Silk Road forums
Discussion => Silk Road discussion => Topic started by: vmsf24 on November 15, 2012, 04:03 pm
-
judging by SR server's steady response (or usually lack of), I think it seems most likely that the server is under attack.
now who would have the motivation to keep up attacks like this- kids? authorities? don't think so.
I believe this must be competitors, prolly BMR. They are clearly making lots of money on this and the only ones with sufficient motivation and reasons.
I suggest that while we wait for some fix we should give them a run for their money and retaliate, and keep other copycat markets down until and after SR is back, plus some. I dont like to see possible enemies succeeding with what they are doing while also degrading and decreasing SR userbase.
who knows how long we have this forum before the same happens here.
hm??
Shouldnt go into any specifics and I understand this should be condemned by SR staff, but surely they cant stop anonymous users doing stupid things on their own. Altho the nature of such attack and this system make it impossible to say for sure, I think it seems too likely to be competitor to not do anything. It should be good for SR overall anyway and thats all I care for, screw those rippers.
I'd start some response on my own but its a good bit of job and would like others input first and possibly help to ease the job.
-
Thanks to the beauty of Tor's anonymity giving us protection, we'll likely never know!
Could be a competitor, could be LE, no way to tell really unless someone chooses to demonstrate the capability to turn the attack on/off at will, if it is an attack (which I believe it is).
-
If it is an attack, I believe LE to be the likely source. They may not be able to locate the servers, but I believe they do have the resources to develop some sort of attack to keep SR from being used.
-
First off, the LEA are not at all above DDoS attacks, in fact I would look to them first. They aren't usually public about it either. I even saw a news article a few months back saying that the LEA is closing in on SR. They have done it to other Tor services, not traditional DDoS but through other ways. Its very difficult to DDoS through Tor in the traditional way.
BMR is also a possibility, but I wouldn't go over to attack them just yet. In fact, I would recommend people start migrating. We give SR too much power, if only some good vendors would make the move. At least sell on both.
-
Personally, I don't think BMR are in any way trying to sabotage SR. If that was the case then they would have done it quite a while ago undercover (namely when gawker published their infamous article).
Why would they strike now?
Dank
-
C'mon people. Of COURSE Silkroad is under a MASSIVE DDOS attack right now. I can tell you exactly who's doing it too. It's the USERS OF SILKROAD! Everybody is trying to log in all at once. The more you keep hitting try again, the more you're part of the problem. Let's be smart about this.
Window shoppers (like me): DON'T EVEN TRY TO LOGIN. AT ALL. I'm not. Don't you do it either. Give it until the site has been up reliably for a week or more.
Buyers looking to place orders: DON'T EVEN TRY TO LOGIN. AT ALL. What good will it do you if you manage to get in, place an order, send your bitcoins, and then have the site go down again indefinitely. You'll just be out the bitcoins, since the vendor can't log in and check your order. Give it until the site has been up reliably for a few days or even a week.
Vendors who don't have pending orders: DON'T EVEN TRY TO LOGIN. AT ALL. You're not helping the situation. Give it until the site has been up reliably for a few days so you can check for new orders, which really shouldn't be happening if the buyers are courteous and waiting for the site to come back up.
Vendors who have pending orders: DON'T EVEN TRY TO LOGIN. AT ALL. You are part of the DDOS too. Wait until the announcement (which hopefully goes to the vendor area first) that the site is up, then commence your part of the renewed DDOS that will happen every time that announcement goes out. When it does, get on there, handle your current business, and get out to save on traffic.
If everyone would stop DDOSing the site by trying to log in all at once, there is a better chance of it getting up and running again. If the site was nearly overloaded before, what do you think happens when it gets 5 times it's usual traffic with all these jerks leaving a window up and hitting try again every 5 minutes. I have seen the enemy, and it is us.
-
C'mon people. Of COURSE Silkroad is under a MASSIVE DDOS attack right now. I can tell you exactly who's doing it too. It's the USERS OF SILKROAD! Everybody is trying to log in all at once. The more you keep hitting try again, the more you're part of the problem. Let's be smart about this.
Window shoppers (like me): DON'T EVEN TRY TO LOGIN. AT ALL. I'm not. Don't you do it either. Give it until the site has been up reliably for a week or more.
Buyers looking to place orders: DON'T EVEN TRY TO LOGIN. AT ALL. What good will it do you if you manage to get in, place an order, send your bitcoins, and then have the site go down again indefinitely. You'll just be out the bitcoins, since the vendor can't log in and check your order. Give it until the site has been up reliably for a few days or even a week.
Vendors who don't have pending orders: DON'T EVEN TRY TO LOGIN. AT ALL. You're not helping the situation. Give it until the site has been up reliably for a few days so you can check for new orders, which really shouldn't be happening if the buyers are courteous and waiting for the site to come back up.
Vendors who have pending orders: DON'T EVEN TRY TO LOGIN. AT ALL. You are part of the DDOS too. Wait until the announcement (which hopefully goes to the vendor area first) that the site is up, then commence your part of the renewed DDOS that will happen every time that announcement goes out. When it does, get on there, handle your current business, and get out to save on traffic.
If everyone would stop DDOSing the site by trying to log in all at once, there is a better chance of it getting up and running again. If the site was nearly overloaded before, what do you think happens when it gets 5 times it's usual traffic with all these jerks leaving a window up and hitting try again every 5 minutes. I have seen the enemy, and it is us.
Well said. +1 for the Pogo reference.
Nightcrawler
-
Hi,
a DDOS is not possible over Tor because of the TCP characteristics of the Tor Network.
What is possible is various DOS like "slowloris" attacks and in this case try to refresh the page is not changing a thing to the DOS, the only thing that people refreshing the front page are doing is losing their time but they are not influencing the DOS.
I think a simple overload is to exclude now, some people would have accessed to SR at this time and nobody can at all...
-
A DDOS attack involves sending a server a bunch of a request - so many that it cannot respond to them all and no legit traffic can get through. It doesn't matter if it is an automated attack, or if it is a bunch of people hitting the "try again" button. In fact, the latter is probably the way that would work best for a DDOS over TOR, and it is exactly what's happening. People need to get the clue to STOP TRYING TO LOG IN. WAIT until they get the all clear. I wish you had not replied - with Nightcrawler as the last to respond more people would read this topic and get the message. If everybody that doesn't have a pending order would just CHILL THE FUCK OUT and LEAVE IT ALONE until things are running smoothly, that'd be great!
-
Mr Cronk is on BMR and I dont reckon its them neither. We just need DPR to update and stop speculating.
Mr Cronk has put me on to a few good things
2s5tloxulkn2hwe3.onion
-
judging by SR server's steady response (or usually lack of), I think it seems most likely that the server is under attack.
now who would have the motivation to keep up attacks like this- kids? authorities? don't think so.
I believe this must be competitors, prolly BMR. They are clearly making lots of money on this and the only ones with sufficient motivation and reasons.
I suggest that while we wait for some fix we should give them a run for their money and retaliate, and keep other copycat markets down until and after SR is back, plus some. I dont like to see possible enemies succeeding with what they are doing while also degrading and decreasing SR userbase.
who knows how long we have this forum before the same happens here.
hm??
Shouldnt go into any specifics and I understand this should be condemned by SR staff, but surely they cant stop anonymous users doing stupid things on their own. Altho the nature of such attack and this system make it impossible to say for sure, I think it seems too likely to be competitor to not do anything. It should be good for SR overall anyway and thats all I care for, screw those rippers.
I'd start some response on my own but its a good bit of job and would like others input first and possibly help to ease the job.
I don't think blaming BMR is wise, nor is encouraging an attack on them. It's all pure speculation. It could just as easily be an internal dispute within SR - a power struggle within, and someone with all the access messing things up. No point in blaming anyone. I don't even buy that hackers would attack it. My understanding is hackers like a bit of anarchy and SR is a considered a very good thing by the vast majority.