9
votes
How would Tildes mitigate a DDOS attack?
While reading up on what it takes to run this site, it just occurred to me that the site is hosted on one server with one network connection. Adding a CDN or cloud based DDOS protection would run contrary to the "no third party" thing we've got going on here, so that doesn't seem like an option.
So I got to wondering, what would happen if a malicious actor were to sic a botnet on us? I imagine the outcome would not be good. Do we have any strategies to deal with this?
The server is rented through OVH, who are pretty serious about their DDoS tech: https://www.ovh.com/world/news/articles/a2536.anti-ddos-protection-why-ovh-must-keep-investing
I'm a big fan of OVH, myself. They're a good middle ground between a VPS on Vultr/DO/Linode and going full cloud with AWS/Azure/Google.
Ah good 'ol OVH. I wouldn't be playing World of Warcraft on private servers if it weren't for these guys. Impeccable choice in service provider, their DDOS protection has allowed me to waste many sleepless nights.
At this point what would be the point?
At the point where it would be worth it to DDOS tildes it will probably be on multiple servers or it will just go down. For a site like this a little down time will not kill it.
In the words of Nelson Muntz: "I dunno, gotta nuke something."
I'm not sure why someone would do this. "teh lulz"? Spite maybe? Perhaps we ban someone who's a l33t script kiddie that buys a botnet with his mom's credit card. It's not outside the realm of possibility for this to happen. It's worth talking about contingency plans, mitigation techniques etc in case it does happen.
Most 'reddit alternatives' come under serious DDoS activity within six months of becoming well-known. Voat's been dealing with it since they were still Whoaverse. I doubt Tildes is going to be an exception to this, but given the tech of the hosting provider, they have the bandwidth and systems necessary to eat up just about any attack. We shouldn't have to worry about it - and the impossibly small page sizes and single site origin on Tildes are a boon here too, making them much harder to disrupt than a page-turned-operating-system like reddit or facebook.
If Tildes is hit by a DDoS honestly I doubt we'd even notice it until the email shows up in Deimos' inbox.
I figured it would eventually become something we will have to deal with. I'm glad to hear Deimos say we're on a colo with such good infrastructure. Reading the link he posted is pretty reassuring, and it doesn't seem like this will be a concern.
Looks like its option C and its hosted by a company with DDOS protection already.
Let's find out! /s