That Chip Guy
Eugen Rochkomastodon.social, mastodon.online and joinmastodon.org were hit by a DDoS yesterday, thankfully joinmastodon.org was already behind Fastly so it didn't have any impact on it. We've now moved mastodon.online behind Fastly and will do the same with mastodon.social soon.
Amazingca@Gargron Sounds good!
David Pollak@Gargron thank you for all you’re doing 🙏🏽
Trolli Schmittlauch 🦥@Gargron Re-centralisation ;)
Okay, half of the Mastodon instances are running at Hetzner, we're already at clustered infrastructure anyways.
Miles Offit... 🇨🇦🇪🇺🇺🇦@Gargron Thank you very much!
฿@🅂εD͓̽
@Gargron Make sure you prevent spoofing…
Drop any incoming Fastly-Client-IP stuff coming in to fastly from external as per this page: https://developer.fastly.com/reference/http/http-headers/Fastly-Client-IP/
Drop any incoming X-Forwarded-For stuff coming in to fastly from external as per this page: https://developer.fastly.com/reference/http/http-headers/X-Forwarded-For/
Mr. Funk E. Dude 🍑💨@Gargron is there an expected downtime when switching to Fastly??
Josh@Mrfunkedude @Gargron no, these attacks usually come at unpredictable times
@Mrfunkedude @Gargron it was clear, I was just cracking wise
Renaud Chaput@Mrfunkedude @Gargron there should be no downtime if we do it properly, which is the plan 😉 There was no downtime when I moved mastodon.online earlier today.
Kai Rüsberg 
Innocent
Malintent@Gargron Thank you for your continued hard work!!
DawnTreader@Gargron it was only a matter of time or? Assume the worst, and proactively prepare ahead...
Stargeezer Smith@Gargron
Attacking open source is definitely attacking a moving target.
Attacking open source is definitely attacking a moving target.
Marcus Adams@Gargron Were there any demands made? Any logical reason for it? Or just a bunch of script kiddies screwing around for the heck of it? Did Elon discover LOIC/HOIC? 😛
Olav
Karl-Heinz Zimmer@Gargron
Thank you so much for the good work, Eugen. 👍
Thank you so much for the good work, Eugen. 👍
tomasz🚀
Wenyan@Gargron Are there some forces want mastodon to be silent?
Karl Habermas
Joel Pomales@Gargron glad it went away.
Yahia Lababidi@Gargron Thanks, for update. Is Mindly safe(r), now ?
@@Gargron congrats! You've made it big enough to be seen as a threat online!
Evan Wang 王艾文@Gargron props to the Fastly sales team?
hannah aubry@evanwang0 @Gargron Oh, it’s not a sales team. it’s just me! I work exclusively on helping the open source community
kkeller@Gargron are you allowed to discuss the nature of the attack (e.g., the client IPs, whether a person or group is suspected, other possibly relevant info)?
Joe ❌👑@kkeller @Gargron Often these attacks come from bot farms. There will be some crappy internet-of-things device with a security hole, thousands of them on the net, and someone will take them over, turn them into bots, and have them all spew at the target. Google "Marai botnet" (though I don't know if that's what happened this time).
Kohan Ikin@kkeller @Gargron I'd also be interested to hear details. Ars Technica has a story about a Germany-wide DDoS by Russia, in retaliation for sending tanks to Ukraine. So it's unclear to me if Mastodon was targeted, or caught in a wider DDoS of Germany: https://arstechnica.com/information-technology/2023/01/germanyrip-kremlin-loyal-hacktivists-wage-ddoses-to-retaliate-for-tank-aid/
Variety
Marten TjadenThank you so much Team @Gargron. 😍
CTrevethan🐡🥣@Gargron thank you for all your work
UnscriptedPoet @Gargron Thanks for all that you keep on doing
Darwin Woodka@Gargron thank you!
luckysitsinbacklove you smarties.
smart for us who ain't.
REAL GJ Zig 🏳️🌈🇺🇸@Gargron what about mastodon.world?
星辰宇宙中的sine(已获得计算机硕士学位版)@Gargron 我说我怎么昨天上午什么东西发不出来,还以为周柏豪定律呢,结果我这个站点被DOS攻击了。
schokomint
Scott Ellison II@Gargron Let me know if you have any issues or want help with that migration.
Salamander 
@Gargron Great work! 🙌
Leon Cowle@Gargron @stroughtonsmith As the Fastly SME at my company, I’m excited to see how Fastly is partnering with Mastodon! (More than just what’s mentioned below).
Christian P. MOMON@Gargron So you allow Fastly to collect metadata from all your users and submit it to trading, to the Patriot Act, to the Cloud Act, to the NSA…
This is a nightmare 😱
And it is NOT it compliant with GDPR. Please stop this and keep fighting for freedom.
This is a nightmare 😱
And it is NOT it compliant with GDPR. Please stop this and keep fighting for freedom.
M. Verdone
Fastly eases GDPR compliance for our customers
Under the General Data Protection Regulation (“GDPR”), European nationals have individual rights regarding their personal data that must be respected by companies controlling or processing that data. As part of Fastly’s obligations to provide our edge cloud services in compliance with all applicable laws, and our customer’s obligations not to use our edge cloud services in violation of those same laws, we want to outline the steps we have taken to comply with the GDPR, and in particular the steps we have taken to ease the GDPR compliance burden for our customers.
Albrecht@Gargron Please fix IPv6 connectivity. 😢
Jef Poskanzer
SF Bay Tide
¡Emancipemos a… se cambió!@Gargron Excuse me, What is a DDoS?
Gustavo.
Drooling Fan Girl@SofiaK “A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.”
https://www.cloudflare.com/learning/ddos/what-is-a-ddos-attack/
@drooling_fan_girl Thankyou. The link is very well explained I will read it.
@SofiaK yw. Initialism can often be hard to find info about. I’ll look something up only to find it has potentially 20 different possible meanings, lol.
Karen E. Lund 💙💛@Gargron I had a little trouble earlier, so I guess this explains it. The price of success for Mastodon, I suppose.
Thanks for taking steps to prevent future attacks.
RealSolo@Gargron I see those Musk fanboys are at it again.