Protection against technical attacks on Indymedia linksunten

Alles zum G20-Gipfel 2017 auf Indymedia linksunten

There have been multiple attacks on Indymedia linksunten over the last couple of weeks. We'd like to make the problems transparent and to describe the dynamics behind the solutions. To sum it up: all problems should be solved, as far as we know there were no state-controlled attacks on linksunten and also the non-state-controlled attackers put their pants on one leg at a time.


The Indymedia linksunten website is confronted regularly with DDoS attacks. This is the reason why we use the anti-DDoS services of Deflect. Their sysadmins have once put it charmingly diplomatic: “You are one of our best clients.” Most of the DDoS attacks are detected and thwarted by Deflect with their JavaScript engine. This also answers the frequently asked question of why JavaScript needs to be enabled to use Indymedia linksunten.


Unsurprisingly, there have been many more hits than usual during the G20 Summit in Hamburg which caused a high load on the linksunten server. On top of that, there has been a successful DDoS attack which rendered the website unusable in the night of the 8th of July. We were able to mitigate the effects of the attack during the next day and block it entirely the following days with the help of Deflect.


Unfortunately, the new configuration led to new problems we only solved after a thorough analysis. The problems had nothing to do with the website but with the upstream servers. The search, the photo button of the HTML editor and the startpage tabs have been affected and were temporarily unusable.


Futhermore, the captcha was affected - the image with the distorted characters which has to be solved in order to post content. As a consequence of the configuration errors commercial bots were able to solve the captcha which led to a spam wave on linksunten. First, we tried to fight the spam by increasing the difficulty level of the captcha. But even when it was nearly unsolvable for humans this did not stop the bots. In the end it turned out that the problem was quite banal: the captcha had been cached! After a failed attempt the same image had been shown again and again and so bots had many attempts to solve it.


By now, all related problems should be solved. As we have reconfigured the server stack significantly the website should be better protected against DDoS attacks than before. We have learned new debugging techniques and we've worked together closely with Deflect. This strengthened our relationship with the Deflect sysadmins: thanks for your support! Last but not least the problem analysis made us rethink and improve the anti-spam and caching concept of the new linksunten website which we are currently working on.


Indymedia linksunten
Communiqué from 17.08.2017

Zeige Kommentare: ausgeklappt | moderiert

Danke für euren Einsatz!


Spendet an indymedia! wie? auch dazu gibts artikel