Would love to know more about yesterday’s mastodon.social DDoS attack. So many people use that instance, when it’s slow we notice. In this case, it actually revealed a bug in Micro.blog, sending too many requests to Mastodon. Feel bad that it probably wasn’t helping their server.

@renevanbelzen How disappointing. Is there a write-up about the attack somewhere?

@manton Had a link, but it’s suddenly gone. So scrap my comment.

@manton According to the Patreon Discord, there were multiple IPs (mainly from DigitalOcean but some from residential IPs) initially sending bad HTTP Method requests. It stopped for a while (when firewall rules were being put in place) but then resumed looking like standard requests to /explore and / : with 100+ different IPs in a 10k request block. There's now improved rating limiting and filtering in place.

@rbairwell Thanks for the summary!

@manton I was gonna ask if it was Micro.blog's requests that brought it down 🙃

@pratik Luckily it appears not. 🙂 Micro.blog's requests are also mostly authenticated and shouldn't look suspicious.