At least Mastodon is properly federated. The benefits of decentralization sort of make this a waste of money/resources, right?
I remember when this was happening to Lemmy all the time too.
Given that bluesky was hit a few days ago, could be a threat actor gauging the defenses/responses of 2nd tier targets. I wouldn’t put it past musk to use ddos to generate bad press for non-x socials either.
Plenty of ways this could be worth someone’s resources even if complete take down isn’t on the table.
This actually ended up not being an external DDOS. They shipped some code that ended up hammering their servers.
Depends on what your goal is. .social has half a million active users every month, so it certainly had some impact
What fraction of the total users is that?
About 30% looks like.
How long will it take for them to learn the fediverse is resilient?
Depends on their goal. They still inconvenienced a significant amount of people on Mastodon, especially since the flagship instance has a lot of users. Of course if this causes users to spread out to other instances, then I guess that’s a net good thing and can be attributed to fediverse resiliency.
For all we know, they achieved their goal, irrespective of .social’s uptime.
Do ddos open up the server? My naive understanding is it only hinders its reachability?
They can, but usually don’t. I’ve heard of systems being vulnerable to attack when resource usage is completely maximized. They can definitely cover up an intrusion or test a botnet, though, and I suspect this was a botnet test. Mastodon users overwhelmingly strike me as not worth unmasking. (And that’s a good thing)
Who do you mean with them?
The DDoS perpetrators
Well they targeted the biggest instance. Their attack didn’t stop mastodon as a whole, but many users were impacted
Maybe it was about silencing s/o on this instance for some time. Idk.
Sure but it is ultimately futile because Mastodon, using the ActivityPub protocol, aka The Fediverse, can’t be completely shut down. Somebody ddos’s one instance, well there are other instances you can join to easily defeat the ddos.
You make a good point, however a counterpoint: Instance information is not hidden. It would be relatively trivial for a bad actor with resources to DDOS one instance to add other instances.
We need more DDOS attacks on Xitter. Wouldn’t it be great if Xitter became so unstable people willingly left?
