A server sitting there saying "Hi I serve https://x.com and https://twitter.com" is a KIND OF OBVIOUS TARGET and the whole point of using Cloudflare is you don't have any servers doing that because what are you, stupid or something, or what
Comments
Log in with your Bluesky account to leave a comment
But how do you find that server? Well, the easiest way is to just visit https://shodan.io and search for https://ssl.cert.subject.cn:twitter.com and then just DoS whatever network range has the largest number of them because that's probably their data centre this genuinely isn't magic
But now you have the target, how do you do the DDoS? Uh well that's actually as simple as having a credit card, there's plenty of botnets for hire and if you can't find one just ask the nearest teenager who games too much because they probably know
In summary: trivial fuckup by Twitter, bad outcomes, total cost entirely plausibly under $50 and achievable by a bored schoolkid. Could it be a state actor? Sure why not, if you come home and find your house TPed then it could have been Ukraine, I guess, but it's not the likely cause
How do you protect yourself against that? Is it sufficient to configure your firewall to limit ingress IP addresses to the cloudflare range (+ your internal/VPN)?
I mean I literally still use a free tier version of Cloudflare I never bothered to move away from when they were getting "cancelled" over Kiwifarms and that laziness means I have better security than Xitter right now.
Sometimes 'not breaking shit' is in fact good enough.
Comments
Sometimes 'not breaking shit' is in fact good enough.
Looking at any web server's logs gives an impression of how often they're all being scanned through.