KiwiFlare

[Kosher Salt]

I'm getting "Server responded with an error" on the mirror, usually with "Your bypass attempt was rejected" in the console, although I also saw an invalid JSON error message a minute ago...

And now it just randomly started working. Onion service seems to be working better at the moment, but both of them have been pretty hit or miss today.

 

[Useful_Mistake]

Kiwiflare now gives me this error whether or not I use Brave shields. Worked fine yesterday

Edit: The problem resolved itself

 

[Null]

Kiwiflare now gives me this error whether or not I use Brave shields. Worked fine yesterday

this issue has been present for hours because i forgot to compile scripts on one of the servers. sorry.

 

[Tetragrammaton]

how is it that kiwiflare seems to be slowly working its way up to being better than cloudflare was? are we just getting a different type of DDoS attack now compared to back then? because it feels like everything is going way smoother now even with the attacks. i guess the troons plan of null just giving up has actually backfired into null slowly creating the kiwi iron dome.

 

[FuckedOffToff]

Maybe it's me, but I was getting a repeated 500 error, on clearnet. Back on tor right now

 

[He's FAT!]

this issue has been present for hours because i forgot to compile scripts on one of the servers. sorry.

You should give Ansible a try. It's an automation/orchestration tool that works well with bare metal infrastructure. Connects over SSH (uses hosts defined in your ssh config), and only requires Python 3 on the remote hosts, which is almost always installed by default. So, you could run 1 command that connects to all n kiwiflare hosts, does a git pull, compile, pushes some templated config files, restart the services, whatever.

 

[Yandex Captcha Solver]

Was getting quite a few 500 errors on .pl, 5 error pages to 1 page loaded rate. Hitting F5 corrects the issue after a few tries, then the site loads quickly most of the time. Assuming this is just from the off and on DDOS attack. This has been off and on for the last hour or so.

As of writing this it the site has been loading quickly after this time period.

Would like to second a current Kiwiflare statistic that is automatically updated somewhere on the site. Would help us see the improvements on Kiwiflare and the durability of the site rise over time.

 

[Null]

i'm not adding any sort of statistic to monitor attack traffic to the site.

 

[FuckedOffToff]

i'm not adding any sort of statistic to monitor attack traffic to the site.

Yeah, the trannies would treat like a high score, and keep trying to beat it.
Bad craic, man.
Are getting any sleep? We need a healthy Null, no good having determination like yours if you don't look after yourself.
Eat well, sleep well, get some fresh air, don't make the mammies of the site worry.
We'll hunt you down in Serbia and feed you soup, my boi, see if we don't.

 

[Osama Bin Laden]

Are getting any sleep? We need a healthy Null, no good having determination like yours if you don't look after yourself.

as much as I would love to sleep, when you have unfiltered autism trying to constantly put out the fires that trannies set is something that I can only commend and respect as a fellow autist. even making my latest PG thread reminded me of back in my sys admin days when I spent countless hours trying to fix some stupid fucking thing that a customer wanted me to do.

 

[Null]

Are getting any sleep?

yeah, that's why there's long periods where shit doesn't work. When I can't protect the backend I just turn off clearnet and when I can I just let the frontend eat shit.

 

[JoshPlz]

IIRC ages ago you mitigated an attack by just configuring TLS support to only accept modern protocols and ciphers (TLS 1.3 only I think?), is that maybe something to look at again?

I'm assuming 65k reqs/sec are probably coming from a lot of compromised IoT devices, routers, etc. that wouldn't support the new shit and according to testssl, .pl is offering TLS 1.0 and newer.

I can't find the posts anymore, but I think the trick was to block HTTP 1.0, 1.1, and maybe even 2.0(?) while only allowing HTTP 3.0, which is no problem for any browser with updates from at least mid-2022, thus blocking a big amount of outdated, compromised devices. I vaguely remember something about the troons finding out and adjustisting their attack after a while.

Curious if you know what sort of money an attack of this magnitude would cost. Certainly seems like someone with deep pockets and maybe a brick shaped face.

It's sadly much cheaper than you would expect. Botnet operators aquire their resources illegally, automatically and for free, by infecting systems with malware that are then used as part of DDoS attacks. Because of that they can offer their services for extremely low prices.

This article is from 2017. The cost is even lower now:

As per the Dark Web Price Index 2022, a 24-hour DDoS attack with 20-50k requests per second can cost the attacker as little as $200 USD.

A bunch of troons throwing their government handout money into a pool together can do a lot of damage.
Countering these attacks in the form of DDoS protection (especially against Layer 3&4 attacks) is always A LOT more expensive, because you have to aquire those resources legally. So while angry, mutilated men can cause havoc by committing crime for less than a few hundred dollars, mitigating the attacks can cost several thousands.

 

[Fëanor Curufinwë]

Super smooth on clearnet right now.

 

[FuckedOffToff]

as much as I would love to sleep, when you have unfiltered autism trying to constantly put out the fires that trannies set is something that I can only commend and respect as a fellow autist. even making my latest PG thread reminded me of back in my sys admin days when I spent countless hours trying to fix some stupid fucking thing that a customer wanted me to do.

I appreciate the high intensity of the situation, the hyper focus, the baseline fact that when you're in the flow, you keep at it. I've been there for far stupider reasons. Plus the fact, for Null, he's the only guy in this, it's ultimately down to him alone.
I get it, it's admirable, I'm not trying to be facetious, I just don't want the person the fate of the site depends on to burnout and get to the point where he either gets ill, or throws his hands up and says fuck it.
He's a human, at the end of the day. Despite his ultra autistic networking super powers, and dedication to a site filled with well, us, it's nice to remember that. Knowing very little about him (for the best, I think) I'm offering the support I would to any other human.

 

[Osama Bin Laden]

I appreciate the high intensity of the situation, the hyper focus, the baseline fact that when you're in the flow, you keep at it. I've been there for far stupider reasons. Plus the fact, for Null, he's the only guy in this, it's ultimately down to him alone.
I get it, it's admirable, I'm not trying to be facetious, I just don't want the person the fate of the site depends on to burnout and get to the point where he either gets ill, or throws his hands up and says fuck it.
He's a human, at the end of the day. Despite his ultra autistic networking super powers, and dedication to a site filled with well, us, it's nice to remember that. Knowing very little about him (for the best, I think) I'm offering the support I would to any other human.

based kiwifarms user

 

[Flaming Dumpster]

I can't find the posts anymore, but I think the trick was to block HTTP 1.0, 1.1, and maybe even 2.0(?) while only allowing HTTP 3.0, which is no problem for any browser with updates from at least mid-2022, thus blocking a big amount of outdated, compromised devices. I vaguely remember something about the troons finding out and adjustisting their attack after a while.

I'm like 99% certain it was TLS support and coincidentally I rechecked a few hours after my post and the site was suddenly only offering TLS 1.3.

From the Telegram

I think this is the thing I was thinking of and the issue at the time was there were so many clients initiating TLS handshakes that it was blowing up the server and so only offering 1.3 was enough to stall the botnet temporarily.

 

[Null]

The cheeky fix was http2 only. The current attack is actually http2 based.

 

[FuckedOffToff]

based kiwifarms user

Null has been good to the gals. Least we can do is figuratively offer him a sandwich when the work is intense.

 

[Laffs n Gaffs]

Getting some 502's here and there with some attachments not loading but it's very good all in all here on the .pl mirror.

 

[Sexy Senior Citizen]

.pl is currently fluctuating between super fast and 502 errors.