this post was submitted on 02 Mar 2024
200 points (93.9% liked)

Technology

59166 readers
2327 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 35 points 8 months ago (3 children)

“Since the user opened a ticket with us this past Sunday, we’ve been actively researching this situation. Initially, we thought it might have resulted from a DDoS attack, which we stated in our first response. After some investigating, it looks as though the spike in traffic was not caused by a DDoS after all,” Dorian Kendal, CMO at Netlify, told Cybernews.

Instead, now they believe that this was a sustained download event of an mp3 file over a stretch of multiple days.

“We’re working directly with the user to better understand what’s happening on their end, so we can uncover what caused the dramatic increase in downloads,” Kendal said.

I'm confused, what is this supposed to mean? Some sort of non-distributed DOS attack? How would working with the customer help there? If they're susceptible to a denial of service, isn't that entirely an internal problem?

[–] iopq 14 points 8 months ago (1 children)
[–] [email protected] 5 points 8 months ago

Fair point. DOS is perhaps the wrong word for it. But from that quote, it sounds like it's a similar behaviour to DOS tactics which involve finding ways to transform a relatively simple request into a large amount of work (or in this case, network traffic) for the server.

[–] echo64 10 points 8 months ago (1 children)

They are saying that it wasn't a ddos at all but organic use. The user was notified but did nothing. So they think their notifying stuff isn't good enough.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago) (3 children)

Sorry, but what exactly is a "sustained download event" supposed to be? It sounds like they're describing some sort of DOS-like attack that isn't a DDOS, where a user manages to force the server to serve up way more data over a sustained period of time than would be reasonable for downloading a single MP3 for normal use.

But maybe that's not what they mean. It's very unclear.

[–] Passerby6497 9 points 8 months ago (1 children)

Sorry, but what exactly is a "sustained download event" supposed to be?

I'm pretty sure they're describing something akin to what many small site owners have referred to as 'the hug of death'. If you're a small site that blows up on the front page of lemmy (or an actually large community site), you're going to experience sustained traffic that your site isn't capable of handling (be that at the computer resource or financial level in this case).

Normally the hug of death' just takes you offline when your provider can't handle the load or you blow past your providers thresholds. In this case, that threshold didn't appear to exist and it just kept adding to the bill.

[–] [email protected] 5 points 8 months ago

Oh right. So they just mean the Slashdot Effect? A large and unexpected amount of organic traffic?

I think that "sustained download event" is a weird way of phrasing that, but thanks for the explanation.

[–] echo64 3 points 8 months ago

They mean a lot of downloads were happening for a period of time.

[–] [email protected] 2 points 8 months ago

Basically, it was a giant uptick in use that was likely made by human beings instead of a DDoS botnet, and they're still investigating where it came from

[–] [email protected] 9 points 8 months ago (1 children)

I am too. Is the agreement to charge per mb downloaded? Do they not have some sort of "turn it off if I hit this max?* feature?

I usually avoid hosting solutions like this just because of this shit. I wanna know how much I'll owe before the month starts even. Anything else feels like gambling.

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

Of course they do but they can make 104k if they don't turn it on.

There are plenty of bandwidth restricted hosting sites out there. Sounds like that is what you want. Maximum speed regardless if that's used 24/7 or not. If more users request your site than that bandwidth allows - oh well.