| ▲ | dylan604 4 hours ago |
| I'm not defending Cloudflare, but what is a better solution? If small websites can just be DDOS'd out of existence because some group thinks it'll be funny, what protections do they have? It takes too much equipment and know-how to stop an attack for people to be able to survive online. The next thing you'll hear about is a monthly service fee to the hackers as a protection racket just like the mob. |
|
| ▲ | somenameforme 3 hours ago | parent | next [-] |
| The site's also blocked for me, also on a normal residential IP. Making your site inaccessible for people out of fear that somebody might make it inaccessible for people feels reminiscent of blockading the strait because you don't want the strait blockaded. |
| |
| ▲ | Alive-in-2025 2 hours ago | parent | next [-] | | occasionally a major site that I subscribe to blocks me with cloud flare. It was either nyt or a similar news site I subscribe to. I couldn't even get to any 'give me feedback' page because cloudflare was blocking. When cloudflare decides to block you, it should give you a contact page for that website so you can send them an email or tell them. I work around this by using my phone connection with phone chrome. | |
| ▲ | dantillberg 3 hours ago | parent | prev | next [-] | | > feels reminiscent of blockading the strait because you don't want the strait blockaded I think this is a poor analogy, unnecessarily politicizing the topic. It might be a good analogy the other way around, if hackers DDOSed the website as revenge for partial IP-based blocking, in order to apply pressure to the website operator to remove IP-based blocking. But that wasn't the topic. | | |
| ▲ | pocksuppet 2 minutes ago | parent [-] | | It's accurate. The USA is doing "Iran can't blockade the strait if I blockade the strait!" and Cloudflare is doing "Hackers can't take your site offline if I take your site offline!" |
| |
| ▲ | expedition32 3 hours ago | parent | prev [-] | | The internet is killing itself. And no I do not blame small website owners they just have to live with this mess same as everyone else. |
|
|
| ▲ | Dylan16807 3 hours ago | parent | prev | next [-] |
| The better solution to blocking entire continents is probably doing nothing. For DDoS resistance... Well I can imagine a world where a tech in the same area as IPFS or freenet gives backup access to websites that are overloaded. |
| |
| ▲ | sethops1 2 hours ago | parent | next [-] | | > tech in the same area as IPFS or freenet Are we getting that before or after personal jet packs, flying cars, and my tacos delivered via tacocopters? I'll protect my sites with Cloudflare until then, thanks. | |
| ▲ | warkdarrior 2 hours ago | parent | prev | next [-] | | > For DDoS resistance... Well I can imagine a world where a tech in the same area as IPFS or freenet gives backup access to websites that are overloaded. As a small website owner, I can use Cloudflare or I can wait for this imagined tech. | | |
| ▲ | lstodd 44 minutes ago | parent [-] | | You can use CF and lose relevance. Or even go beyond that and outright geoip-block . Ofc it's your choice. For some reason there are many small sites I have no problem visiting and then there are those CF users which may or may not work at any given moment, forcing me to ignore them. Well, good luck. You are cutting yourself from the internet, not cutting me off. |
| |
| ▲ | exe34 2 hours ago | parent | prev [-] | | Would IPFS need to be a part of the browser? Or is there an easy to use browser out there that runs on IPFS? If you need the average user to go find proxys, it won't work. |
|
|
| ▲ | sandeepkd an hour ago | parent | prev | next [-] |
| Makes me wonder if the company protecting against the DDOS would have motivation to encourage or facilitate the DDOS efforts too, makes them the protection racket itself. If DDOS is really the problem we want to solve then it would be awesome if one can do it without looking into the packet. SSL terminating at some centralized third party provider is way too much power. |
|
| ▲ | bshaughn 2 hours ago | parent | prev | next [-] |
| Websites should have a lean markdown or .txt page for each human friendly webpage. A lot of the surge in bots is because of LLMs. Its insane that a technical documentation web page can use 200MB + of memory, when the core information I care about is << 1 MB of text. at the path of least resistance for many people is to have claude code hit 20 of such pages. This is something that would be perfect for cloudflare to host and sell as a service - static web pages via their CDN network. I do not work in web development, so im sure there are plenty of details im ignorant of, but the TLDR of "how to fight accidental DDOS because of AI tooling " is make it easier for them to get the content they want. |
|
| ▲ | deely3 4 hours ago | parent | prev | next [-] |
| And don't forget about kids safety! |
|
| ▲ | sph 3 hours ago | parent | prev | next [-] |
| How many small websites served by Cloudflare risk being DDOS'd? How many small website owners would incur serious loss of livelihood if they are DDOS'd for a few days?
Is DDOS risk so important that the web needs a protection racket? > If small websites can just be DDOS'd out of existence DDOS doesn't destroy websites. It just makes them unreachable until the disgruntled person decides it's been running long enough. Please stop exaggerating a very real problem only a few entities on the web have; what you are perpetuating is FUD, which enables companies like Cloudflare to kill the web. > The next thing you'll hear about is a monthly service fee to the hackers as a protection racket How do you not even see the irony of this? |
| |
| ▲ | ivanmontillam 2 hours ago | parent | next [-] | | > DDOS doesn't destroy websites. It just makes them unreachable until the disgruntled person decides it's been running long enough. You can be absolutely destroyed if your hosting provider later hits you as a Website Owner with an excess traffic bill. | | |
| ▲ | lstodd 40 minutes ago | parent [-] | | While it is entirely possible to enter such a contract with a provider, it is your fault in the end. Don't maybe enter them? |
| |
| ▲ | dylan604 2 hours ago | parent | prev [-] | | > Please stop exaggerating a very real problem only a few entities on the web have; what you are perpetuating is FUD, which enables companies like Cloudflare to kill the web. I'm not exaggerating, I'm just playing what if. That's a game where you think of random things that could go wrong, and then deciding if it is worth the expense. Just because maybe you can't think of things of varying plausibility does not make me exaggerating. We already see ransomware working from the hacker's perspective. There's no reason to think that greed will not come into play. If I can think of it, there's no reason to think that hackers are not also considering various ways to expand on ransomware as a service >> The next thing you'll hear about is a monthly service fee to the hackers as a protection racket > How do you not even see the irony of this? How do you not? If every hacking group can come along and extort any site they choose to pay them a protection fee, there's no way websites will accept any of this. Compare that to paying a single legit service protecting against all of those hacking groups. Can't imagine why people would be willing to do that. | | |
| ▲ | therein 2 hours ago | parent [-] | | This is the same mindset that wants to make it illegal to sell kitchen knives with sharp tips. | | |
| ▲ | dylan604 2 hours ago | parent [-] | | How do you come to that conclusion? It's so far off of what I said that you've got some splainin' to do |
|
|
|
|
| ▲ | PunchyHamster 3 hours ago | parent | prev [-] |
| nah they will be selling their service to both hackers and their targets |
