Web Application Firewall, DDoS, and Downtime
2025/03/04 @ 23:17 by Robert Lerner
On March 2nd, this site received over 440,000 requests from numerous IP addressess from compromised (botnetted) devices. This service has never harvested user information or usage, has never charged a cent to operate, and has never pulled a Wikipedia and begged for money. I fully fund the development, maintenance, improvement and hosting costs myself because I know this is a useful tool.
I use cheaper cloud services to host this, and do not typically experience DDoS attacks (meaning I can just block an IP and move on when I get hit). So the site was down for a bit -- but that went longer, because real life happens and I left the site down while I took care of real life.
Starting yesterday, the 3rd, I've implemented some security measures:
- Blocking of some international characters and character sets -- This means if you send specific characters to the service, it will be discarded
- Blocking of specific user characteristcs -- If your device presents information consistent with current security best practices, it will be discarded
I have also blocked a handful of IP addresses, but not those previously attacking. It is important to me that I keep the site open for people to test scripts and perform smoke tests of their applications. If your use case is impacted by my change, I'd like to get in touch -- I can add exemptions or even remove rules.
For this reason, I've added both this new blog page, as well as the
Contact Us page. I'd also like to hear about new auth technologies you'd like to practice against.