

Null said:


> Well I *CAN'T* attempt to mitigate it properly because if it's not blocking it with overly-strict rules I can't fucking access the router management


If you have real OOB management (terminal server hooked to the RS232 console ports, on a different network/lte/pots) and 2 extra ports in your switch then a neat trick is make a separate vlan in the switch with just 2 ports. An "in" and an "out".
 And you run the WAN side of your router through tha 2 port vlan.  So if your router gets maxxed the fuck out then you can just go in to the switch and kill 1 of the ports to drop the WAN.  And then get in the router via the terminal server. You can also use the switch as a brute force rate limiting feature. If 300mbps kills the router then lock the switch's port speed to 100 so you can log in to test configs.

Internet -> switch -> router -> switch -> servers


----------



## serious n00b (Jul 1, 2021)

Bugl said:


> Why not just turn KF off for a couple weeks. They'll eventually get bored.


They won't simply get bored, this will also teach them that they can continue to terrorize KF in the future to get the reaction they want.


----------



## Born in Summer (Jul 1, 2021)

For anyone who's curious, this is the person trying to DDoS the farms
https://twitter.com/Ezclapfarms


----------



## David Spadem (Jul 1, 2021)

Dick Pooman said:


> Can we add a GIF of Ralph and his swinging gut at Digibro's place next time the crash page goes up, Josh?


My Biased suggestion (Fresh OC, NSFW):


----------



## Uncle Warren (Jul 1, 2021)

Null said:


> Seems like the people actually doing the attacks aren't doing it because they're pro-tranny or whatever, it's just a game,


Either that is the dumbest fucking thing I've ever fucking read as a reason for anyone doing anything or you just got strapped down for a fucking ride through the Motherfucker 5000 and the controls were left on overnight. Convincing a site that trannies were attacking them while they watch your crypto wallet swell is by far the most...I don't even fucking know at this point.

One thing's for certain, troons would definitely rather whine on twitter and spend thousands on their HRT than actually DO anything, and that is funny.


----------



## Dyn (Jul 1, 2021)

Null said:


> Not a lot of good news today but it could be worse. I'm talking to one of the guys whose DDoS'ing us and he's pretty chill. Seems like the people actually doing the attacks aren't doing it because they're pro-tranny or whatever


So they wouldn't agree to stop when you offered to cut your dick off and become a woman for them?

Well, I'm sorry man, I tried. I'm all out of ideas now though.


----------



## DancingDino (Jul 1, 2021)

Have you tried rebooting your router?


----------



## Kosher Dill (Jul 1, 2021)

Null said:


> I'm talking to one of the guys whose DDoS'ing us and he's pretty chill. Seems like the people actually doing the attacks aren't doing it because they're pro-tranny or whatever, it's just a game


So what, it's some guy who just had a botnet lying around and decided to troll a bit?


----------



## lllllllllllll (Jul 1, 2021)

Kosher Dill said:


> So what, it's some guy who just had a botnet lying around and decided to troll a bit?


It's most likely just a 20$/month booter.

And it's definitely a game for most of these kids. That Mirai guy back in the day hit krebsonsecurity with 500gbit or something (the record DDoS bandwidth iirc)  just for lulz


----------



## Null (Jul 1, 2021)

I am nearing a more stable mid-term solution that should keep us going until the long-term plan is going. It should be done by tomorrow.


----------



## Jagraveen (Jul 1, 2021)

Null said:


> I am nearing a more stable mid-term solution that should keep us going until the long-term plan is going. It should be done by tomorrow.


Finally! I really hope all of this shit will be over by then. Because this is getting fucking _annoying_.


----------



## 0x0000C1A (Jul 1, 2021)

Your browser is not able to display this video.


----------



## Rent Tin (Jul 1, 2021)

I just want to laugh at fat people and trannies.


----------



## Kermit Jizz (Jul 1, 2021)

Just out of curiosity, how'd you get ahold of the guy? Seems odd that'd he talk to you or give a straight answer, especially if the goal was just lulz.


----------



## The Beer Padawan (Jul 1, 2021)

HackerX said:


> Your shit is obviously different from a normal environment, but who is upstream of your router?  Is there a firewall or provider before the router that is able to drop packets so the hit isn't affecting the router's resources?





StuffedBallot said:


> Yep, but we're looking for a switch & router. Which to me means that in addition to the _switch_ I linked before, Null would probably want to upgrade to something like https://mikrotik.com/product/CCR1036-8G-2SplusEM for the router, since you get the 36 cores @ 1.2ghz, and SFP+ connectivity to the SFP+ switch.
> 
> 
> I personally find that 10gb  fiber is generally cheaper, especially for short runs than 10gb ethernet. Price of copper be dumb these days.
> ...





Scented Candle said:


> Have you considered buying a Corero or Fortinet router? They aren't cheap but they also are a permanent solution to this kind of attack.



If you were considering Fortinet solution the closest thing I could find that matched the amount of traffic you have is the 1100e.

Should be all in, these babies have FW and 8x10G SFP ports, and also does BGP.

closest price is around $25,000. double that if you get the IPS protection plan.


----------



## awoo (Jul 1, 2021)

*affected

I wonder if there is a way to auto-redirect to archive.org if the main forum is down?


----------



## 0x0000C1A (Jul 1, 2021)

The Beer Padawan said:


> FW and 8x10G SFP ports, and also does BGP.





The Beer Padawan said:


> $25,000











						Cisco 550X Series Stackable Managed Switches
					

Our new, next-generation stackable managed switches offer 10-Gigabit Ethernet and advanced capabilities to accelerate your growing business.



					www.cisco.com
				



Even the biggest cisco motherfuckers don't square up to that price wtf, a cisco switch and ASA would be a more reasonable approach to this


----------



## MrTroll (Jul 1, 2021)

Jagraveen said:


> Finally! I really hope all of this shit will be over by then. Because this is getting fucking _annoying_.



Tell me about it. My whole life revolves around getting KF stickers and not being able to compulsively check it 35 times per hour is harming my mental health. If I commit suicide, whoever is DDoSing the site has my blood on their hands.


----------



## Kuritan Deplorable (Jul 1, 2021)

MrTroll said:


> Tell me about it. My whole life revolves around getting KF stickers and not being able to compulsively check it 35 times per hour is harming my mental health. If I commit suicide, whoever is DDoSing the site has my blood on their hands.


Don't threaten them with a good time. There's a reason they're working hard to push that suicide rate as hard as possible.


----------



## The Un-Clit (Jul 1, 2021)

SSF2T Old User said:


> Ironic since GDQ starts on 4th of July.  I can totally see them using this event as an excuse for pity bucks.


Ah GodBear dammit. You know damn well the troon faction is going shit up GDQ with screeching about Byuu and gibsmes to fight the Napoleon of Grime, Jersh Moon and the Internet Hate Machine known as Keereeee farms!  

What a shame, I really enjoyed watching some of the featured events in years past, and the causes were usually viable charities and research foundations but I have a sinking feeling that there are going to be under-the-headlines drives for money to buy more DDOS attacks against the Farms this year.


----------



## Lunar Eclipse Paradox (Jul 1, 2021)

It just really sucks how vulnerable we are when we piss off a cult of weird internet tough guys. Especially when they're privileged enough to get away with DDOS attacks because the law abandoned protecting people's rights years ago in favor of Political Correctness.


----------



## JoshPlz (Jul 1, 2021)

On the bright side, the more they DoS, the more they get educated by this video on the error page:




Your browser is not able to display this video.




Made me laugh quite a bit.


----------



## ToroidalBoat (Jul 1, 2021)

Solar Eclipse Paradox said:


> It just really sucks how vulnerable we are when we piss off a cult of weird internet tough guys.



I miss when websites that went against "The Narrative" weren't routinely taken down or DoS'd.

Yet the woke still claim "oppression" despite social "justice" more or less running the show?

*[honk honk]*


----------



## kant havand (Jul 1, 2021)

i've done networking and what not before, but it sounds like there are some good suggestions in the thread already. I'd love to know more about the mid-term solution, but more importantly, have you been able to determine anything more about the nature of the attack? Earlier post said it was a "game", but was that as in "for fun" or "they are using vulnerable servers from an mmo"? Do you know if the traffic is coming from known DDoS networks or


----------



## Baloney Face (Jul 1, 2021)

Truly it is Clown World.

A trashy gossip site is the place for relative moral sanity.


----------



## principle scoop (Jul 1, 2021)

When is the next merch run? Halloween?


----------



## lumrejington (Jul 1, 2021)

Ever since downloading Brave, all of my BATs go to MATI. Hope it helps.


----------



## Wardian (Jul 1, 2021)

Out of curiosity how long would you a anticipate having to wait out the DDOS assuming you don’t attempt to overhaul the website? 

As far as I’m aware these attacks are coming out of someone’s pocket, an will probably stop, or at least subside to a manageable level once the perpetrators stops getting paid.

I’m not really literate in these kinds of things, so if I’m completely oblivious to some huge issue feel free to ignore me.


----------



## Throwing Romans (Jul 1, 2021)

MrTroll said:


> Tell me about it. My whole life revolves around getting KF stickers and not being able to compulsively check it 35 times per hour is harming my mental health. If I commit suicide, whoever is DDoSing the site has my blood on their hands.


the fact that I can't spend my days at work shitposting about how trannies should kill themselves has caused me to hire a therapist. I want to sue for civil damages.


----------



## Thumb Butler (Jul 1, 2021)

Throwing Romans said:


> the fact that I can't spend my days at work shitposting about how trannies should kill themselves has caused me to hire a therapist. I want to sue for civil damages.


Be the change you wanna be. Remove your junk and join the cult, or the other way round.


----------



## Prolapsedbutt (Jul 1, 2021)

I hope this pic posts never tried to post one


----------



## Gone Ham (Jul 1, 2021)

Prolapsedbutt said:


> I hope this pic posts never tried to post one


These tweets dear god. I can’t tell if they’re a troll or not.


----------



## supermadtranny (Jul 1, 2021)

All troons should be knifed.


----------



## TracdacianTortoise (Jul 1, 2021)

Long time lurker, decided to make an account cause I like networking shit, but I'm no expert. Noticed this guy:



in the replies on Twitter. Image implies a UDP packet flood, using a tool or service called Tsunami. Dunno if you've mitigated that or not, if it's still an issue. Unsure whether you could just drop all UDP packets, cause that'll still take processing time on the router. I presume the reason CloudFlare cannot be used is due to the ASN being known, but it seems to me if push comes to shove you might be able to drop all connections not from CloudFlare, might not be doable though, and no guarantee it'd fix the issue.

As for the issue with the router UI locking up, it might be worthwhile investing in dedicated hardware for firewalling. Not an expert on hardware outside of MikroTik, but apparently the MikroTik routers lock up because they spend all their time in kernel routing requests, some sort of overall bandwidth limiting might be able to fix that, but I haven't found a way to do that in RouterOS (again, not an expert, probably is a way). 

Apologies for the rambling, just figured I'd give my two cents.


----------



## Wotan (Jul 1, 2021)

You could probably get some decent DDoS protection for $120k.


----------



## Crunchy Oats (Jul 1, 2021)

He's talking to Null, but is he still going to DDoS KF?

I bet he's just using XRumer


----------



## General Tug Boat (Jul 1, 2021)

contradiction of terns said:


> I sent you $25.83 in BAT via the Brave Browser tipping service, so hopefully that actually works.
> 
> Do I get to be a True & Honest Kiwi when the site stops pooping itself?
> 
> You are a real hero and you don't deserve this, Jersh. If I had more I'd give it, but that was all the BAT I've earned since I joined Kiwi Farms and read your post about how to support the forums and started making Brave ad money.


Send to his address directly, only because the tipping service isn't linked to the forum in anyway, and you are essentially throwing your BAT in the wind brother.


----------



## Blue Screen of Death (Jul 1, 2021)

You would think if someone is just doing it for fun, they'd target people more likely to chimp out over it.


----------



## TracdacianTortoise (Jul 1, 2021)

Crunchy Oats said:


> He's talking to Null, but is he still going to DDoS KF?
> 
> I bet he's just using XRumer


Probably not, the attack is on the entire IP range the Null uses for hosting, rather than against Xenforo specifically. In addition, there's likely more than one person going at this. It's more likely someone has paid for access to a botnet and is using that. DDoS is difficult to mitigate due to the likelihood of also blocking normal users. Most of the time to address it traffic is diverted to somewhere with a fuckload of bandwidth for DPI and scrubbing, and then the legitimate traffic is let through. 

Given that KF isn't a massive site in the grand scheme of things, it's possible Null could be considerably less careful about who's IP is dropped via firewall rules, but even then it won't necessarily fix things. If the firewall is overwhelmed in regards to it's capacity to process requests, it doesn't matter if you've blocked the packets, it uses up processing time anyway, but it would likely increase the amount of traffic required to grind it to a halt.


----------



## Rusty Crab (Jul 1, 2021)

Null said:


> I am nearing a more stable mid-term solution that should keep us going until the long-term plan is going. It should be done by tomorrow.


I love you as much as a crab can love a dog


----------



## contradiction of terns (Jul 1, 2021)

General Tug Boat said:


> Send to his address directly, only because the tipping service isn't linked to the forum in anyway, and you are essentially throwing your BAT in the wind brother.



Admittedly, I did try, but I couldn't find where in Uphold to plug in the address/account number Null posted. I know things are frenetic right now, but maybe when there's a lull the 'Support the Forums' thread could get an update with steps on how to get the BAT from Uphold to KF?

I admit I'm double plus retarded, but BAT seems to be the easiest crypto for the average technologically illiterate ludite (thassa me!) to get their hands on, so a quick and dirty tutorial on how to move it around would be nice. I'll read any threads that already exist if there's a link available.


----------



## Synthwave Obsessed (Jul 1, 2021)

Zulu Warrior said:


> You would think if someone is just doing it for fun, they'd target people more likely to chimp out over it.


Probably because they're skids that are still in the stage of "lol DDoS is funny lol" of downloading Kali and watching an Indian guy's video on how to be a l33t h4xx0r. I bet there's even a module in Metasploit that exploits Microtik routers. If there isn't one built in, you can probably find one in a Git repository somewhere.



Precursor James said:


> View attachment 2307788
> View attachment 2307789
> 
> 
> ...


It is weird how this turbo sperg is calling out a specific version of Microtek. So I looked up CVEs for Microtek's firmware and there are multiple CVEs that allow DoS attacks for firmware before 6.47. I'm leaning towards this person (or others) are probably abusing a CVE that is allowing CPU usage to spike, rather than this just being simple DDOS. If you haven't, make sure your router is up to date, Jersh. If the router has been updated and this was confirmed, I probably missed the post. It's late for me and there was like 8-10 pages of stuff posted.


----------



## BIG BILL HELL'S (Jul 1, 2021)

Rusty Crab said:


> I love you as much as a crab can love a dog


"But it's in my nature," said the dog as he licked the crab's balls.


----------



## Glowie (Jul 1, 2021)

Jagraveen said:


> And once again, the bills come in to greet them. And their landlords are wondering why they haven't paid in three days.



A schizo ex Furry twatter @xrcalo who got a drive by and few bullets through his window then he blamed farms for it. He's known for gay ops, casual doxing and general internet shenanigans in other words DDoS attacks.
He was few first to be friends with allegedly death furfag dev.  Oddly enough during police raid the DDoS attack seemed to slow down 

Oh he's friends with Blum as well. Right now he's contemplating suicide 

Other fuckers like our friend Toggle wanted Farms gone for obvious reasons too. He's a welfare leech with no tech skills, connections or money for that matter. 

No matter who funded the 2021 the farms outlasted it.


----------



## NulWillBecomeTranny (Jul 1, 2021)

Dyn said:


> You should become a beautiful and stunning transwoman so they're not allowed to harass you anymore. We do a lot for you by reading your forum for free so I don't think it's too much for us to ask that you take one for the team and cut your dick off to keep our free entertainment forum online.


This is something that will happen sooner or later for sure, but now is not the time.


----------



## Red Mask (Jul 1, 2021)

When it comes to certain issues, I don’t often agree with people here on Kiwi Farms, but I’ll side with Kiwi Farms over the DDoS shitheels any day of the week.


----------



## RichardRApe (Jul 1, 2021)

I just wanna know if the troon voicemail calling you a murderer in falsetto will ever see the light of day?


----------



## Phantastic Hunt (Jul 1, 2021)

I don't know if anyone else saw this amazing article but it had some winners in the comments section. Gizmodo actively promoting the DDoS and contacting CloudFlare to try and shut down the farms.

Article here https://gizmodo.com/the-worst-site-on-the-web-gets-ddosd-after-being-connec-1847196197#replies



Spoiler: Article






			https://archive.org/details/gizmodo-article-1/gizmodo%20article1.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20article2.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20article3.png
		







Spoiler: Comments Section






			https://archive.org/details/gizmodo-article-1/gizmodo%20comments1.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments2.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments3.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments4.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments5.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments6.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments7.png
		



			https://archive.org/details/gizmodo-article-1/gizmodo%20comments8.png


----------



## Born in Summer (Jul 1, 2021)

Prolapsedbutt said:


> I hope this pic posts never tried to post one






if this isn't a joke please include this in the random.txt


----------



## Tumbo (Jul 2, 2021)

I'm utterly useless when it comes to IT stuff so unfortunately I can't help much but once again thank you dear leader for all the shit you endure to keep this site running I'm sure you'll find a solution soon.


----------



## Symalsa (Jul 2, 2021)

ERROR_ENTRY said:


> Some chump posted this on twitter:
> 
> 
> https://twitter.com/DownFarms/status/1410351212155834371
> ...


this tool. And there’s a reply in this thread from yesterday taking about how they recently used it to DDoS sites. Weird because it’s not a very active thread.

And this user could be a tranny or furry with that avatar 









						CYBERVM.IO - DDOS WEBSITES & GAME SERVERS - POWERFUL ATTACK METHODS GUARANTEED - Products
					

Page 1 of 5 - CYBERVM.IO - DDOS WEBSITES & GAME SERVERS - POWERFUL ATTACK METHODS GUARANTEED - posted in Products: Why CyberVM.io IP Stresser / Booter? * POWERFUL LAYER 4/7 ATTACK METHODS (250Gbps & 300k Rps) * REAL BYPASS PROTECTED SERVERS/WEBSITES * BEST POWER ON THE MARKET IS GUARANTEED! *...




					www.nulled.to
				




last post from yesterday from satisfied customer. (The program seems to run the same attacks)









						CYBERVM.IO - DDOS WEBSITES & GAME SERVERS - POWERFUL ATTACK METHODS GUARANTEED - Page 5 - Products
					

Page 5 of 5 - CYBERVM.IO - DDOS WEBSITES & GAME SERVERS - POWERFUL ATTACK METHODS GUARANTEED - posted in Products: this is scam do not purchase




					www.nulled.to
				




Archive: https://archive.md/HKyat


----------



## Symalsa (Jul 2, 2021)

Null said:


> (but it's going to be expensive so pls gib crypto)



I know nothing about networking

So I just sent you XMR


----------



## Meiwaku (Jul 2, 2021)

They had to make a new account but here is the messages for farmers who don't use twitty

Also I don't know what this shit means not sure if useful so just dumping for someone who speaks autism.

[huge ass phone screenshots removed]

Also attached list of follower troons and scrotes for knowledge and keking at them. Some are already in tranny sideshow for their contributions to being ugly and mad (Vanity ).


----------



## mindlessobserver (Jul 2, 2021)

It never ceases too amaze that every effort to take this place out has only made it stronger. It's gone from a place to talk of Chris-chan via a free template forum to a place with its own dedicated servers, crypto currency streams and lawyers like Robert Barnes on retainer. 

Why did they make Null do this? He just wanted to gossip about internet stuff.


----------



## Dergint (Jul 2, 2021)

I like how, if the story is too be believed, the other side had 6 digits of money they were trying to bribe Null with. You'd think that's become their war funds. 

And yet the solutions being investigated seem to only be like, 4 digits instead.


----------



## LullerDerbyRollin (Jul 2, 2021)

Prolapsedbutt said:


> I hope this pic posts never tried to post one


$10 this tranny's never had a single relative serve in WW2.

$25 if they were all draft dodgers.


----------



## Terrifik (Jul 2, 2021)




----------



## Kermit Jizz (Jul 2, 2021)

mindlessobserver said:


> Why did they make Null do this? He just wanted to gossip about internet stuff.


5 Gorillion hours in paint.


----------



## Nonronic (Jul 2, 2021)

Terrifik said:


> View attachment 2309740


----------



## Long Tongue Silver (Jul 2, 2021)

Phantastic Hunt said:


> I don't know if anyone else saw this amazing article but it had some winners in the comments section. Gizmodo actively promoting the DDoS and contacting CloudFlare to try and shut down the farms.
> 
> Article here https://gizmodo.com/the-worst-site-on-the-web-gets-ddosd-after-being-connec-1847196197#replies
> 
> ...


And a guest appearance from our favorite lolcow:


----------



## Info Player Start (Jul 2, 2021)

I just want to use search. Have had it with this Twitter non sense.


----------



## moseph.jartelli (Jul 2, 2021)

I say. Fuck this forum nonsense and get back to the roots. Start a dialup BBS with 24 56.7kbps nodes.


----------



## LullerDerbyRollin (Jul 2, 2021)

Long Tongue Silver said:


> And a guest appearance from our favorite lolcow:
> View attachment 2309792


I want to hear from Null if this account is true and honest.


----------



## throwawayguys (Jul 2, 2021)

Terrifik said:


> View attachment 2309740





Long Tongue Silver said:


> And a guest appearance from our favorite lolcow:
> View attachment 2309792


you have to wonder whether a guy as large as Ethan Ralph gets winded when he types this much


----------



## The Big Bad D (Jul 2, 2021)

this fucking spergthread is bigger than the alleged sewer slider's


----------



## New001 (Jul 2, 2021)

@Null I have a few thousand dollars i'm willing to donate to the cause for some signed merch if push comes to shove (2.5 K ish if needed ) . Forum seems decently stable and honestly the toons will probably tire after awhile. I have some experience in networking but nothing practical enough to give you recommendations without seeing logs and doing a fair amount of research. 

My best advice is to keep posting info about the attack. The more info you give us the better advice you will get. The thing about a DDOS is it is lazy and the longer it goes on the more info you get the easier it is to mitigate.


----------



## Fentanyl Floyd (Jul 2, 2021)

The search feature isn't working. I don't know if that's related to this, though.


----------



## Blue Screen of Death (Jul 2, 2021)

Fentanyl Floyd said:


> The search feature isn't working. I don't know if that's related to this, though.


Quoting the top of every page of the site:


> Sister services, email, and search will continue to be negatively effected by the attacks.


----------



## HackerX (Jul 2, 2021)

Meiwaku said:


> They had to make a new account but here is the messages for farmers who don't use twitty
> 
> Also I don't know what this shit means not sure if useful so just dumping for someone who speaks autism.
> 
> ...



Not really sure if he's humblebragging about banner grabbing or scanning a publicly available IP range.  Assuming he's right about the version ### and IP range, good on him.  But those are "Babies first day of pentesting" things.

Edit:  And just for reference, took a glance at the CVEs (vulnerabilities), at least the 20 or so most recent required an authenticated remote attacker ie someone with a username/password or credentials to the router.   So pretty minimal, but I didn't dig through them all so meh.

And patching everything immediately is "ideal", but far from best practice.    Routers/Switches are almost never patched unless a notable CVE comes out or a useful feature is implemented. .  Basically "if it ain't broke, don't fix it" because updates on those are sometimes a shitshow.


----------



## CaesarCzech (Jul 2, 2021)

TheBest said:


> We are very adaptable to autism



We  are Tyrannids and we will devour what sanity they have left.


----------



## Cavalier Cipolla (Jul 2, 2021)

Hitman One said:


> Imagine being so seething about a bunch of autistic retards on the Internet a laughing at you that you, unironically, spend hundreds (thousands?) of dollars and commit multiple crimes hiring some subhuman Russian, Chinese or North Korean script kiddie to DDOS an innocent collective of ground-nesting bird and hairy fruit enthusiasts.
> 
> Daily reminder that no matter how much money you send to Vlad, Kim or Xi, *YOU WILL NEVER, EVER, EVER BE A WOMAN.*


You forgot the pajeet script kiddies that set up their DDoS botnets so they can afford a toilet, and so they don't shit on the streets.


----------



## HackerX (Jul 2, 2021)

I haven't checked the KF router version myself.  But assuming he's running 6.46.6, the only known vulnerability that can be done without authentication is SMB related.  SMB is off by default, and I kinda doubt Josh would turn it back on but who knows.


----------



## Dustlord (Jul 2, 2021)

Cavalier Cipolla said:


> You forgot the pajeet script kiddies that set up their DDoS botnets so they can afford a toilet, and so they don't shit on the streets.


They're still more productive than the average troon. They're bringing income into their country and stimulating the economy by providing a service. What do troons do other than consume? They're all input, no output.

Just think, a street shitting third worlder is more valuable than a troon.


----------



## No. 7 cat (Jul 2, 2021)

Drachenlord said:


> Honestly you should keep the farms up for as cheap as possible just so that they burn through their cash financing those attacks - afaik DDoS services of this scale are expensive as fuck.
> Maybe it's not even worth putting too much effort into mitigating the attack as long as your hosting provider doesn't kick you off and the Farms will be back whenever the attackers run out of money. In the end, they'll have spent a fortune and gained nothing at all from this.


Null is impoverishing all these True And Honest Woman of Twitter.


----------



## All becomes gunt (Jul 2, 2021)

Terrifik said:


> View attachment 2309740


Way to bring an ol ayylawwg back from the dead. So i guess the troons finally decided to make their move, it was getting boring anyway. Is that all they can do ? Honestly they don't seem like the sharpest tools in the shed but then again we are talking about people that chop their testies and turn em into christmas ornaments. They can read this post and seethe, the farms will be up and there is nothing they can do about it but impotently seethe and rage. The troon forces and the gunt forces will be defeated. We will not capitulate to your demands full of GRIDS and fail. WE WILL NOT BE EXTORTED. Your degeneracy will forever be carved into the internet.


----------



## longshot (Jul 2, 2021)

>troons dish out hundreds of their own dollars to add a few seconds of downtime to the Farms
>this is celebrated as a victory
Their nefarious plans were such a success! The Kiwi Farms are dead!


----------



## No. 7 cat (Jul 2, 2021)

All becomes gunt said:


> Way to bring an ol ayylawwg back from the dead. So i guess the troons finally decided to make their move, it was getting boring anyway. Is that all they can do ? Honestly they don't seem like the sharpest tools in the shed but then again we are talking about people that chop their testies and turn em into christmas ornaments. They can read this post and seethe, the farms will be up and there is nothing they can do about it but impotently seethe and rage. The troon forces and the gunt forces will be defeated. We will not capitulate to your demands full of GRIDS and fail. WE WILL NOT BE EXTORTED. Your degeneracy will forever be carved into the internet.


So Ethan Ralph is trooning out?


----------



## The Beer Padawan (Jul 2, 2021)

0x0000C1A said:


> Even the biggest cisco motherfuckers don't square up to that price wtf, a cisco switch and ASA would be a more reasonable approach to this



Nigga you just posted a switch. That means Null will still have to buy an ISR and the ASA, both of which should support 10G.

Guess how much a 10G capable ASA costs?


----------



## deso2y (Jul 2, 2021)

>DDoS
>haha got your IP
>it's down for 6 seconds guyz! Ebic haxxing amirite
>your router version is 1.33.7 /load balancer is nginx, you're totally done for, chud!
Literally pajeet tier effort, and unironically the reason they are a bunch of terminally online, paper-thin skinned men in dresses, for if they were a tiny bit more diligent they would've faced their huge issues instead of taking the 0 effort path of running from it by trooning out


----------



## Jagraveen (Jul 2, 2021)

Prolapsedbutt said:


> I hope this pic posts never tried to post one


That bitch (or should I rather say _butch_) needs to take some chill pills pronto. Like _damn_


----------



## Dyn (Jul 2, 2021)

If the feds could track down people doing dos attacks they would, and you guys crying about "they just choose not to because they don't care about our rights" sound like weeping victim-mentality trannies.


----------



## Guli (Jul 2, 2021)

I slept through a lot of a networking module and it's still obvious this guy is using tools that get bundled with Kali and just running software versions through a vulnerability site


----------



## A Traveler (Jul 2, 2021)

I'm bummed the only thing I can do is watch this all happen like a stoned iguana.


----------



## Dork Of Ages (Jul 2, 2021)

JoshPlz said:


> On the bright side, the more they DoS, the more they get educated by this video on the error page:
> 
> 
> 
> ...






Your browser is not able to display this video.



Archived this gem right here.


----------



## HTTP Error 404 (Jul 2, 2021)

Dork Of Ages said:


> View attachment 2310092
> Archived this gem right here.



Mio Honda is based as fuck.

Mio on Pornography




Also:  The EasyPeasy Method.  Guaranteed to end Troonism in 1 generation.

Mio on Abortion:





Mio on Furries


----------



## Image Reactions (Jul 2, 2021)

The biggest L this week is that there will be no MATI.

***edit: I’m retarded.​


----------



## Fastest Hand In The East (Jul 2, 2021)

After all said and done the whole long post Jersch made about this, explaining the situation, should be plastered to the main page with a big heading, all in red- BYUU/NEAR IS AN INCOMPETENT FAGGOT CLICK HERE TO LEARN WHY


----------



## Synthwave Obsessed (Jul 2, 2021)

Guys! I can't believe Kiwi Farms is kill! They can't use their search functions! They can't use their precious internet stickers! They can't even post! OMG site is dead guys! Le epixick haxx0r skittle has managed to kill Kiwi Farms with DDoS! Make sure you donate to my wallets to help continue le #cancelKiwiFarms! 

Where were you when Kiwi Farms was true and honestly canceled by an alleged DDoS over a totally 100% real and confirmed suicide?


----------



## Cavalier Cipolla (Jul 2, 2021)

Dustlord said:


> They're still more productive than the average troon. They're bringing income into their country and stimulating the economy by providing a service. What do troons do other than consume? They're all input, no output.
> 
> Just think, a street shitting third worlder is more valuable than a troon.


Are you sure they are not clandestine even in India? That is, unless their business is registered as something else.


----------



## IHateTheFrench (Jul 2, 2021)

Dyn said:


> If the feds could track down people doing dos attacks they would, and you guys crying about "they just choose not to because they don't care about our rights" sound like weeping victim-mentality trannies.


They could, but they chose not to because there are far more important things for them than hunting a handfull of pajeets who DoS a website that causes hurt feelings amongst trannies, whose owner doesnt even reside in the United States anymore.


----------



## Null (Jul 2, 2021)

Guy on Twitter:
"Haha I am DDoSing the Kiwi Farms!"

Kiwi Farms:





When people want attention, maybe don't endlessly fawn over it and give them attention. Jesus Christ it's so cringe. What? Are you going to DOX this guy and BRING HIM TO JUSTICE? No, he's some random fucking guy. Probably lives in Russia. Probably doesn't give a fuck about you. You don't even know if it's him, you just take the tweet and freak out over it as if there's some fucking gem of truth you're going to gleam from it. As if it's not just trolling or shitposting to begin with.

It never, ever matters who or why when dealing with this. Never, ever, under any circumstance, should "WHO" or "WHY" be in your head. It is a non-factor. The only factor is "how", as in, "how to fix it".

It's so fucking easy to trigger you retards sometimes. Random cunt makes a Twitter account and posts a picture of a random booter targeting Kiwifarms.net (WHICH IS THE DDOS PROTECTED URL) and it shows up over, and over, and over, and over again on every page of two different threads as DOZENS of people take the bait. Fucking shut up already.


----------



## HTTP Error 404 (Jul 2, 2021)

They hated Mio because she told them the truth. -- Null 4:16


----------



## Null (Jul 2, 2021)

I am about 90% done with the midterm solution.


----------



## Zyklon Ben's Poison Pen (Jul 2, 2021)

The Beer Padawan said:


> Nigga you just posted a switch. That means Null will still have to buy an ISR and the ASA, both of which should support 10G.
> 
> Guess how much a 10G capable ASA costs?
> 
> View attachment 2309943


And they will still melt like a mofo under a DDOS. ASA's are garbage.


----------



## Right Wing Boomer Squads (Jul 2, 2021)

The Beer Padawan said:


> Nigga you just posted a switch. That means Null will still have to buy an ISR and the ASA, both of which should support 10G.
> 
> Guess how much a 10G capable ASA costs?
> 
> View attachment 2309943



Guys, you do not need to spend 25k on a Fortigate or 90k paying the Cisco toll to get into a decent 10GbE router…. a Fortigate 500E is 10G capable, and costs about 5-7k. The 100F is even cheaper, but it has a lot less memory and I wouldn’t be comfortable recommending to handle 10GbE of DoS protection against some cashed up spergs who either know how to use LOIC, or just pay someone to know what that acronym is. 1100E is way overkill and Josh does not want a 2RU router using up his colo bux.

Josh does not need a UTM/IPS subscription. DoS protection, advanced routing, session-based NGFW, all comes with the firmware, no license required. Also, IPS only really protects against CVEs, it won’t protect you against bad website design.

He’s gotta keep it simple, as he’s (probably) paying per RU for colo. If it was me, here’s my layer 2 design (not firing up visio unless I’m on someone else’s dime):






For bonus points, if you got a 10GbE switch that is reasonably shallow, you could mount the switch in the same RU as the router (router front, switch rear), meaning you’ve got an extra RU to use for one extra server, so you’re ready to store the sheer volume of memes the next time Ralph decides to Gunt™ someone and post video proof to own the ayylawgz.


----------



## LurkTrawl (Jul 2, 2021)

I don't really know shit about networking, what did it mean when I tried to access the .onion version of the site and it said something about a hashring?

Also Godspeed Null in thwarting retards and all that, but what's the difference between a DDoS and a DoS?


----------



## HTTP Error 404 (Jul 2, 2021)

Right Wing Boomer Squads said:


> Guys, you do not need to spend 25k on a Fortigate or 90k paying the Cisco toll to get into a decent 10GbE router…. a Fortigate 500E is 10G capable, and costs about 5-7k. The 100F is even cheaper, but it has a lot less memory and I wouldn’t be comfortable recommending to handle 10GbE of DoS protection against some cashed up spergs who either know how to use LOIC, or just pay someone to know what that acronym is. 1100E is way overkill and Josh does not want a 2RU router using up his colo bux.
> 
> Josh does not need a UTM/IPS subscription. DoS protection, advanced routing, session-based NGFW, all comes with the firmware, no license required. Also, IPS only really protects against CVEs, it won’t protect you against bad website design.
> 
> ...


Looking at the Fortigate 500E, it's the one used in one of my client's racks (I think.  Same exact interface panel.)  They seemed very happy with it.  2 of them for failover, supporting around 800 workstations and VOIP clients.


----------



## JoshPlz (Jul 2, 2021)

Dork Of Ages said:


> View attachment 2310092
> Archived this gem right here.


Thanks, troons got the video on youtube deleted faster than I expected. Replaced the embed in my post with the archived video. 
They are definitely still lurking and seething.


----------



## Schlomo Silverscreenblatt (Jul 2, 2021)

So this is going to sound selfish but I'm guessing there will be no stream today? Anyway, I'll keep giving you bat in the hope that my pennies help out the site in some way


----------



## TheShedCollector (Jul 2, 2021)

Schlomo Silverscreenblatt said:


> So this is going to sound selfish but I'm guessing there will be no stream today? Anyway, I'll keep giving you bat in the hope that my pennies help out the site in some way


There will be a stream on Trovo.






						"Mad at the Internet"
					

Also a message from Josh's future wife.   stinky




					kiwifarms.net


----------



## Long Time Caller (Jul 2, 2021)

Null said:


> Guy on Twitter:
> "Haha I am DDoSing the Kiwi Farms!"
> 
> Kiwi Farms:
> ...



The word is glean.


----------



## AirdropShitposts (Jul 2, 2021)

Guess an update to Brave turned off auto-donation temporarily or something but thanks for the reminder I sent you like $6 in BAT which will totally save the site forever.

Remember to seethe, cope and dilate in the proper order.


----------



## TheRetardKing (Jul 2, 2021)

I just wanna go back to posting shitty comments.


----------



## Imperial Agent (Jul 2, 2021)

Josh, your best troll remains not letting the haterz win.


----------



## moocow (Jul 2, 2021)

SSF2T Old User said:


> Ironic since GDQ starts on 4th of July.  I can totally see them using this event as an excuse for pity bucks.


Oh god the 4chan GDQ summer threads are some of the best entertainment of the year, thank you for reminding me about this!


----------



## CaesarCzech (Jul 2, 2021)

Null said:


> Guy on Twitter:
> "Haha I am DDoSing the Kiwi Farms!"
> 
> Kiwi Farms:
> ...



Perhaps the picture shows because its targerting Kiwifarms.net ? Its less outrage and more of moaning that man quality is determined by his enemies and Man we have some shitty enemies they are throwing shit at us that even Russian Conscripts charging with shovels would call pathetic.


----------



## Meiwaku (Jul 2, 2021)

Is sending support gibs to your live channels valid or gay to help frams?

I also want to dub this arc " Troonicidal Tendencies" Or Byuicide


----------



## Brokenhalo (Jul 2, 2021)

having the farms ddosed by some troons was not on my 2021 bingo card


----------



## Dustlord (Jul 2, 2021)

Cavalier Cipolla said:


> Are you sure they are not clandestine even in India? That is, unless their business is registered as something else.


Not sure about ddos operations, but I know a lot of those tech support scams are run out of normal call centers there. I'd assume it's similar .

Still a better occupation than ebegging.


----------



## AngelOfDeath (Jul 2, 2021)

Emptying out the BAT cave now... thanks nool!


----------



## DD Pickles (Jul 2, 2021)

Null said:


> Yes hello we're being ddosed and it sucks because I can keep the forum up but not the sister services unless I figure out what to do about this homosexuality. This post will be technical (to the best of my ability, I am a retard) so if you don't care you don't have to read this (but it's going to be expensive so pls gib crypto).
> 
> View attachment 2307414
> 
> ...


Why don’t you host on AWS?


----------



## Red Mask (Jul 2, 2021)

Born in Summer said:


> View attachment 2309374
> if this isn't a joke please include this in the random.txt


Those people don’t know what a Holocaust is. Come back when you’re forced to wear a Pink Triangle. They make it sound like only transgender people are talked about. Here’s a hint, it’s not because you’re trans, it’s because YOU ARE A SHITHELL! Like Jordan Peterson, Ethan whatever right winger he is, and Amberlynn Reid.


----------



## Alex Krycek (Jul 2, 2021)

Can anybody link me a mirror of Mio Honda explains why being LGBT is normal? (But it actually insults them the entire time). That was a good video and I sent it to a friend but it was taken down before he could watch it.


----------



## derpherp2 (Jul 2, 2021)

Brokenhalo said:


> having the farms ddosed by some troons was not on my 2021 bingo card


Really? It's right next to the Free Space: Transexual commits suicide for me.
Guess who almost has bingo, again? Don't worry I made it fair, by making the bingo space "Dimensional Merge finally chooses CWC."


----------



## Kuchipatchi (Jul 2, 2021)

Alex Krycek said:


> Can anybody link me a mirror of Mio Honda explains why being LGBT is normal? (But it actually insults them the entire time). That was a good video and I sent it to a friend but it was taken down before he could watch it.








						2021 DDoS Issue
					

Way to bring an ol ayylawwg back from the dead. So i guess the troons finally decided to make their move, it was getting boring anyway. Is that all they can do ? Honestly they don't seem like the sharpest tools in the shed but then again we are talking about people that chop their testies and...




					kiwifarms.net
				



This dude archived it for us.


----------



## Fuck! (Jul 2, 2021)

Are the DDOS attacks the reason I can't create threads in most places or have I done the unthinkable sin of just not being cool enough for the autist zone?


----------



## Throwing Romans (Jul 2, 2021)

Fuck! said:


> Are the DDOS attacks the reason I can't create threads in most places or have I done the unthinkable sin of just not being cool enough for the autist zone?


If you're referring to not being able to make threads in all the lolcow-related boards, that's because lolcow threads start in prospering grounds, so there's no "new thread" button there.


----------



## The Beer Padawan (Jul 2, 2021)

Right Wing Boomer Squads said:


> Guys, you do not need to spend 25k on a Fortigate or 90k paying the Cisco toll to get into a decent 10GbE router…. a Fortigate 500E is 10G capable, and costs about 5-7k. The 100F is even cheaper, but it has a lot less memory and I wouldn’t be comfortable recommending to handle 10GbE of DoS protection against some cashed up spergs who either know how to use LOIC, or just pay someone to know what that acronym is. 1100E is way overkill and Josh does not want a 2RU router using up his colo bux.
> 
> Josh does not need a UTM/IPS subscription. DoS protection, advanced routing, session-based NGFW, all comes with the firmware, no license required. Also, IPS only really protects against CVEs, it won’t protect you against bad website design.


That 500e is exactly what I was trying to find. Fortinet is dosghit when it comes to keeping their product catalog in one place.


----------



## MrTroll (Jul 2, 2021)

Kind of funny, I noticed that Google wiped all traces of KF from its auto-complete results, like in the last day or so. Searching for it now is like searching for a porn site.


----------



## Info Player Start (Jul 2, 2021)

MrTroll said:


> Kind of funny, I noticed that Google wiped all traces of KF from its auto-complete results, like in the last day or so. Searching for it now is like searching for a porn site.


8chan 2.0?


----------



## Fireman Sam (Jul 2, 2021)

MrTroll said:


> Kind of funny, I noticed that Google wiped all traces of KF from its auto-complete results, like in the last day or so. Searching for it now is like searching for a porn site.


They've done shit like this before. Literal tranny jannies work for Google and have personally scrubbed certain people's threads from google results.


----------



## Fuck! (Jul 2, 2021)

Throwing Romans said:


> If you're referring to not being able to make threads in all the lolcow-related boards, that's because lolcow threads start in prospering grounds, so there's no "new thread" button there.


Oh thanks- I could have sworn I'd made a thread directly on a board once but that may have changed. Cheers!


----------



## mister_ree (Jul 2, 2021)

I'd take a look at Ubiquiti's UniFi switches and gateways.
Top dollar features for rock bottom prices. It's all software now either way.
Don't pay the retarded CISCO tax unless you're looking for a support license.
Next best thing is used Juniper hardware.
Then slap a 1U used server Xeon from the last decade as a firewall with a PCIe 10gbe port card.
pfSense or OPNense will let you traffic shape to your heart's content on there

Listening to fucking cert whore network sysadmins that just plug wires together is only worth it unless your company is pulling down millions and you're a retarded manager with green to burn.

If it was me I'd ditch it all, take old Xeon hardware with the PCIe 10gbe card and slap a virtual switch stack on it ie. OVN, but none of these dipshits look like engineers, so go with the GUI and let your hardware handle it from ubiquiti.


----------



## Cavalier Cipolla (Jul 2, 2021)

MrTroll said:


> Kind of funny, I noticed that Google wiped all traces of KF from its auto-complete results, like in the last day or so. Searching for it now is like searching for a porn site.


I dunno, it seems to work fine for me, though I might have searched for these terms before.


----------



## MrTroll (Jul 2, 2021)

Cavalier Cipolla said:


> I dunno, it seems to work fine for me, though I might have searched for these terms before.


Just to be clear, I'm not saying that Google is censoring actual search results. Just the suggested words that come up as you type in the search bar before hitting enter. By contrast, they still come up as usual in Yahoo or Bing.


----------



## Takodachi (Jul 2, 2021)

Null said:


> I am about 90% done with the midterm solution.


oh shit, is null about to implement the final answer to the JQ?!


----------



## GENERAL MAO (Jul 2, 2021)

Takodachi said:


> oh shit, is null about to implement the final answer to the JQ?!


It is the final solution.


----------



## mister_ree (Jul 2, 2021)

Also did not mention Mikrotik which is what I use but I strip a em for my custom OpenWRT.
They make some solid shit as well for their low pricepoint, but Ubiquiti has em beat on management software imho.


----------



## Pasgetti (Jul 2, 2021)

Do we have any intel on the botnet(s) that are involved in this? How many source IPs are we dealing with, for example?
I think most botnets are based off malware compromised machines, and I'm sure the sending ISPs would be glad to know of the compromise, if it's at all possible with the number of source addresses involved.


----------



## Reverend (Jul 2, 2021)

mister_ree said:


> Also did not mention Mikrotik which is what I use but I strip a em for my custom OpenWRT.
> They make some solid shit as well for their low pricepoint, but Ubiquiti has em beat on management software imho.


If you read the entire thread Null said specifically he is done with Mikrotik as he hates the management interface.

Also, fuck ubiquiti as their shit is garbage.  They are netgear with a prettier logo.  You might as well buy used/refurb'd Cisco for their price point.


----------



## mister_ree (Jul 2, 2021)

Reverend said:


> If you read the entire thread Null said specifically he is done with Mikrotik as he hates the management interface.
> 
> Also, fuck ubiquiti as their shit is garbage.  They are netgear with a prettier logo.  You might as well buy used/refurb'd Cisco for their price point.


That's why I said I fucking strip em for OpenWRT.
But you crack niggers can't fucking code much less trace a network properly. Only plug wires.

CISCO iOS is a fucking shithole stack which when you don't pay for their stream of shit updates to give you sysadmins a fucking claim to a job, makes refurb less appealing without a support contract to blame have the option of blaming them.

We in the rice fields with 10GBe on Xeon routing virtualized router stack, motherfucker.


----------



## Meiwaku (Jul 2, 2021)

MrTroll said:


> Kind of funny, I noticed that Google wiped all traces of KF from its auto-complete results, like in the last day or so. Searching for it now is like searching for a porn site.


I can still get it if you lurk images LOL....also very interesting tfw no Kiwi Googles to reinstate us or google metrics us to the top. 

They also scrub anti troonery from Google


----------



## Null (Jul 2, 2021)

Someone suggested these








						MikroTik
					

MikroTik is a Latvian company which was founded in 1996 to develop routers and wireless ISP systems. MikroTik now provides hardware and software for Internet connectivity in most of the countries around the world.




					mikrotik.com
				











						7150 Series
					

Arista 7150 Series Software Defined Networking Switch is the leading ultra-low latency 1RU network platform for High Frequency Trading Markets and virtualized data centers




					www.arista.com
				




Accepting competing suggestions. I'd like to keep it in a budget range.

Someone also said they have a $1000 credit with Dell but they don't really do networking. Is there a management tool, like a rackmount KVM or something, from Dell worth getting?


----------



## The Beer Padawan (Jul 2, 2021)

mister_ree said:


> That's why I said I fucking strip em for OpenWRT.
> But you crack niggers can't fucking code much less trace a network properly. Only plug wires.
> 
> CISCO iOS is a fucking shithole stack which when you don't pay for their stream of shit updates to give you sysadmins a fucking claim to a job, makes refurb less appealing without a support contract to blame have the option of blaming them.
> ...


Lol calm down we're just putting out ideas here


----------



## mister_ree (Jul 2, 2021)

Juat sayin'
Wittout a fine tuned traffic shaping solution and the know how to use it, doesn't matter how much money you burn on equipment.

Main reason DDoS mitigation takes so long to wrk is because it tends to help the attack in the start. Those in the know take advantage of cloudflare of akamai having multiple servers to reflct packets off of. 
their multiple ingress edge nodes VS the one cheap ass server the target is running.


----------



## iloveisrael123 (Jul 2, 2021)

I wish I was skilled enough to make one of those gay ass anonymous videos taking credit for this


----------



## Alex Krycek (Jul 2, 2021)

mister_ree said:


> Juat sayin'
> Wittout a fine tuned traffic shaping solution and the know how to use it, doesn't matter how much money you burn on equipment.
> 
> Main reason DDoS mitigation takes so long to wrk is because it tends to help the attack in the start. Those in the know take advantage of cloudflare of akamai having multiple servers to reflct packets off of.
> their multiple ingress edge nodes VS the one cheap ass server the target is running.


Who the fuck are you?


----------



## mister_ree (Jul 2, 2021)

Alex Krycek said:


> Who the fuck are you?


P S Y O P S


----------



## Reverend (Jul 2, 2021)

mister_ree said:


> That's why I said I fucking strip em for OpenWRT.
> But you crack niggers can't fucking code much less trace a network properly. Only plug wires.
> 
> CISCO iOS is a fucking shithole stack which when you don't pay for their stream of shit updates to give you sysadmins a fucking claim to a job, makes refurb less appealing without a support contract to blame have the option of blaming them.
> ...


You are a fucking moron if you think Null is gonna have the time/resources to buy hardware stack and then format it and reinstall an OS ontop of that.  That's a waste of time/energy when better equipment exists for hundreds of dollars more.  Simplicity and Support is the name of game not custom build cobbled together bullshit. 

 Not all of us live in a 3rd world shit hole that needs to strip Gateway machines to make routers while praying the 200W PSU in their Packard Bell will keep the cell tower's running while making iDevices for your God Savior Westerners. You sound straight up "Ho's Mad" that some CCNP/CCIE is making 100x more than your rice field scrubbing clan is making. 

Keep your dumpster fire technobabble for Baby's First Docker image and your home lab and let folks who build 5 9 based infrastructure advise Dear Feeder on viable solutions.


----------



## ⠠⠠⠅⠑⠋⠋⠁⠇⠎ ⠠⠠⠊⠎ ⠠⠠⠁ ⠠⠠⠋⠁⠛ (Jul 2, 2021)

lllllllllllll said:


> It's most likely just a 20$/month booter.
> 
> And it's definitely a game for most of these kids. That Mirai guy back in the day hit krebsonsecurity with 500gbit or something (the record DDoS bandwidth iirc)  just for lulz


Eh, unless I've gotten ripped off in the past, it'll be a bit more money than that for the bandwidth involved, as well as the length of attacks (unless the tard is just sitting there clicking a button every time his previous run expires).

Honestly, at this point the most useful thing would be for people to try digging around (particularly in the MicroTik forums) for ways to mitigate the issue where RouterOS is getting tied up (presumably in the kernel) just dealing with the shear volume of traffic, or connection tracking, or firewall rules, or whatever it is, so that he can get enough time on the interface to actually fix things. I couldn't see anything on the forums there, hopefully Josh has asked because it seems to be a relatively helpful forum (though not to people who don't provide details).


Czechem Republic said:


> What are the chances those that paid for the botnet ever get a knock on the door?


0%

Like, if you have good opsec and know how to set up an anonymous Twitter account and how to use a simple BTC wallet over Tor, it might not have been the worst idea to create a 'TAKE DOWN THE KIWIFARMS H8RS' account to collect donations to the Farms. Only if it isn't illegal to collect money under false pretences in your country, of course.


----------



## Reverend (Jul 2, 2021)

Null said:


> Someone suggested these
> 
> 
> 
> ...


What do you plan on doing with either the Mikrotik or the Arista? You planning to have one switch/router do all your networking or break the network apart?  The mikrotik only has 4 10GB ports and they are SFP (fiber only) not SFP+ (fiber or copper).   Don't buy the mikrotik (and I suggested it I'm sorry).


You could buy a Dell network'd KVM switch:









						Dell 8-port Local KVM Switch - 2 local users - TAA Compliant | Dell USA
					

The Dell™ Analog KVM switches, engineered by Avocent, are ideally suited for environments where remote access is not required but maximum security is essential.



					www.dell.com


----------



## HackerX (Jul 2, 2021)

I'd be interested in the PCAP, but I doubt Null is collecting it. God only knows how what the total size of the PCAPs over the last week, but we several dozen of not hundreds of TB I bet


----------



## spoof (Jul 2, 2021)

now imagine if you took byuu's offer you could pay for this for about 10 years just off it


----------



## Male Idiot (Jul 2, 2021)

Keep up the good fight, Null.

As soon as I'm back on full time, I'll send you some shekels from my magnificent full 400 USD per month pay.


----------



## The Beer Padawan (Jul 2, 2021)

HackerX said:


> I'd be interested in the PCAP, but I doubt Null is collecting it. God only knows how what the total size of the PCAPs over the last week, but we several dozen of not hundreds of TB I bet


The cpu on the mikrotik is already dead enough during the ddos as it is, turning caps on will just probably kill it more.


----------



## HackerX (Jul 2, 2021)

I want the router to catch on fire and burn the data center down.  

Another option is to have a dedicated sniffer and storage out there on the same network as the external interface, but there are a lot of assumptions regarding the network config/architecture to even do that. That's also assuming the sniffer is beefed up, and even then it'd prolly also die instantly without a DDoS, lol.

Regardless, I'm still curious about any identifying behaviors or signatures.


----------



## random good picture (Jul 2, 2021)

spoof said:


> now imagine if you took byuu's offer you could pay for this for about 10 years just off it


the money was fake nigga its not even funny at this point


----------



## HTTP Error 404 (Jul 2, 2021)

Alex Krycek said:


> Can anybody link me a mirror of Mio Honda explains why being LGBT is normal? (But it actually insults them the entire time). That was a good video and I sent it to a friend but it was taken down before he could watch it.





Dork Of Ages said:


> View attachment 2310092
> Archived this gem right here.



There's an upload of it here.



HTTP Error 404 said:


> Mio Honda is based as fuck.
> 
> Mio on Pornography
> 
> ...



And I linked a few other ones here, if you're interested.  The Pornography one is pretty good.


----------



## mister_ree (Jul 2, 2021)

Reverend said:


> You are a fucking moron if you think Null is gonna have the time/resources to buy hardware stack and then format it and reinstall an OS ontop of that.  That's a waste of time/energy when better equipment exists for hundreds of dollars more.  Simplicity and Support is the name of game not custom build cobbled together bullshit.
> 
> Not all of us live in a 3rd world shit hole that needs to strip Gateway machines to make routers while praying the 200W PSU in their Packard Bell will keep the cell tower's running while making iDevices for your God Savior Westerners. You sound straight up "Ho's Mad" that some CCNP/CCIE is making 100x more than your rice field scrubbing clan is making.
> 
> Keep your dumpster fire technobabble for Baby's First Docker image and your home lab and let folks who build 5 9 based infrastructure advise Dear Feeder on viable solutions.


I get it. Lil coon made it out of the ghetto after he learned a few k8s command. Mom's so proud that she paid for CCNA. finally makes her not regret telling everyone "he's so good with computers"

But good on you for helping becky in accounting transfer her puppy pics to the company share point.


----------



## Ghostface Killah (Jul 2, 2021)

Openrack OCP 19" - 1U Server Xeon 12 Cores 2.4Ghz 32GB DDR4 Dual 10GB SFP+ 2x PS  | eBay
					

These are the OCP version of a dell R630. ZT System 1U 2x 2.5" Drive Bays. Processor:1x Xeon E5-2676 V3 ES 2.40 GHz 12C Haswell-E/EP 120W 30MB CPU (   ES Confidential CPU installed, Dual possible). This server were made to the ocp19 spec by ZT System.



					www.ebay.com
				




Get that and run PfSense. You need godlike skills to use it though


----------



## Irrelevant (Jul 2, 2021)

mister_ree said:


> Those in the know take advantage of cloudflare of akamai having multiple servers to reflct packets off of.
> their multiple ingress edge nodes VS the one cheap ass server the target is running.


You're like the stupid trannies who think they were being clever finding the real IP by brute forcing the entire block with curl when they could have just connected to one of the non-Cloudflare mirrors.

KF hasn't 100% relied on CloudFlare for years because Null has been nervous of them pulling the plug before.

Might as well recommend he sticks the site on AWS.


----------



## mister_ree (Jul 2, 2021)

Monocle said:


> Openrack OCP 19" - 1U Server Xeon 12 Cores 2.4Ghz 32GB DDR4 Dual 10GB SFP+ 2x PS  | eBay
> 
> 
> These are the OCP version of a dell R630. ZT System 1U 2x 2.5" Drive Bays. Processor:1x Xeon E5-2676 V3 ES 2.40 GHz 12C Haswell-E/EP 120W 30MB CPU (   ES Confidential CPU installed, Dual possible). This server were made to the ocp19 spec by ZT System.
> ...


If there's RAM in that you can flip DDR4 ECC for 10x and throw most of the other crap away lol


----------



## TVStactic (Jul 2, 2021)

Drachenlord said:


> Honestly you should keep the farms up for as cheap as possible just so that they burn through their cash financing those attacks - afaik DDoS services of this scale are expensive as fuck.
> Maybe it's not even worth putting too much effort into mitigating the attack as long as your hosting provider doesn't kick you off and the Farms will be back whenever the attackers run out of money. In the end, they'll have spent a fortune and gained nothing at all from this.


the thing is that the server is due to a upgwade because nool has wishes to add video hosting and such. so it's a timely coincidence.


Basic AGGIN said:


> Just like most people on this site, most probably


if you are a fatkiwi just hop on the fitness section. it's a splinter part of /fit/... and that's it really, the autism is pretty much the same.


Zulu Warrior said:


> You would think if someone is just doing it for fun, they'd target people more likely to chimp out over it.


this the "i want to own you" type of fun, there is a difference.


mindlessobserver said:


> It never ceases too amaze that every effort to take this place out has only made it stronger. It's gone from a place to talk of Chris-chan via a free template forum to a place with its own dedicated servers, crypto currency streams and lawyers like Robert Barnes on retainer.
> 
> Why did they make Null do this? He just wanted to gossip about internet stuff.


the problem started when they wanted null to be kil because he said nigger.
still see if the old equipment can still be used for filtering dear feeder, will probably help to add an extra layer to tank the flood which seems to be the way of classic attacks to down "low host" things.


----------



## mister_ree (Jul 2, 2021)

Irrelevant said:


> You're like the stupid trannies who think they were being clever finding the real IP by brute forcing the entire block with curl when they could have just connected to one of the non-Cloudflare mirrors.
> 
> KF hasn't 100% relied on CloudFlare for years because Null has been nervous of them pulling the plug before.
> 
> Might as well recommend he sticks the site on AWS.


Ladyboy is enough where I come from, tyvm.


----------



## Tourniquet Man (Jul 3, 2021)

Fuck Ddosing trannies, here's 10 bucks for my favorite retard.
I wish all farmers a good day


----------



## katy (Jul 3, 2021)

Null said:


> Someone suggested these
> 
> 
> 
> ...


Bytefend.com


----------



## ZippyZoopa (Jul 3, 2021)

HTTP Error 404 said:


> There's an upload of it here.
> 
> 
> 
> And I linked a few other ones here, if you're interested.  The Pornography one is pretty good.


Imagine trying to be "based and redpilled" by using cringy nonce idolshit to share your facts, I'll take the fashwave edits instead please


----------



## HTTP Error 404 (Jul 3, 2021)

ZippyZoopa said:


> Imagine trying to be "based and redpilled" by using cringy nonce idolshit to share your facts, I'll take the fashwave edits instead please


Fashwave edits won't be accidentally watched by the people that need to see those messages.

Although now I do wanna see something similar to those anime facts vids with Fashwave instead.


----------



## ZippyZoopa (Jul 3, 2021)

HTTP Error 404 said:


> Fashwave edits won't be accidentally watched by the people that need to see those messages.
> 
> Although now I do wanna see something similar to those anime facts vids with Fashwave instead.


And the people who watch Idolshit obsess over fictional underage girls, who the lolbertarian "just let me coom" types not the "based anti-degeneracy trads" you are advertising to.


----------



## Dustlord (Jul 3, 2021)

ZippyZoopa said:


> And the people who watch Idolshit obsess over fictional underage girls, who the lolbertarian "just let me coom" types not the "based anti-degeneracy trads" you are advertising to.


I feel like you're overthinking a silly meme.


----------



## spoof (Jul 3, 2021)

random good picture said:


> the money was fake nigga its not even funny at this point


If he never paid anything then the thread would never be deleted and nothing would be lost other than Null's worthless reputation.


----------



## totallyrandomusername (Jul 3, 2021)

You have my word that I will donate all the money I got through abject perjury.


----------



## LanceHaver (Jul 3, 2021)

If the attack is spoofing the source IP to look like it originates from the local host ( BCP38 ), you can add these to your iptables to mitigate that:



```
iptables -A INPUT -i eno0 -s 10.0.0.0/8 -j LOG --log-prefix "IP DROP SPOOF A: "
iptables -A INPUT -i eno0 -s 172.16.0.0/12 -j LOG --log-prefix "IP DROP SPOOF B: "
iptables -A INPUT -i eno0 -s 192.168.0.0/16 -j LOG --log-prefix "IP DROP SPOOF C: "
iptables -A INPUT -i eno0 -s 224.0.0.0/4 -j LOG --log-prefix "IP DROP MULTICAST D: "
iptables -A INPUT -i eno0 -s 224.0.0.0/5 -j LOG --log-prefix "IP DROP MULTICAST E: "
iptables -A INPUT -i eno0 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -i eno0 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eno0 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i eno0 -s 224.0.0.0/4 -j DROP
iptables -A INPUT -i eno0 -s 224.0.0.0/5 -j DROP
```

As for networking hardware I don't know much about it


----------



## Paganda (Jul 3, 2021)

BAT sent, keep up the good work.


----------



## Judge Dredd (Jul 3, 2021)

Null said:


> What? Are you going to DOX this guy and BRING HIM TO JUSTICE? No, he's some random fucking guy. Probably lives in Russia.


No. But I'd like if one of these Twitter loons celebrating taking down KF for a few days gets a knock at the door from the FBI. Even if nothing comes of it, the Twitter melt down would be predicable, but deserved.


----------



## Kosher Dill (Jul 3, 2021)

Jesus H Christ said:


> You have my word that I will donate all the money I got through abject perjury.


30 pieces of silver?


----------



## lllllllllllll (Jul 3, 2021)

LanceHaver said:


> If the attack is spoofing the source IP to look like it originates from the local host ( BCP38 ), you can add these to your iptables to mitigate that:
> 
> 
> 
> ...


Wouldn't all that logging just make it even easier to kill the server


----------



## ZippyZoopa (Jul 3, 2021)

Dustlord said:


> I feel like you're overthinking a silly meme.


Maybe so, but just like K-pop, I can't comprehend why people would like such garbage preppy, high-pitched, obnoxious garbage. How can you listen to that voice and not be annoyed? You have to be attracted to annoying kids to get a kick out of it.


----------



## Yamamura Video Rental (Jul 3, 2021)

Nice work, the search function is finally working again.  It's been a difficult week without it.


----------



## Right Wing Boomer Squads (Jul 3, 2021)

LurkTrawl said:


> I don't really know shit about networking, what did it mean when I tried to access the .onion version of the site and it said something about a hashring?
> 
> Also Godspeed Null in thwarting retards and all that, but what's the difference between a DDoS and a DoS?



DoS = denial of service 
DDoS = distributed denial of service 
Basically, DDoS is a denial of service attack which is performed using multiple sources, eg: a ton of separate source machines all launching traffic against one destination.

Distributed attacks are a lot harder to mitigate, as you (or more likely your provider) can’t just drop the prefix the attack is coming from. While you may be receiving 1Gb of bad traffic, it may be coming from 100 endpoints sending 10Mbps each.

I prefer to use the term DoS when talking about mitigation strategies though, as it covers both, and most vendors use DoS in their syntax/terminology.


----------



## LanceHaver (Jul 4, 2021)

lllllllllllll said:


> Wouldn't all that logging just make it even easier to kill the server


You can just omit the log commands and only use the drop commands if you're concerned about CPU/space from logging


----------



## ToroidalBoat (Jul 22, 2021)

I think there was a brief DDoS attack a few hours ago.


----------



## Euler's identity (Jul 22, 2021)

ToroidalBoat said:


> I think there was a brief DDoS attack a few hours ago.


Got a couple 503 errors earlier but as you say, the forum was back to running smoothly pretty quick.


----------

