Comment by ddtaylor
12 hours ago
Did they actually run the DDoS via a script or was this a case of inserting a link and many users clicked it? They are substantially different IMO
12 hours ago
Did they actually run the DDoS via a script or was this a case of inserting a link and many users clicked it? They are substantially different IMO
https://news.ycombinator.com/item?id=46624740 has the earliest writeup that I know of. It was running it via a script and intentionally using cache busting techniques to try to increase load on the hosted wordpress infrastructure.
> It was running
It still is, uBlocks default lists are killing the script now but if it's allowed to load then it still tries to hammer the other blog.
Ah good to know. My pi-hole actually was blocking the blog itself since the ublock site list made its way into one of the blocklists I use. But I've been just avoiding links as much as possible because I didn't want to contribute.
Given the site is hosted on wordpress.com, who don't charge for bandwidth, it seems to have been completely ineffective.
The speculation that I saw was that they'd try to get Wordpress.com to boot him off for being a burden on the overall infrastructure.
5 replies →
Thank you this is exactly the information I was looking for.
"You found the smoking gun!"
they silently ran the DDoS script on their captcha page (which is frequently shown to visitors, even when simply viewing and not archiving a new page)