Internet Archive and Wayback Machine have been facing DDoS cyberattacks for the last few days. The non-profit assured that collections are safe despite the service being inconsistent since Sunday.
Without knowing how, not really. If it’s a massive multi-device botnet, like Mirai, for example, that’s millions of indvidual devices across millions of addresses, so it isn’t so simple as just blocking a domain. Trying to block all of them might well just block legitimate users.
Request limits also wouldn’t work if it’s millions of devices making a few requests at once, and an overall limit would have a similar locking-out effect as blocking everything. Especially if the DDoS is taking up most/all of that limit.
Can someone explain why they’re not able to protect against this? Couldn’t they put request limits or monitor for spikes and banning these attempts?
Without knowing how, not really. If it’s a massive multi-device botnet, like Mirai, for example, that’s millions of indvidual devices across millions of addresses, so it isn’t so simple as just blocking a domain. Trying to block all of them might well just block legitimate users.
Request limits also wouldn’t work if it’s millions of devices making a few requests at once, and an overall limit would have a similar locking-out effect as blocking everything. Especially if the DDoS is taking up most/all of that limit.
Just so crazy to me the scale.
Is there any range for how many “a few requests” would be needed to ddos a site like this?