Someone has been attempting to DDoS us for weeks and we do nothing
Scale of the “DDoS” and Whether It’s Notable
- Many argue the described traffic (≈1B requests/month, ~4–8 TB/month) is small: averages a few hundred RPS, possibly only 1–3 RPS for the targeted file.
- Some say this is barely above what a runaway script or a few
wgetloops can generate, not a serious DDoS. - Others note that DDoS impact depends on the target: many small WordPress/Drupal sites fall over at just a few RPS, especially without caching.
- Disagreement over burstiness: if traffic is spiky rather than uniform, peak RPS could be much higher, but the article doesn’t show that detail.
Role of Cloudflare and Caching
- Several point out that Cloudflare is doing almost all the real work; “we do nothing” is seen as misleading since using Cloudflare is itself a mitigation strategy.
- The 200 MB installer appears to be fully cached at the edge (cache hits, long max-age), meaning almost no origin load.
- Some argue moving the large file to a separate subdomain or provider would better isolate attacks; others note Cloudflare cache rules (e.g., ignoring query strings) already handle most issues.
- Cloudflare’s free or cheap egress is contrasted with expensive bandwidth on providers like AWS, framing this as a “billing-attack-resistant” design.
Monolith, Single Binary, and Alternatives
- Many like the simplicity: a Go monolith compiled to a single binary, deployed to a VPS with systemd, no Docker/Kubernetes.
- Skeptics say this is trivial for a static marketing site; database, logging, and more complex services are barely involved.
- Others note similar deployment simplicity is possible in Node (single-executable apps), Python (Nuitka, PEX/Shiv), C#, Java fat JARs, or AppImage.
Containers, Security, and Architecture
- Debate over whether containers improve security:
- One side: containers standardize hardening, add isolation, and help keep configs identical across nodes.
- Other side: they increase attack surface; a minimal, well-hardened VPS with only HTTP/HTTPS/SSH can be simpler and safer.
- Some prefer microservices for complex domains and clearer boundaries; others argue monoliths with modules are faster and less operationally complex.
Tone, Risk, and Practical Takeaways
- Multiple commenters view the post as self-congratulatory marketing about a minor event.
- Some worry that public boasting could provoke more capable attackers.
- Still, several readers find the core takeaway useful: for many small services, a simple monolith + CDN can cheaply absorb modest abusive traffic, especially if endpoints are efficient and static assets are cached.