Someone has been attempting to DDoS us for weeks and we do nothing

Scale of the “DDoS” and Whether It’s Notable

  • Many argue the described traffic (≈1B requests/month, ~4–8 TB/month) is small: averages a few hundred RPS, possibly only 1–3 RPS for the targeted file.
  • Some say this is barely above what a runaway script or a few wget loops can generate, not a serious DDoS.
  • Others note that DDoS impact depends on the target: many small WordPress/Drupal sites fall over at just a few RPS, especially without caching.
  • Disagreement over burstiness: if traffic is spiky rather than uniform, peak RPS could be much higher, but the article doesn’t show that detail.

Role of Cloudflare and Caching

  • Several point out that Cloudflare is doing almost all the real work; “we do nothing” is seen as misleading since using Cloudflare is itself a mitigation strategy.
  • The 200 MB installer appears to be fully cached at the edge (cache hits, long max-age), meaning almost no origin load.
  • Some argue moving the large file to a separate subdomain or provider would better isolate attacks; others note Cloudflare cache rules (e.g., ignoring query strings) already handle most issues.
  • Cloudflare’s free or cheap egress is contrasted with expensive bandwidth on providers like AWS, framing this as a “billing-attack-resistant” design.

Monolith, Single Binary, and Alternatives

  • Many like the simplicity: a Go monolith compiled to a single binary, deployed to a VPS with systemd, no Docker/Kubernetes.
  • Skeptics say this is trivial for a static marketing site; database, logging, and more complex services are barely involved.
  • Others note similar deployment simplicity is possible in Node (single-executable apps), Python (Nuitka, PEX/Shiv), C#, Java fat JARs, or AppImage.

Containers, Security, and Architecture

  • Debate over whether containers improve security:
    • One side: containers standardize hardening, add isolation, and help keep configs identical across nodes.
    • Other side: they increase attack surface; a minimal, well-hardened VPS with only HTTP/HTTPS/SSH can be simpler and safer.
  • Some prefer microservices for complex domains and clearer boundaries; others argue monoliths with modules are faster and less operationally complex.

Tone, Risk, and Practical Takeaways

  • Multiple commenters view the post as self-congratulatory marketing about a minor event.
  • Some worry that public boasting could provoke more capable attackers.
  • Still, several readers find the core takeaway useful: for many small services, a simple monolith + CDN can cheaply absorb modest abusive traffic, especially if endpoints are efficient and static assets are cached.