pretty crazy to see these sorts of worms, I think it's probably a good thing that we start to examine the "supply chain" of open source software and figure out ways to prevent this sort of attack.
Timing was definitely smart on the part of the attacker, heading into Thanksgiving in the US means a lot of people in vacation mode, probably not even realizing this is happening right now.
This is awesome, I've used offload media for years, but they've been getting more and more annoying about their plugin trying to convert to using their cdns and upgrading to their premium plugin.
I've wanted to explore R2 (I use S3/Cloudfront today) and this looks like a great way to do so!
they use a mixture of colo (M247, Datacamp, HostRoyale, Oxylabs, etc) and international residential. I suspect the latter are where those residential app proxies come into play (bright SDK, etc). Oxylabs is also a well known proxy provider, which makes me think they're the gateway into all of these IPs.
Definitely interesting times to try and host a web server!
Yeah, there are some botnets I've been seeing that are much more stealthy, using 900-3000 IP's with rotating user agents to send enormous amounts of traffic.
I've resorted to blocking entire AS routes to prevent it (fortunately I am mostly hosting US sites with US only residential audiences). I'm not sure who's behind it, but one of the later data centers is oxylabs, so they're probably involved somehow.
I wrote about this a few weeks ago, because it really is quite insane.
I wish AWS would curtail abuse from their networks. My hope is to build some tools to automate detection and reporting of this sort of abuse, so we can force it into AWS's court.
I remember dealing with a large credential stuffing attack at a marketplace right after we announced our series B ~2018. We developed some tools to keep them out through pattern matching, but it was not easy and it took some time to develop those tools.
Best companies to work with were spycloud.com and sift.com.
spycloud actually specializes in identifying leaked credentials, which are what attackers use in the credential stuffing list they go through, so you could identify "stuffable" credentials prior to the attack happening, which is nice.
sift was great at helping to just identify fraud in general, so if an account did quietly get compromised, we could identify it before the transaction was finalized.
I've been trying to track down the source of 500+ IPs that routinely hit websites that I'm hosting. Definitely interested in hearing if anyone else has experience this as well. Cloudflare does not appear to block this type of attack
I have to say, Visual Basic 4.0 changed my life when I was introduced to it at the age of 12. I had written Basic before that, but being able to build drag and drop create a GUI on top of my code was what really hooked me on programming. I built and sold my first desktop application at 14 that I wrote by myself in VB6 and used VB6 for all of my jobs through 21 when I had to upgrade a VB6 application to C#.net.
I often harp on how much I wish someone would build a simple GUI for the modern desktop or web environment, instead of spending ages fighting css and javascript for even the most basic layouts. Visual Basic just removed all of the complexity, nothing filled that gap before VB or after VB. Sadly, even VB these days is a mess ever since winforms stopped being the primary target interface.
Thank you for what you built, I've been writing code for 26 years now as a direct result of it.
I should mention that wasn't just me. Alan Cooper came up with the initial idea and a prototype called Tripod and showed it to Bill Gates. After Microsoft funded the project, Alan hired me, and Gary Kratkin, Frank Raab, and Mark Merker to build out the actual Ruby product. And then a team at Microsoft melded it with Basic to become Visual Basic.
I am really grateful that you and so many people put our work to good use!
> I often harp on how much I wish someone would build a simple GUI for the modern desktop or web environment, instead of spending ages fighting css and javascript for even the most basic layouts.
I read comments like this nearly every day, and they make me so excited to announce my project soon! But I don't want to botch the release, so I'm trying to finish it properly and not rush or announce it too soon.
I really like this idea. I've wanted to build something to bring startup/remote work people in my area together for a while. I bought a few domains but couldn't figure out the hook. Smart idea to build it as part of the HN userbase, since that is the userbase you want for something like this!
Timing was definitely smart on the part of the attacker, heading into Thanksgiving in the US means a lot of people in vacation mode, probably not even realizing this is happening right now.
This should really be front page here