tromfil Posted March 15, 2014 Report Share Posted March 15, 2014 (edited) On Tuesday, March 11th, GitHub was largely unreachable for roughly 2 hours as the result of an evolving distributed denial of service (DDoS) attack. I know that you rely on GitHub to be available all the time, and I'm sorry we let you down. I'd like to explain what happened, how we responded to it, and what we're doing to reduce the impact of future attacks like this.Fac share pentru paragraful urm?tor.Cei care chiar au nevoie de aceast? info, vor aprecia, restul li se va p?rea neinteresant. O consider o idee interesant? în ambele sensuri, asta chiar dac? nu e inventat?/descoperit? acum.After some investigation, we discovered that we were seeing several thousand HTTP requests per second distributed across thousands of IP addresses for a crafted URL. These requests were being sent to the non-SSL HTTP port and were then being redirected to HTTPS, which was consuming capacity in our load balancers and in our application tier. Unfortunately, we did not have a pre-configured way to block these requests and it took us a while to deploy a change to block them.https://github.com/blog/1796-denial-of-service-attacks Edited March 15, 2014 by tromfil Quote Link to comment Share on other sites More sharing options...
aelius Posted March 15, 2014 Report Share Posted March 15, 2014 (edited) Ma intreb cat de retarzi sunt incat sa dea flood la o aplicatie web ce ajuta sute de mii de programatori sau la un site web educational. Lumea asta se duce pe zi ce trece pe p**a si e plina de "canibali".Side note: Am facut load balancing cu tot felul de echipamente hardware cat si cu solutii software (servere multiple cu haproxy) si am ajuns la concluzia ca in afara de Load Balancerele de la Juniper ce fac si tcp offloading "la nesimtire", solutiile cu haproxy + FreeBSD bat la fund cam orice solutie hardware cu preturi de 4 zero-uri in euro. Edited March 15, 2014 by aelius Quote Link to comment Share on other sites More sharing options...
bcman Posted March 15, 2014 Report Share Posted March 15, 2014 Nu prea ?tiu multe despre acest domeniu ?i a? avea o întrebare:These requests were being sent to the non-SSL HTTP port and were then being redirected to HTTPSCum se face asta? Adic? sa zicem ca HTTPS e pe portul default (443). Cum po?i face un request pe orice alt port astfel încât s? fac? forward pe 443? Sau a?a era configurat serverul? Quote Link to comment Share on other sites More sharing options...
aelius Posted March 15, 2014 Report Share Posted March 15, 2014 Nu prea ?tiu multe despre acest domeniu ?i a? avea o întrebare:Cum se face asta? Adic? sa zicem ca HTTPS e pe portul default (443). Cum po?i face un request pe orice alt port astfel încât s? fac? forward pe 443? Sau a?a era configurat serverul?E vorba de http redirect to httpsmacbook ~$ curl --head http://www.github.com/HTTP/1.1 301 Moved PermanentlyContent-length: 0Location: https://www.github.com/Connection: closemacbook ~$ curl --head http://www.rstforums.com/HTTP/1.1 302 FoundDate: Sat, 15 Mar 2014 16:47:32 GMTServer: ApacheLocation: https://rstforums.com/Connection: closeContent-Type: text/html; charset=iso-8859-1 Quote Link to comment Share on other sites More sharing options...
