testing my webserver for DDOS attacks..

submitted by chickenz from self.programming

note: my server will ONLY process dot onion pages for the TOR network.

it is my understanding that everyone seems to like using services such as cloudflare, etc, to avoid DDOS attacks...

it is my understanding that a DDOS attack is a bombing of my site with a massive number of requests?

i figure that i would like to write into my webserver code the ability to filter out such requests.

i would probably open up fifty tabs on my tor browser that just repeatedly call my server..

any suggestions?

all 5 comments
sorted by:
top
newinsightfulfun

[–][deleted]  (3 children)

[deleted]

    [–]chickenz[S] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (2 children)

    hacking isnt my strong point.. it isnt my interest.. but i would like to be prepared if someone should try to bombard my dot onion page with a million requests... the only thing that i can imagine that they can do is to send a million http requests to it.. or to send incomplete requests.. or to send too much of a request... of course, i am not prepared for any of that bullshit..

    but, my site is sorta special purpose and only proviides a limited functionality.. it displays the stats for my trading account..

    there isnt even a login function.. and if someone should try some bullshit, i can just change my dot onion address and keep on keeping on.

    my trading bot might finally be finished now.

    i can only be optimistic.

    thanks for the links.

    [–][deleted]  (1 child)

    [deleted]

      [–]chickenz[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

      i havent finished reading all of that, but give me a few hundred years and i can probably digest about ten percent of that..

      just fyi, one of the reasons that i am attracted to the tor network and the hosting of dot onion sites is that it seems that by using the clearnet(dot com, dot net, etc) there always seems to be someone in the mix that can cancel me or my site, but this doesnt seem to be the case with a dot onion page.

      as things look so far with the tor network, my dot onion hosting doesnt even seem to care about ip addresses, either ipv6 or otherwise.

      the thing that pisses me off about the dot onion/tor thingy is that it seems to go on the blink sometimes and it gets confused and stops serving pages.. and i am pretty sure that it isnt my webserver, because it just stops "accept'ing" new incoming connections.

      and just end up getting owned or using some sketchy half assed security product.

      omg, that is the truth.. the reality is that i am just another self taught hobbyist C coder that has had a few paid gigs along the way.

      topic change: this is me pranking a telemarketer that kept calling me about my medicare, lol..

      https://files.catbox.moe/tai52a.MP3

      [–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (2 children)

      If you're going to use your webserver in actual production, and you're worried about attacks, you probably shouldn't be using C. Not because of the typical lame excuses people use these days like "it takes an extra 5 seconds compared to higher level languages!" It's because the lack of safety is a huge security risk. Companies using C servers always get hacked, and sometimes the attacker can even do arbitrary code execution. This is because the smallest oversight will cause "undefined behavior". This is usually no big deal in a client program, because it merely causes bugs. But hackers abusing it intentionally can do some serious damage.

      It's probably not a bad idea to write some of the server-side programs in C or some other language depending on what you're trying to do. But definitely not for the API or anything interacting with the user.

      [–]chickenz[S] 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (1 child)

      C processes characters very well.. the problems that come up in c is usually some kind of buffer overflow issue..

      ..and, this server has one purpose and one purpose alone.. to display a snapshot of my trading server and to refresh every ten seconds.

      i dont personally give a fk what you think about C, cuz i have been spinning C code since 1991.. omg.. i had a job writing C programs when i was in jail in 1993.. i wrote programs by hand for a client BY HAND on paper and mailed them to my client.. they were perfect every time.

      http://ecoq5i5xokjqe4ckfofvw3n72zqz224uktpbtjyptuvydfr6wckeanyd.onion

      [–]Vulptex 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

      Is it just me or have 95% of saidit users been in jail at some point?