From my experience, what brings a site down really rarely is an *actual* DDoS. Most of the time it is organic traffic spike hitting a slow back-end.
Hence:
1. microcaching
2. my exasperation with CloudFlare calling everything a DDoS 🙄
But I digress!
We did get honest-to-Dog DDoSes, some pretty substantial. When that happened we just… swapped out *all* active fasadas.
The DDoS would happily continue against the 4 to 6 old IP addresses… While new visitors would get served from other nodes. 😸
Michał "rysiek" Woźniak · 🇺🇦 /
npub1af…q5gp4
2024-08-19 20:10:28
in reply to nevent1q…qd6x
Author Public Key
npub1afml2kzwamqxppl50207sf5jwgl3l6ugn6hnuwugtxt7ctnhdtkqjq5gp4Published at
2024-08-19 20:10:28Event JSON
{
"id": "a82f465570094e9e18bdb0109a6b2eeb0fd8ff66d9b6aec83fe2bb941d01f728",
"pubkey": "ea77f5584eeec06087f47a9fe82692723f1feb889eaf3e3b885997ec2e776aec",
"created_at": 1724098228,
"kind": 1,
"tags": [
[
"p",
"ea77f5584eeec06087f47a9fe82692723f1feb889eaf3e3b885997ec2e776aec"
],
[
"p",
"9889ed18c266c3a8870c5e6d7b0ac2975c6407a031cc66818bc99ebc9e8ef4b8"
],
[
"e",
"9d1ae437b951f9acf0b5fa32768b054029e3ff2f3813372d1fa6fd6de1995a27",
"",
"root",
"ea77f5584eeec06087f47a9fe82692723f1feb889eaf3e3b885997ec2e776aec"
],
[
"e",
"db5f893bff99945864db3036daad62a982548e3d68e8b2bc00ef093cb5bd37a9",
"",
"reply",
"ea77f5584eeec06087f47a9fe82692723f1feb889eaf3e3b885997ec2e776aec"
],
[
"proxy",
"https://mstdn.social/@rysiek/112990501484688860",
"web"
],
[
"proxy",
"https://mstdn.social/users/rysiek/statuses/112990501484688860",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://mstdn.social/users/rysiek/statuses/112990501484688860",
"pink.momostr"
],
[
"-"
]
],
"content": "From my experience, what brings a site down really rarely is an *actual* DDoS. Most of the time it is organic traffic spike hitting a slow back-end.\n\nHence:\n1. microcaching\n2. my exasperation with CloudFlare calling everything a DDoS 🙄 \n\nBut I digress!\n\nWe did get honest-to-Dog DDoSes, some pretty substantial. When that happened we just… swapped out *all* active fasadas.\n\nThe DDoS would happily continue against the 4 to 6 old IP addresses… While new visitors would get served from other nodes. 😸",
"sig": "e4d9d91834622ee58a2e266daf78426470ed4e99d8e6b6ee6efbe8f3d60e78411f2f9ad0a74ca329d51e2a975b5e88ca07ecaf1eee2f9ec4125ea19348f9e79f"
}