V2EX, a well-known technology and creative community, was attacked for three consecutive days by DDoS attacks from IP addresses in more than 200 countries/regions. The attacks have not stopped yet.

V2EX has been attacked for three consecutive days.

According to Livid, the founder of V2EX, the site is attacked with 12 million requests every minute.


Many users said V2EX appeared to have been attacked

Livid tweeted that “these massive distributed attacks are coming from over 200 countries and up to 100,000-200,000 requests per second.”

He also appealed for help from Matthew Prince, the CEO of AtCloudFlare: “My site has been under attack for three days now, and it appears that the attackers have successfully circumvented Cloudflare’s captco mechanism.”

As a result, the attackers looked professional.


Currently Livid says he has to rely on handwritten firewall rules to alleviate the situation, and Cloudflare engineers are working on it! [](https://p1-jj.byteimg.com/tos-cn-i-t2oaga2asx/gold-user-assets/2020/6/9/17297ffddb6a9f7f~tplv-t2oaga2asx-image.image) Do it.

V2EX is a technical and creative community, where users discuss programming, design, hardware, games and other topics. There is no shortage of posts in the community about defending against DDoS, and I wonder if the methods once shared can be used now.

 

V2EX DDoS protection provider, known as the network security unicorn

DDoS protection on V2EX websites is provided by Cloudflare.

Founded in 2009, SAN Francisco-based Cloudflare provides DDoS protection, web application firewalls, reverse proxy based Content Delivery Network (CDN), domain name servers, and related technical support.

The company first came to prominence after its services successfully defended against an attack designed by the hacker group Lulz Sec.


Cloudflare went public on the NYSE on September 13, 2019, and its shares soared more than 25% on the first day of its IPO

Cloudflare’s ultimate goal is to be everyone’s “first stop” on the web, standing between Internet visitors and servers and providing rich, secure, accelerated services.

Before going public, the company was valued at more than 20 billion yuan and was known as a cybersecurity unicorn.

But V2EX, one of Cloudflare’s customers, has been the target of frequent attacks in recent years. In April 2015, Livid tweeted that “V2EX is being attacked by DDoS. Ports are full.”

 

DDoS: Simple and difficult to defend against

Distributed Denial of Service (DDos) is one of the most common network attacks. It is a simple and crude attack.

An attacker attacks the target server by controlling multiple computers in different areas. The purpose is to force the network or system of the target server to exhaust resources and suspend services, so that normal users cannot access the target server.


A DDoS attack is likened to creating a traffic jam, preventing regular traffic from reaching its intended destination

The machines exploited can include computers and other networked resources, such as IoT devices, which are often referred to as “chickens.”

In recent years, many major websites have also been affected by DDoS.

In October 2016, users reported that Hundreds of websites, including Twitter, Spotify, Netflix, Github, Airbnb, Visa, CNN, and the Wall Street Journal, were inaccessible and inaccessible. It was later concluded that the “outage” was caused by a massive DDoS attack on Dyn, the leading DNS service provider in the United States. Dyn says the attacks came from over 10 million IP sources.

In the early hours of March 1, 2018, GitHub suffered its worst ever DDoS cyber attack, with an unprecedented peak traffic of 1.35Tbps. The community, home to the world’s largest concentration of programmers, is not immune to DDoS. According to foreign media, the attacker used the Memcached vulnerability to execute the attack, which can multiply the effect of the attack, known as DRDoS reflex attack.

In October 2019, the AWS DNS server suffered a severe DDoS attack that resulted in a 15-hour outage.

According to the “DDoS Threat Report 2019” released by Tencent Cloud, the situation of DDoS attacks was still severe in 2019, and the proportion of DDoS attacks in hot emerging industries such as live broadcasting and e-commerce also increased significantly.


The gaming industry is a prime target for hackers, according to the report

In terms of attack peak, since the industry found a peak of 1.94 Tbps in 2018, it is no longer a rare event for DDoS attacks to reach the TB level. Meanwhile, overseas attacks accounted for 15 percent, almost double the 8 percent in 2018.